Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report SnapshotLogExtractor.exe

Overview

General Information

Sample Name:SnapshotLogExtractor.exe
Analysis ID:526044
MD5:c6eaf09294a285b6725c282a148866d7
SHA1:3b90aa3e3d489a783315fda8f08b08b406e0e5a7
SHA256:f80afb7154dfba4cca720f09d67c401b75adc28f6df6c4e64bfdb31a59904ffc
Infos:

Most interesting Screenshot:

Detection

Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Sample file is different than original file name gathered from version info
Extensive use of GetProcAddress (often used to hide API calls)
PE file contains strange resources
Drops PE files
Contains functionality to check if a debugger is running (IsDebuggerPresent)
PE file contains sections with non-standard names
Detected potential crypto function
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
Contains functionality to dynamically determine API calls
Found dropped PE file which has not been started or loaded
Contains functionality which may be used to detect a debugger (GetProcessHeap)

Classification

Process Tree

  • System is w10x64
  • SnapshotLogExtractor.exe (PID: 5944 cmdline: "C:\Users\user\Desktop\SnapshotLogExtractor.exe" MD5: C6EAF09294A285B6725C282A148866D7)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

barindex
Multi AV Scanner detection for submitted fileShow sources
Source: SnapshotLogExtractor.exeVirustotal: Detection: 9%Perma Link
Source: SnapshotLogExtractor.exeStatic PE information: TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT, HIGH_ENTROPY_VA
Source: Binary string: D:\a01\_work\6\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: SnapshotLogExtractor.exe, 00000000.00000003.297075880.00000169D44A1000.00000004.00000001.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: C:\A\34\b\bin\amd64\select.pdb source: SnapshotLogExtractor.exe, 00000000.00000003.306593177.00000169D44A1000.00000004.00000001.sdmp, select.pyd.0.dr
Source: Binary string: C:\A\34\b\bin\amd64\_tkinter.pdb source: SnapshotLogExtractor.exe, 00000000.00000003.302337645.00000169D44A1000.00000004.00000001.sdmp
Source: Binary string: C:\A\34\b\bin\amd64\pyexpat.pdb source: SnapshotLogExtractor.exe, 00000000.00000003.304810515.00000169D44A1000.00000004.00000001.sdmp, pyexpat.pyd.0.dr
Source: Binary string: C:\A\34\b\bin\amd64\_bz2.pdb source: SnapshotLogExtractor.exe, 00000000.00000003.297942949.00000169D44A1000.00000004.00000001.sdmp, _bz2.pyd.0.dr
Source: Binary string: C:\A\34\b\bin\amd64\_lzma.pdbMM source: SnapshotLogExtractor.exe, 00000000.00000003.299739793.00000169D44A1000.00000004.00000001.sdmp, _lzma.pyd.0.dr
Source: Binary string: C:\A\34\b\bin\amd64\_ssl.pdb source: SnapshotLogExtractor.exe, 00000000.00000003.301880341.00000169D44A1000.00000004.00000001.sdmp, _ssl.pyd.0.dr
Source: Binary string: C:\A\6\b\libcrypto-1_1.pdb source: libcrypto-1_1.dll.0.dr
Source: Binary string: C:\A\34\b\bin\amd64\_overlapped.pdb source: SnapshotLogExtractor.exe, 00000000.00000003.301025855.00000169D44A5000.00000004.00000001.sdmp, _overlapped.pyd.0.dr
Source: Binary string: C:\A\34\b\bin\amd64\_hashlib.pdb source: SnapshotLogExtractor.exe, 00000000.00000003.299315761.00000169D44A1000.00000004.00000001.sdmp
Source: Binary string: C:\A\34\b\bin\amd64\_multiprocessing.pdb source: SnapshotLogExtractor.exe, 00000000.00000003.300550539.00000169D44A1000.00000004.00000001.sdmp, _multiprocessing.pyd.0.dr
Source: Binary string: C:\A\6\b\libssl-1_1.pdb?? source: SnapshotLogExtractor.exe, 00000000.00000003.304782313.00000169D5D83000.00000004.00000001.sdmp, libssl-1_1.dll.0.dr
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: libcrypto-1_1.dll.0.dr
Source: Binary string: C:\A\6\b\libssl-1_1.pdb source: SnapshotLogExtractor.exe, 00000000.00000003.304782313.00000169D5D83000.00000004.00000001.sdmp, libssl-1_1.dll.0.dr
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1i 8 Dec 2020built on: Tue Jan 5 20:11:40 2021 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: libcrypto-1_1.dll.0.dr
Source: Binary string: C:\A\34\b\bin\amd64\_socket.pdb source: SnapshotLogExtractor.exe, 00000000.00000003.301452666.00000169D44A1000.00000004.00000001.sdmp, _socket.pyd.0.dr
Source: Binary string: C:\A\34\b\bin\amd64\_queue.pdb source: SnapshotLogExtractor.exe, 00000000.00000003.301426063.00000169D44A1000.00000004.00000001.sdmp, _queue.pyd.0.dr
Source: Binary string: C:\A\34\b\bin\amd64\_decimal.pdb## source: SnapshotLogExtractor.exe, 00000000.00000003.298811237.00000169D44A1000.00000004.00000001.sdmp, _decimal.pyd.0.dr
Source: Binary string: C:\A\34\b\bin\amd64\_ctypes.pdb source: SnapshotLogExtractor.exe, 00000000.00000003.298363094.00000169D44A1000.00000004.00000001.sdmp, _ctypes.pyd.0.dr
Source: Binary string: C:\A\34\b\bin\amd64\_lzma.pdb source: SnapshotLogExtractor.exe, 00000000.00000003.299739793.00000169D44A1000.00000004.00000001.sdmp, _lzma.pyd.0.dr
Source: Binary string: C:\A\34\b\bin\amd64\_decimal.pdb source: SnapshotLogExtractor.exe, 00000000.00000003.298811237.00000169D44A1000.00000004.00000001.sdmp, _decimal.pyd.0.dr
Source: Binary string: C:\A\34\b\bin\amd64\unicodedata.pdb source: unicodedata.pyd.0.dr
Source: Binary string: C:\A\34\b\bin\amd64\_asyncio.pdb source: SnapshotLogExtractor.exe, 00000000.00000003.297536782.00000169D44A1000.00000004.00000001.sdmp, _asyncio.pyd.0.dr
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeCode function: 0_2_00007FF7F2E3F788 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF7F2E3F788
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeCode function: 0_2_00007FF7F2E3F788 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF7F2E3F788
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeCode function: 0_2_00007FF7F2E495B0 FindFirstFileExW,0_2_00007FF7F2E495B0
Source: tcl86t.dll.0.drString found in binary or memory: http://aia.startssl.com/certs/ca.crt0
Source: tcl86t.dll.0.drString found in binary or memory: http://aia.startssl.com/certs/sca.code3.crt06
Source: SnapshotLogExtractor.exe, 00000000.00000003.297942949.00000169D44A1000.00000004.00000001.sdmp, libffi-7.dll.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: SnapshotLogExtractor.exe, 00000000.00000003.297942949.00000169D44A1000.00000004.00000001.sdmp, libffi-7.dll.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: SnapshotLogExtractor.exe, 00000000.00000003.297942949.00000169D44A1000.00000004.00000001.sdmp, libssl-1_1.dll.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: tcl86t.dll.0.drString found in binary or memory: http://crl.startssl.com/sca-code3.crl0#
Source: tcl86t.dll.0.drString found in binary or memory: http://crl.startssl.com/sfsca.crl0f
Source: SnapshotLogExtractor.exe, 00000000.00000003.303732574.00000169D44A1000.00000004.00000001.sdmp, libffi-7.dll.0.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: SnapshotLogExtractor.exe, 00000000.00000003.297942949.00000169D44A1000.00000004.00000001.sdmp, libffi-7.dll.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: SnapshotLogExtractor.exe, 00000000.00000003.297942949.00000169D44A1000.00000004.00000001.sdmp, libssl-1_1.dll.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: SnapshotLogExtractor.exe, 00000000.00000003.297942949.00000169D44A1000.00000004.00000001.sdmp, libffi-7.dll.0.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: SnapshotLogExtractor.exe, 00000000.00000003.297942949.00000169D44A1000.00000004.00000001.sdmp, libssl-1_1.dll.0.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: SnapshotLogExtractor.exe, 00000000.00000003.297942949.00000169D44A1000.00000004.00000001.sdmp, libffi-7.dll.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: SnapshotLogExtractor.exe, 00000000.00000003.297942949.00000169D44A1000.00000004.00000001.sdmp, libffi-7.dll.0.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: SnapshotLogExtractor.exe, 00000000.00000003.297942949.00000169D44A1000.00000004.00000001.sdmp, libssl-1_1.dll.0.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: SnapshotLogExtractor.exe, 00000000.00000003.297942949.00000169D44A1000.00000004.00000001.sdmp, libffi-7.dll.0.drString found in binary or memory: http://ocsp.digicert.com0C
Source: SnapshotLogExtractor.exe, 00000000.00000003.297942949.00000169D44A1000.00000004.00000001.sdmp, libffi-7.dll.0.drString found in binary or memory: http://ocsp.digicert.com0N
Source: SnapshotLogExtractor.exe, 00000000.00000003.297942949.00000169D44A1000.00000004.00000001.sdmp, libssl-1_1.dll.0.drString found in binary or memory: http://ocsp.digicert.com0O
Source: tcl86t.dll.0.drString found in binary or memory: http://ocsp.startssl.com00
Source: tcl86t.dll.0.drString found in binary or memory: http://ocsp.startssl.com07
Source: SnapshotLogExtractor.exe, 00000000.00000003.303732574.00000169D44A1000.00000004.00000001.sdmp, libffi-7.dll.0.drString found in binary or memory: http://ocsp.thawte.com0
Source: SnapshotLogExtractor.exe, 00000000.00000003.303732574.00000169D44A1000.00000004.00000001.sdmp, libffi-7.dll.0.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: SnapshotLogExtractor.exe, 00000000.00000003.303732574.00000169D44A1000.00000004.00000001.sdmp, libffi-7.dll.0.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: SnapshotLogExtractor.exe, 00000000.00000003.303732574.00000169D44A1000.00000004.00000001.sdmp, libffi-7.dll.0.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: SnapshotLogExtractor.exe, 00000000.00000003.297942949.00000169D44A1000.00000004.00000001.sdmp, libssl-1_1.dll.0.drString found in binary or memory: http://www.digicert.com/CPS0
Source: SnapshotLogExtractor.exe, 00000000.00000003.309544975.00000169D5EC1000.00000004.00000001.sdmp, base_library.zip.0.drString found in binary or memory: http://www.python.org/dev/peps/pep-0205/
Source: SnapshotLogExtractor.exe, 00000000.00000003.309544975.00000169D5EC1000.00000004.00000001.sdmp, base_library.zip.0.drString found in binary or memory: http://www.python.org/download/releases/2.3/mro/.
Source: tcl86t.dll.0.drString found in binary or memory: http://www.startssl.com/0P
Source: tcl86t.dll.0.drString found in binary or memory: http://www.startssl.com/policy0
Source: SnapshotLogExtractor.exe, 00000000.00000003.297942949.00000169D44A1000.00000004.00000001.sdmp, libffi-7.dll.0.drString found in binary or memory: https://www.digicert.com/CPS0
Source: SnapshotLogExtractor.exe, 00000000.00000003.304782313.00000169D5D83000.00000004.00000001.sdmp, libssl-1_1.dll.0.drString found in binary or memory: https://www.openssl.org/H
Source: SnapshotLogExtractor.exe, 00000000.00000003.297942949.00000169D44A1000.00000004.00000001.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs SnapshotLogExtractor.exe
Source: SnapshotLogExtractor.exe, 00000000.00000003.299739793.00000169D44A1000.00000004.00000001.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs SnapshotLogExtractor.exe
Source: SnapshotLogExtractor.exe, 00000000.00000003.301880341.00000169D44A1000.00000004.00000001.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs SnapshotLogExtractor.exe
Source: SnapshotLogExtractor.exe, 00000000.00000003.297536782.00000169D44A1000.00000004.00000001.sdmpBinary or memory string: OriginalFilename_asyncio.pyd. vs SnapshotLogExtractor.exe
Source: SnapshotLogExtractor.exe, 00000000.00000003.299315761.00000169D44A1000.00000004.00000001.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs SnapshotLogExtractor.exe
Source: SnapshotLogExtractor.exe, 00000000.00000003.300550539.00000169D44A1000.00000004.00000001.sdmpBinary or memory string: OriginalFilename_multiprocessing.pyd. vs SnapshotLogExtractor.exe
Source: SnapshotLogExtractor.exe, 00000000.00000003.302337645.00000169D44A1000.00000004.00000001.sdmpBinary or memory string: OriginalFilename_tkinter.pyd. vs SnapshotLogExtractor.exe
Source: SnapshotLogExtractor.exe, 00000000.00000003.301452666.00000169D44A1000.00000004.00000001.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs SnapshotLogExtractor.exe
Source: SnapshotLogExtractor.exe, 00000000.00000003.301426063.00000169D44A1000.00000004.00000001.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs SnapshotLogExtractor.exe
Source: SnapshotLogExtractor.exe, 00000000.00000003.298363094.00000169D44A1000.00000004.00000001.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs SnapshotLogExtractor.exe
Source: SnapshotLogExtractor.exe, 00000000.00000003.304810515.00000169D44A1000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamepyexpat.pyd. vs SnapshotLogExtractor.exe
Source: SnapshotLogExtractor.exe, 00000000.00000003.301025855.00000169D44A5000.00000004.00000001.sdmpBinary or memory string: OriginalFilename_overlapped.pyd. vs SnapshotLogExtractor.exe
Source: SnapshotLogExtractor.exe, 00000000.00000003.298811237.00000169D44A1000.00000004.00000001.sdmpBinary or memory string: OriginalFilename_decimal.pyd. vs SnapshotLogExtractor.exe
Source: SnapshotLogExtractor.exe, 00000000.00000003.297075880.00000169D44A1000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs SnapshotLogExtractor.exe
Source: SnapshotLogExtractor.exe, 00000000.00000003.304782313.00000169D5D83000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamelibsslH vs SnapshotLogExtractor.exe
Source: SnapshotLogExtractor.exe, 00000000.00000003.306593177.00000169D44A1000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs SnapshotLogExtractor.exe
Source: SnapshotLogExtractor.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: SnapshotLogExtractor.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: tk86t.dll.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: tk86t.dll.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: tk86t.dll.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeCode function: 0_2_00007FF7F2E343A00_2_00007FF7F2E343A0
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeCode function: 0_2_00007FF7F2E4D8880_2_00007FF7F2E4D888
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeCode function: 0_2_00007FF7F2E476C80_2_00007FF7F2E476C8
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeCode function: 0_2_00007FF7F2E3F7880_2_00007FF7F2E3F788
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeCode function: 0_2_00007FF7F2E493800_2_00007FF7F2E49380
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeCode function: 0_2_00007FF7F2E4845C0_2_00007FF7F2E4845C
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeCode function: 0_2_00007FF7F2E4B9100_2_00007FF7F2E4B910
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeCode function: 0_2_00007FF7F2E380E00_2_00007FF7F2E380E0
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeCode function: 0_2_00007FF7F2E3F7880_2_00007FF7F2E3F788
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeCode function: 0_2_00007FF7F2E378900_2_00007FF7F2E37890
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeCode function: 0_2_00007FF7F2E3C4940_2_00007FF7F2E3C494
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeCode function: 0_2_00007FF7F2E4845C0_2_00007FF7F2E4845C
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeCode function: 0_2_00007FF7F2E405F80_2_00007FF7F2E405F8
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeCode function: 0_2_00007FF7F2E4BDE00_2_00007FF7F2E4BDE0
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeCode function: 0_2_00007FF7F2E3E5D00_2_00007FF7F2E3E5D0
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeCode function: 0_2_00007FF7F2E3C7100_2_00007FF7F2E3C710
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeCode function: 0_2_00007FF7F2E50A380_2_00007FF7F2E50A38
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeCode function: 0_2_00007FF7F2E4E2280_2_00007FF7F2E4E228
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeCode function: 0_2_00007FF7F2E41E200_2_00007FF7F2E41E20
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeCode function: String function: 00007FF7F2E31A80 appears 65 times
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeCode function: String function: 00007FF7F2E31BD0 appears 33 times
Source: SnapshotLogExtractor.exeVirustotal: Detection: 9%
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeFile read: C:\Users\user\Desktop\SnapshotLogExtractor.exeJump to behavior
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeCode function: 0_2_00007FF7F2E35180 GetLastError,FormatMessageW,0_2_00007FF7F2E35180
Source: SnapshotLogExtractor.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI59442Jump to behavior
Source: classification engineClassification label: mal48.winEXE@1/421@0/0
Source: SnapshotLogExtractor.exeStatic file information: File size 10819301 > 1048576
Source: SnapshotLogExtractor.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: SnapshotLogExtractor.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: SnapshotLogExtractor.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: SnapshotLogExtractor.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: SnapshotLogExtractor.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: SnapshotLogExtractor.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: SnapshotLogExtractor.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: SnapshotLogExtractor.exeStatic PE information: TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT, HIGH_ENTROPY_VA
Source: SnapshotLogExtractor.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: D:\a01\_work\6\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: SnapshotLogExtractor.exe, 00000000.00000003.297075880.00000169D44A1000.00000004.00000001.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: C:\A\34\b\bin\amd64\select.pdb source: SnapshotLogExtractor.exe, 00000000.00000003.306593177.00000169D44A1000.00000004.00000001.sdmp, select.pyd.0.dr
Source: Binary string: C:\A\34\b\bin\amd64\_tkinter.pdb source: SnapshotLogExtractor.exe, 00000000.00000003.302337645.00000169D44A1000.00000004.00000001.sdmp
Source: Binary string: C:\A\34\b\bin\amd64\pyexpat.pdb source: SnapshotLogExtractor.exe, 00000000.00000003.304810515.00000169D44A1000.00000004.00000001.sdmp, pyexpat.pyd.0.dr
Source: Binary string: C:\A\34\b\bin\amd64\_bz2.pdb source: SnapshotLogExtractor.exe, 00000000.00000003.297942949.00000169D44A1000.00000004.00000001.sdmp, _bz2.pyd.0.dr
Source: Binary string: C:\A\34\b\bin\amd64\_lzma.pdbMM source: SnapshotLogExtractor.exe, 00000000.00000003.299739793.00000169D44A1000.00000004.00000001.sdmp, _lzma.pyd.0.dr
Source: Binary string: C:\A\34\b\bin\amd64\_ssl.pdb source: SnapshotLogExtractor.exe, 00000000.00000003.301880341.00000169D44A1000.00000004.00000001.sdmp, _ssl.pyd.0.dr
Source: Binary string: C:\A\6\b\libcrypto-1_1.pdb source: libcrypto-1_1.dll.0.dr
Source: Binary string: C:\A\34\b\bin\amd64\_overlapped.pdb source: SnapshotLogExtractor.exe, 00000000.00000003.301025855.00000169D44A5000.00000004.00000001.sdmp, _overlapped.pyd.0.dr
Source: Binary string: C:\A\34\b\bin\amd64\_hashlib.pdb source: SnapshotLogExtractor.exe, 00000000.00000003.299315761.00000169D44A1000.00000004.00000001.sdmp
Source: Binary string: C:\A\34\b\bin\amd64\_multiprocessing.pdb source: SnapshotLogExtractor.exe, 00000000.00000003.300550539.00000169D44A1000.00000004.00000001.sdmp, _multiprocessing.pyd.0.dr
Source: Binary string: C:\A\6\b\libssl-1_1.pdb?? source: SnapshotLogExtractor.exe, 00000000.00000003.304782313.00000169D5D83000.00000004.00000001.sdmp, libssl-1_1.dll.0.dr
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: libcrypto-1_1.dll.0.dr
Source: Binary string: C:\A\6\b\libssl-1_1.pdb source: SnapshotLogExtractor.exe, 00000000.00000003.304782313.00000169D5D83000.00000004.00000001.sdmp, libssl-1_1.dll.0.dr
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1i 8 Dec 2020built on: Tue Jan 5 20:11:40 2021 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: libcrypto-1_1.dll.0.dr
Source: Binary string: C:\A\34\b\bin\amd64\_socket.pdb source: SnapshotLogExtractor.exe, 00000000.00000003.301452666.00000169D44A1000.00000004.00000001.sdmp, _socket.pyd.0.dr
Source: Binary string: C:\A\34\b\bin\amd64\_queue.pdb source: SnapshotLogExtractor.exe, 00000000.00000003.301426063.00000169D44A1000.00000004.00000001.sdmp, _queue.pyd.0.dr
Source: Binary string: C:\A\34\b\bin\amd64\_decimal.pdb## source: SnapshotLogExtractor.exe, 00000000.00000003.298811237.00000169D44A1000.00000004.00000001.sdmp, _decimal.pyd.0.dr
Source: Binary string: C:\A\34\b\bin\amd64\_ctypes.pdb source: SnapshotLogExtractor.exe, 00000000.00000003.298363094.00000169D44A1000.00000004.00000001.sdmp, _ctypes.pyd.0.dr
Source: Binary string: C:\A\34\b\bin\amd64\_lzma.pdb source: SnapshotLogExtractor.exe, 00000000.00000003.299739793.00000169D44A1000.00000004.00000001.sdmp, _lzma.pyd.0.dr
Source: Binary string: C:\A\34\b\bin\amd64\_decimal.pdb source: SnapshotLogExtractor.exe, 00000000.00000003.298811237.00000169D44A1000.00000004.00000001.sdmp, _decimal.pyd.0.dr
Source: Binary string: C:\A\34\b\bin\amd64\unicodedata.pdb source: unicodedata.pyd.0.dr
Source: Binary string: C:\A\34\b\bin\amd64\_asyncio.pdb source: SnapshotLogExtractor.exe, 00000000.00000003.297536782.00000169D44A1000.00000004.00000001.sdmp, _asyncio.pyd.0.dr
Source: SnapshotLogExtractor.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: SnapshotLogExtractor.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: SnapshotLogExtractor.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: SnapshotLogExtractor.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: SnapshotLogExtractor.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: VCRUNTIME140.dll.0.drStatic PE information: section name: _RDATA
Source: libcrypto-1_1.dll.0.drStatic PE information: section name: .00cfg
Source: libssl-1_1.dll.0.drStatic PE information: section name: .00cfg
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeCode function: 0_2_00007FF7F2E34FF0 MultiByteToWideChar,MultiByteToWideChar,LoadLibraryA,GetProcAddress,GetProcAddress,0_2_00007FF7F2E34FF0
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Cipher\_raw_ctr.pydJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Cipher\_raw_des3.pydJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Cipher\_raw_cfb.pydJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Cipher\_raw_aes.pydJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI59442\_asyncio.pydJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Cipher\_raw_ocb.pydJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI59442\_hashlib.pydJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI59442\tcl86t.dllJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Cipher\_raw_ecb.pydJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Hash\_RIPEMD160.pydJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Hash\_SHA256.pydJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Hash\_keccak.pydJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Hash\_poly1305.pydJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI59442\_decimal.pydJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Cipher\_ARC4.pydJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Hash\_ghash_clmul.pydJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Hash\_SHA1.pydJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Cipher\_raw_eksblowfish.pydJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI59442\VCRUNTIME140.dllJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI59442\tk86t.dllJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI59442\_tkinter.pydJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Cipher\_raw_des.pydJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Hash\_SHA224.pydJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Cipher\_raw_aesni.pydJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI59442\_queue.pydJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI59442\libcrypto-1_1.dllJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI59442\pyexpat.pydJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Math\_modexp.pydJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI59442\_overlapped.pydJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Hash\_MD2.pydJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI59442\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Cipher\_raw_cast.pydJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Cipher\_raw_ofb.pydJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Cipher\_chacha20.pydJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Hash\_SHA384.pydJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI59442\_ctypes.pydJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI59442\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Cipher\_raw_cbc.pydJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Hash\_SHA512.pydJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI59442\_bz2.pydJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Hash\_MD4.pydJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Hash\_BLAKE2b.pydJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Hash\_BLAKE2s.pydJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Protocol\_scrypt.pydJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI59442\select.pydJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Cipher\_raw_blowfish.pydJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI59442\_ssl.pydJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI59442\_lzma.pydJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Cipher\_Salsa20.pydJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Hash\_MD5.pydJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI59442\python39.dllJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Hash\_ghash_portable.pydJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI59442\_multiprocessing.pydJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Util\_strxor.pydJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Util\_cpuid_c.pydJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI59442\libffi-7.dllJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\PublicKey\_ec_ws.pydJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Cipher\_raw_arc2.pydJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI59442\libssl-1_1.dllJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeCode function: 0_2_00007FF7F2E32D90 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_00007FF7F2E32D90
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Cipher\_raw_ctr.pydJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Cipher\_raw_des3.pydJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Cipher\_raw_cfb.pydJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Cipher\_raw_aes.pydJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI59442\_asyncio.pydJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Cipher\_raw_ocb.pydJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI59442\tcl86t.dllJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI59442\_hashlib.pydJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Cipher\_raw_ecb.pydJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Hash\_SHA256.pydJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Hash\_RIPEMD160.pydJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Hash\_keccak.pydJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Hash\_poly1305.pydJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI59442\_decimal.pydJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Cipher\_ARC4.pydJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Hash\_ghash_clmul.pydJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Hash\_SHA1.pydJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI59442\VCRUNTIME140.dllJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Cipher\_raw_eksblowfish.pydJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI59442\tk86t.dllJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI59442\_tkinter.pydJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Hash\_SHA224.pydJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Cipher\_raw_des.pydJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI59442\_queue.pydJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Cipher\_raw_aesni.pydJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI59442\libcrypto-1_1.dllJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI59442\pyexpat.pydJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Math\_modexp.pydJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI59442\_overlapped.pydJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Hash\_MD2.pydJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI59442\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Cipher\_raw_ofb.pydJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Cipher\_raw_cast.pydJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Hash\_SHA384.pydJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Cipher\_chacha20.pydJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI59442\_ctypes.pydJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI59442\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Hash\_SHA512.pydJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Cipher\_raw_cbc.pydJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI59442\_bz2.pydJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Hash\_MD4.pydJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Hash\_BLAKE2s.pydJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Hash\_BLAKE2b.pydJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Protocol\_scrypt.pydJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI59442\select.pydJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Cipher\_raw_blowfish.pydJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI59442\_ssl.pydJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI59442\_lzma.pydJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Cipher\_Salsa20.pydJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Hash\_MD5.pydJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI59442\python39.dllJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Hash\_ghash_portable.pydJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Util\_strxor.pydJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI59442\_multiprocessing.pydJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Util\_cpuid_c.pydJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI59442\libffi-7.dllJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\PublicKey\_ec_ws.pydJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Cipher\_raw_arc2.pydJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI59442\libssl-1_1.dllJump to dropped file
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeCode function: 0_2_00007FF7F2E3F788 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF7F2E3F788
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeCode function: 0_2_00007FF7F2E3F788 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF7F2E3F788
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeCode function: 0_2_00007FF7F2E495B0 FindFirstFileExW,0_2_00007FF7F2E495B0
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeCode function: 0_2_00007FF7F2E38FCC IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF7F2E38FCC
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeCode function: 0_2_00007FF7F2E34FF0 MultiByteToWideChar,MultiByteToWideChar,LoadLibraryA,GetProcAddress,GetProcAddress,0_2_00007FF7F2E34FF0
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeCode function: 0_2_00007FF7F2E4AF30 GetProcessHeap,0_2_00007FF7F2E4AF30
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeCode function: 0_2_00007FF7F2E38FCC IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF7F2E38FCC
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeCode function: 0_2_00007FF7F2E42F24 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF7F2E42F24
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeCode function: 0_2_00007FF7F2E391A4 SetUnhandledExceptionFilter,0_2_00007FF7F2E391A4
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeCode function: 0_2_00007FF7F2E3895C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF7F2E3895C
Source: SnapshotLogExtractor.exe, 00000000.00000002.555839151.00000169D4900000.00000002.00020000.sdmpBinary or memory string: Program Manager
Source: SnapshotLogExtractor.exe, 00000000.00000002.555839151.00000169D4900000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd
Source: SnapshotLogExtractor.exe, 00000000.00000002.555839151.00000169D4900000.00000002.00020000.sdmpBinary or memory string: Progman
Source: SnapshotLogExtractor.exe, 00000000.00000002.555839151.00000169D4900000.00000002.00020000.sdmpBinary or memory string: Progmanlock
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeCode function: 0_2_00007FF7F2E50880 cpuid 0_2_00007FF7F2E50880
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeCode function: 0_2_00007FF7F2E4D888 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,0_2_00007FF7F2E4D888
Source: C:\Users\user\Desktop\SnapshotLogExtractor.exeCode function: 0_2_00007FF7F2E38EA0 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00007FF7F2E38EA0

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsNative API1Application Shimming1Process Injection1Process Injection1OS Credential DumpingSystem Time Discovery2Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsApplication Shimming1Deobfuscate/Decode Files or Information1LSASS MemorySecurity Software Discovery2Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothJunk DataExploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or Information1Security Account ManagerProcess Discovery1SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSFile and Directory Discovery1Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA SecretsSystem Information Discovery12SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
SnapshotLogExtractor.exe9%VirustotalBrowse

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Cipher\_ARC4.pyd0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Cipher\_ARC4.pyd0%MetadefenderBrowse
C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Cipher\_ARC4.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Cipher\_Salsa20.pyd0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Cipher\_Salsa20.pyd0%MetadefenderBrowse
C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Cipher\_Salsa20.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Cipher\_chacha20.pyd0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Cipher\_chacha20.pyd0%MetadefenderBrowse
C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Cipher\_chacha20.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Cipher\_raw_aes.pyd1%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Cipher\_raw_aes.pyd0%MetadefenderBrowse
C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Cipher\_raw_aes.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Cipher\_raw_aesni.pyd3%MetadefenderBrowse
C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Cipher\_raw_aesni.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Cipher\_raw_arc2.pyd0%MetadefenderBrowse
C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Cipher\_raw_arc2.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Cipher\_raw_blowfish.pyd0%MetadefenderBrowse
C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Cipher\_raw_blowfish.pyd0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://aia.startssl.com/certs/sca.code3.crt060%URL Reputationsafe
http://crl.startssl.com/sfsca.crl0f0%URL Reputationsafe
http://aia.startssl.com/certs/ca.crt00%URL Reputationsafe
http://crl.startssl.com/sca-code3.crl0#0%URL Reputationsafe
http://ocsp.thawte.com00%URL Reputationsafe
http://www.startssl.com/0P0%URL Reputationsafe
http://ocsp.startssl.com070%URL Reputationsafe
http://www.startssl.com/policy00%URL Reputationsafe
http://ocsp.startssl.com000%URL Reputationsafe

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
http://aia.startssl.com/certs/sca.code3.crt06tcl86t.dll.0.drfalse
  • URL Reputation: safe
unknown
http://crl.startssl.com/sfsca.crl0ftcl86t.dll.0.drfalse
  • URL Reputation: safe
unknown
http://crl.thawte.com/ThawteTimestampingCA.crl0SnapshotLogExtractor.exe, 00000000.00000003.303732574.00000169D44A1000.00000004.00000001.sdmp, libffi-7.dll.0.drfalse
    		high
    http://aia.startssl.com/certs/ca.crt0tcl86t.dll.0.drfalse
    • URL Reputation: safe
    		unknown
    http://crl.startssl.com/sca-code3.crl0#tcl86t.dll.0.drfalse
    • URL Reputation: safe
    		unknown
    http://ocsp.thawte.com0SnapshotLogExtractor.exe, 00000000.00000003.303732574.00000169D44A1000.00000004.00000001.sdmp, libffi-7.dll.0.drfalse
    • URL Reputation: safe
    		unknown
    http://www.startssl.com/0Ptcl86t.dll.0.drfalse
    • URL Reputation: safe
    		unknown
    https://www.openssl.org/HSnapshotLogExtractor.exe, 00000000.00000003.304782313.00000169D5D83000.00000004.00000001.sdmp, libssl-1_1.dll.0.drfalse
      		high
      http://ocsp.startssl.com07tcl86t.dll.0.drfalse
      • URL Reputation: safe
      		unknown
      http://www.startssl.com/policy0tcl86t.dll.0.drfalse
      • URL Reputation: safe
      		unknown
      http://www.python.org/dev/peps/pep-0205/SnapshotLogExtractor.exe, 00000000.00000003.309544975.00000169D5EC1000.00000004.00000001.sdmp, base_library.zip.0.drfalse
        		high
        http://ocsp.startssl.com00tcl86t.dll.0.drfalse
        • URL Reputation: safe
        		unknown
        http://www.python.org/download/releases/2.3/mro/.SnapshotLogExtractor.exe, 00000000.00000003.309544975.00000169D5EC1000.00000004.00000001.sdmp, base_library.zip.0.drfalse
          		high

          Contacted IPs

          No contacted IP infos

          General Information

          Joe Sandbox Version:34.0.0 Boulder Opal
          Analysis ID:526044
          Start date:22.11.2021
          Start time:06:44:06
          Joe Sandbox Product:CloudBasic
          Overall analysis duration:0h 6m 12s
          Hypervisor based Inspection enabled:false
          Report type:full
          Sample file name:SnapshotLogExtractor.exe
          Cookbook file name:default.jbs
          Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
          Number of analysed new started processes analysed:23
          Number of new started drivers analysed:0
          Number of existing processes analysed:0
          Number of existing drivers analysed:0
          Number of injected processes analysed:0
          Technologies:
          • HCA enabled
          • EGA enabled
          • HDC enabled
          • AMSI enabled
          Analysis Mode:default
          Analysis stop reason:Timeout
          Detection:MAL
          Classification:mal48.winEXE@1/421@0/0
          EGA Information:
          • Successful, ratio: 100%
          HDC Information:
          • Successful, ratio: 100% (good quality ratio 88%)
          • Quality average: 65%
          • Quality standard deviation: 32.9%
          HCA Information:Failed
          Cookbook Comments:
          • Adjust boot time
          • Enable AMSI
          • Found application associated with file extension: .exe
          Warnings:
          Show All
          • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, wuapihost.exe
          • Excluded domains from analysis (whitelisted): ris.api.iris.microsoft.com, ctldl.windowsupdate.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, arc.msn.com
          • Not all processes where analyzed, report is missing behavior information
          • Report size getting too big, too many NtWriteFile calls found.

          Simulations

          Behavior and APIs

          No simulations

          Joe Sandbox View / Context

          IPs

          No context

          Domains

          No context

          ASN

          No context

          JA3 Fingerprints

          No context

          Dropped Files

          No context

          Created / dropped Files

          C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Cipher\_ARC4.pyd
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
          Category:dropped
          Size (bytes):11264
          Entropy (8bit):4.634028407547307
          Encrypted:false
          SSDEEP:96:z8MwxTCa5Xv7BelL7u1R/r8qJ7pfpsPG6QEYHGBp5WCmNniHisDJ9UFv4:zTwxTltlelL7urFfUQa5NmYjDLU
          MD5:BA43C9C79B726F52CD3187231E3A780F
          SHA1:EC0538F8F32F3C58CB7430E82C416B44C0B03D12
          SHA-256:7B5E1F955E198278A39B94F6AC18D49CEE21B99C8A951DE722FF99A153162A0B
          SHA-512:A74056F9D853B2F020800D9DB0C1C50AD704E5DBD6B9A0A169E1BCC6299AB02E5D1F6A9C0A4FEBE9E14D8FE3264D836E67ADCD1AD2F1C380FED4A98A48E3F3E3
          Malicious:false
          Antivirus:
          • Antivirus: Virustotal, Detection: 0%, Browse
          • Antivirus: Metadefender, Detection: 0%, Browse
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............................@......................@.......@.......@.......f.......f.......f.......f.......Rich............................PE..d...a."`.........." ................T........................................p............`.........................................`'.......(..d....P.......@...............`..$....!...............................!..8............ ...............................text............................... ..`.rdata..*.... ......................@..@.data...H....0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......(..............@..@.reloc..$....`.......*..............@..B........................................................................................................................................................................................................................................
          C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Cipher\_Salsa20.pyd
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
          Category:dropped
          Size (bytes):13824
          Entropy (8bit):5.010720322611065
          Encrypted:false
          SSDEEP:192:EUBpDmr37utd9PHv2DznuRGMeS4JUHNDLUYd:mDit6DCVn4WZUW
          MD5:991AA4813AF0ADF95B0DF3F59879E21C
          SHA1:E44DB4901FFBBB9E8001B5B3602E59F6D2CCC9C8
          SHA-256:5B86D84DA033128000D8BC00A237AB07D5FF75078216654C224854BEC0CD6641
          SHA-512:C6A9DB8338330AB45A8522FBEF5B59374176AC4BF2C0BAE6471AA6FA4710B7EFE20E9331BA542FA274D32DE623A0B578A1A048765F000F74B1608FFA05E5C550
          Malicious:false
          Antivirus:
          • Antivirus: Virustotal, Detection: 0%, Browse
          • Antivirus: Metadefender, Detection: 0%, Browse
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F................K........................&.......................................'............Rich....................PE..d...b."`.........." ................T.....................................................`.........................................@8.......9..d....`.......P..L............p..$....1...............................1..8............0...............................text...x........................... ..`.rdata..2....0......................@..@.data...H....@.......,..............@....pdata..L....P......................@..@.rsrc........`.......2..............@..@.reloc..$....p.......4..............@..B................................................................................................................................................................................................................................................
          C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Cipher\_chacha20.pyd
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
          Category:dropped
          Size (bytes):13312
          Entropy (8bit):5.030943993303202
          Encrypted:false
          SSDEEP:192:fhgUBpDmr37utd9PVv2Jnl0Ne3erKr5okiy0Y23RAr2Z9lkNCqDLU/:sDitwJooNiyX2hUA9f0U/
          MD5:43C8516BE2AE73FB625E8496FD181F1C
          SHA1:6D38E8EE6D38759FDBA6558848DA62BB3FB51EC8
          SHA-256:3A1ACFA87110ACE2F8B8F60B03E264F22E2B7E76B53AD98C3B260686B1C27C57
          SHA-512:B8DCD4875EF7759DA1F8B96FC85DAC8910720C8168F09AC52DAF85C637955274093530406BE2A58EF237BFAB8CCDF4F06F96EBA7ADFC4F413CBF0E5A7D447774
          Malicious:false
          Antivirus:
          • Antivirus: Virustotal, Detection: 0%, Browse
          • Antivirus: Metadefender, Detection: 0%, Browse
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F................K........................&.......................................'............Rich....................PE..d...b."`.........." ................T.....................................................`..........................................7.......8..d....`.......P..d............p..$....1...............................1..8............0...............................text...(........................... ..`.rdata.......0......................@..@.data...H....@.......*..............@....pdata..d....P.......,..............@..@.rsrc........`.......0..............@..@.reloc..$....p.......2..............@..B................................................................................................................................................................................................................................................
          C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Cipher\_raw_aes.pyd
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
          Category:dropped
          Size (bytes):35840
          Entropy (8bit):6.5985845002689825
          Encrypted:false
          SSDEEP:384:ZOISQpPUUllvxL/7v/iKBt5ByU0xGitqzSEkxGG7+tpKHb/LZ7fr52E0H680xz4e:nLh7JbH1G4sS4j990th9VQFI
          MD5:DACF0299F0ACD196C0B0C35440C9CF78
          SHA1:CFFD37FE04854D60E87058B33CA313F532879BF7
          SHA-256:1199152F31FC5179FD39733B6B7D60B7F4A7269FE28CBC434F87FA53810B305D
          SHA-512:7FFA5A8979F4258968E37540348E62FD22C795981F4AA9A6962DDEC17CEC8265EC7A7FF7EE4A2EBADF4DA35062972E4C7ADF7C8D4031B60AE218872807E092D9
          Malicious:false
          Antivirus:
          • Antivirus: Virustotal, Detection: 1%, Browse
          • Antivirus: Metadefender, Detection: 0%, Browse
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............................@......................@.......@.......@.......f.......f.......f.......f.......Rich............................PE..d...]."`.........." .....H...F......T.....................................................`.........................................0...........d...............................0......................................8............`...............................text....G.......H.................. ..`.rdata...5...`...6...L..............@..@.data...H...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..0...........................@..B........................................................................................................................................................................................................................................
          C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Cipher\_raw_aesni.pyd
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
          Category:dropped
          Size (bytes):15360
          Entropy (8bit):5.181873142782463
          Encrypted:false
          SSDEEP:192:9Ee15je/I3TuvPfB1LeLi2jcXdq2QdeJgDZETDRcYcaKAADLU5YUod:992Y6/B1KL4XdQdggDZ8EU5YUm
          MD5:5D1CAEEDC9595EC0A30507C049F215D7
          SHA1:B963E17679A0CB1EFDC388B8218BE7373DE8E6CC
          SHA-256:A5C4143DDFA6C10216E9467A22B792541096E222EFE71C930A5056B917E531A0
          SHA-512:BE8471BE53AFA1EDCAA742B7D1D4222D15D4682BA8E1F8376FC65C46CCC5FE0890D24BBAFB6616F625D5D37A087762317EBAA4AE6518443E644FA01EBC4496E5
          Malicious:false
          Antivirus:
          • Antivirus: Metadefender, Detection: 3%, Browse
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F................[........................*.......................................7............Rich....................PE..d...]."`.........." ......... ......T.....................................................`.........................................p9.......:..d....`.......P...............p..$....1...............................1..8............0.. ............................text............................... ..`.rdata.......0......."..............@..@.data...8....@.......2..............@....pdata.......P.......4..............@..@.rsrc........`.......8..............@..@.reloc..$....p.......:..............@..B................................................................................................................................................................................................................................................
          C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Cipher\_raw_arc2.pyd
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
          Category:dropped
          Size (bytes):16384
          Entropy (8bit):5.400580637932519
          Encrypted:false
          SSDEEP:192:rEJe0rPeLTuUt4/wgroOCouz7ucc9dJ7oAAokDLU45Gc:3mUGr9n6769laU45
          MD5:4795B16B5E63AEE698E8B601C011F6E6
          SHA1:4AA74966B5737A818B168DA991472380FE63AD3E
          SHA-256:78DB7D57C23AC96F5D56E90CFB0FBB2E10DE7C6AF48088354AA374709F1A1087
          SHA-512:73716040ECF217E41A34FADEA6046D802982F2B01D0133BFD5C215499C84CB6D386AF81235CA21592722F57EA31543D35B859BE2AF1972F347C93A72131C06C2
          Malicious:false
          Antivirus:
          • Antivirus: Metadefender, Detection: 0%, Browse
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F................{........................'....................................................Rich............PE..d...]."`.........." ....."... ......T.....................................................`.........................................@I.......I..d....p.......`..................$....B...............................B..8............@...............................text...8 .......".................. ..`.rdata.......@.......&..............@..@.data...H....P.......6..............@....pdata.......`.......8..............@..@.rsrc........p.......<..............@..@.reloc..$............>..............@..B........................................................................................................................................................................................................................................................
          C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Cipher\_raw_blowfish.pyd
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
          Category:dropped
          Size (bytes):20480
          Entropy (8bit):6.159203027693185
          Encrypted:false
          SSDEEP:192:iUpJ7Grjup/vx81AguKUiZA3OkJYkO8d3KobfoHJAyZJg8D0KThxA+rAQE+tnJi8:I2XKAs3ZArTvHbgpJgLa0Mp83xhUoz
          MD5:9F33973B19B84A288DF7918346CEC5E4
          SHA1:A646146337225D3FA064DE4B15BF7D5C35CE5338
          SHA-256:DC86A67CFF9CB3CC763AAAB2D357EC6DBC0616A5DFC16EBE214E8E2C04242737
          SHA-512:D7FFA4A640EBD2C9121DBD1BA107B5D76C0385524C4F53DE6FDA1BB0EC16541CEF1981F7E1DAA84F289D4A7D566B0620690AF97AF47F528BBF5B2CD6E49FE90C
          Malicious:false
          Antivirus:
          • Antivirus: Metadefender, Detection: 0%, Browse
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F................{........................'....................................................Rich............PE..d...^."`.........." .....$..........T.....................................................`..........................................X.......Y..d............p..................0....Q...............................R..8............@...............................text...H#.......$.................. ..`.rdata.......@.......(..............@..@.data...H....`.......F..............@....pdata.......p.......H..............@..@.rsrc................L..............@..@.reloc..0............N..............@..B........................................................................................................................................................................................................................................................
          C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Cipher\_raw_cast.pyd
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
          Category:dropped
          Size (bytes):24576
          Entropy (8bit):6.493034619151615
          Encrypted:false
          SSDEEP:384:pksGDsFSQkHUleKaZXmrfXA+UA10ol31tuXOQkUdT:kTK0K4XmrXA+NNxW+Ud
          MD5:89D4B1FC3A62B4A739571855F22E0C18
          SHA1:F0F6A893A263EEEB00408F5F87DC9ABB3D3259A6
          SHA-256:3832F95FE55D1B4DA223DF5438414F03F18D5EF4AAFD285357A81E4ED5AD5DA1
          SHA-512:20C713564C0658FD7A26F56BF629B80FCB4E7F785E66A00163933D57C8E5A344F6B0476F7395A6D8A526D78A60C85884CEFF6B3F812A8EE07E224C9E91F878C1
          Malicious:false
          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F................K........................&.......................................'............Rich....................PE..d...^."`.........." .....$...>............................................................`.........................................@h.......h..d...............................0....a...............................a..8............@...............................text...x".......$.................. ..`.rdata...,...@.......(..............@..@.data...H....p.......V..............@....pdata...............X..............@..@.rsrc................\..............@..@.reloc..0............^..............@..B................................................................................................................................................................................................................................................
          C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Cipher\_raw_cbc.pyd
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
          Category:dropped
          Size (bytes):12288
          Entropy (8bit):4.700268562557766
          Encrypted:false
          SSDEEP:192:zh05p7mr3Tutd9PUv2anKfI1ve86rYDLUa:tD6t/GKfevTTUa
          MD5:73DD025BFA3CFB38E5DAAD0ED9914679
          SHA1:65D141331E8629293146D3398A2F76C52301D682
          SHA-256:C89F3C0B89CFEE35583D6C470D378DA0AF455EBD9549BE341B4179D342353641
          SHA-512:20569F672F3F2E6439AFD714F179A590328A1F9C40C6BC0DC6FCAD7581BC620A877282BAF7EC7F16AAA79724BA2165F71D79AA5919C8D23214BBD39611C23AED
          Malicious:false
          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F................{........................'....................................................Rich............PE..d...`."`.........." ................T.....................................................`..........................................7.......8..d....`.......P..X............p..$....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......&..............@....pdata..X....P.......(..............@..@.rsrc........`.......,..............@..@.reloc..$....p......................@..B........................................................................................................................................................................................................................................................
          C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Cipher\_raw_cfb.pyd
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
          Category:dropped
          Size (bytes):13312
          Entropy (8bit):4.99372428436515
          Encrypted:false
          SSDEEP:192:Dardk3qQb3GukBPZCLfSQl+x5DLUzbgd6:dNzFkHCLKUzbO
          MD5:E87AAC7F2A9BF57D6796E5302626EE2F
          SHA1:4B633501E76E96C8859436445F38240F877FC6C6
          SHA-256:97BF9E392D6AD9E1EC94237407887EA3D1DEC2D23978891A8174C03AF606FD34
          SHA-512:108663F0700D9E30E259A62C1AE35B23F5F2ABD0EFF00523AAE171D1DB803DA99488C7395AFD3AD54A242F0CB2C66A60E6904D3E3F75BB1193621FD65DF4AD5C
          Malicious:false
          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............................@....................@......@......@......f......f......f.~.....f......Rich....................PE..d...`."`.........." ................T.....................................................`..........................................8......H9..d....`.......P..d............p..$....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......*..............@....pdata..d....P.......,..............@..@.rsrc........`.......0..............@..@.reloc..$....p.......2..............@..B................................................................................................................................................................................................................................................
          C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Cipher\_raw_ctr.pyd
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
          Category:dropped
          Size (bytes):14848
          Entropy (8bit):5.274628449067808
          Encrypted:false
          SSDEEP:192:ktVGzeoI3DuzPpcAdXdO57EEE/quBiFElcUNIDLUnF6+ud:nNYqFcAdXdDqurIUnUp
          MD5:F3F30D72D6D7F4BA94B3C1A9364F1831
          SHA1:46705C3A35C84BF15CF434E2607BDDD18991E138
          SHA-256:7820395C44EAB26DE0312DFC5D08A9A27398F0CAA80D8F9A88DEE804880996FF
          SHA-512:01C5EA300A7458EFE1B209C56A826DF0BF3D6FF4DD512F169D6AEE9D540600510C3249866BFB991975CA5E41C77107123E480EDA4D55ECCB88ED22399EE57912
          Malicious:false
          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........o....................@......................@.......@.......@.......f.......f.......f.......f.......Rich............................PE..d...a."`.........." ......... ......T.....................................................`.........................................P9.......:..d....`.......P...............p..$....1...............................1..8............0.. ............................text............................... ..`.rdata.......0....... ..............@..@.data........@.......0..............@....pdata.......P.......2..............@..@.rsrc........`.......6..............@..@.reloc..$....p.......8..............@..B........................................................................................................................................................................................................................................
          C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Cipher\_raw_des.pyd
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
          Category:dropped
          Size (bytes):56832
          Entropy (8bit):4.23001088085281
          Encrypted:false
          SSDEEP:384:m3gj0/sz71dv/ZHkVnYcZiGKdZHDLIK4vnKAnKorZOzUbq+K9:7jssHZHTr4vZHb69
          MD5:020A1E1673A56AF5B93C16B0D312EF50
          SHA1:F69C1BB224D30F54E4555F71EA8CAD4ACB5D39BC
          SHA-256:290B3ED6151B7BF8B7B227EF76879838294F7FF138AF68E083C2FDDC0A50E4FC
          SHA-512:71B5ED33B51F112896BB59D39B02010B3ABC02B3032BD17E2AA084807492DA71BDE8F12ADEF72C6CC0A5A52D783CD7595EEC906C394A21327ADAB2927E853B1F
          Malicious:false
          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Sj..2...2...2...J...2..LC...2...Y...2...2...2..LC...2..LC...2..LC...2..j@...2..j@...2..j@...2..j@...2..Rich.2..........................PE..d..._."`.........." .....6...................................................0............`.....................................................d...............l............ ..0... ...............................@...8............P...............................text....5.......6.................. ..`.rdata..T....P.......:..............@..@.data...H...........................@....pdata..l...........................@..@.rsrc...............................@..@.reloc..0.... ......................@..B........................................................................................................................................................................................................................................
          C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Cipher\_raw_des3.pyd
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
          Category:dropped
          Size (bytes):57344
          Entropy (8bit):4.2510443883540265
          Encrypted:false
          SSDEEP:384:wVgj0/sKzNweVC/ZHkNnYcZiGKdZHDLaK0vnKAnKLrZVwUbqeo:njsskKZHLR0vZmbx
          MD5:EC55478B5DD99BBE1EBA9D6AD8BDE079
          SHA1:EC730D05FEEC83B1D72784C2265DC2E2CF67C963
          SHA-256:1AF46CBE209E3F1D30CCC0BA9F7E5A455554CAF8B1E3E42F9A93A097D9F435AC
          SHA-512:55FE28E839117A19DF31165FEA3DED3F9DFC0DDA16B437CF274174E9AE476C0E5B869FFB8B2CF1880189BFAC3917E8D7078FA44FC96CFF18DC6EAC7AFA7A8F48
          Malicious:false
          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Sj..2...2...2...J...2..LC...2...Y...2...2...2..LC...2..LC...2..LC...2..j@...2..j@...2..j@...2..j@...2..Rich.2..........................PE..d..._."`.........." .....8...................................................0............`.................................................`...d............................ ..0... ...............................@...8............P...............................text...h7.......8.................. ..`.rdata.......P.......<..............@..@.data...H...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..0.... ......................@..B........................................................................................................................................................................................................................................
          C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Cipher\_raw_ecb.pyd
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
          Category:dropped
          Size (bytes):10240
          Entropy (8bit):4.689882120894326
          Encrypted:false
          SSDEEP:96:5D8MdJTCaDAH37Belrzu1x/r8qJ7pfJsPG6QxmFWymc3doBKumsLVsDJ9UKvL:lTdJTlDmNelrzuLFf0Qg4yxlumQCDLU
          MD5:93DA52E6CE73E0C1FC14F7B24DCF4B45
          SHA1:0961CFB91BBCEE3462954996C422E1A9302A690B
          SHA-256:DDD427C76F29EDD559425B31EEE54EB5B1BDD567219BA5023254EFDE6591FAA0
          SHA-512:49202A13D260473D3281BF7CA375AC1766189B6936C4AA03F524081CC573EE98D236AA9C736BA674ADE876B7E29AE9891AF50F1A72C49850BB21186F84A3C3AB
          Malicious:false
          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........mr..............t......,}.......g..............,}......,}......,}.......~.......~.......~.......~......Rich............................PE..d...`."`.........." ................T........................................p............`..........................................&.......'..P....P.......@...............`..$....!...............................!..8............ ...............................text............................... ..`.rdata..p.... ......................@..@.data...H....0....... ..............@....pdata.......@......."..............@..@.rsrc........P.......$..............@..@.reloc..$....`.......&..............@..B........................................................................................................................................................................................................................................
          C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Cipher\_raw_eksblowfish.pyd
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
          Category:dropped
          Size (bytes):21504
          Entropy (8bit):6.2360102418962855
          Encrypted:false
          SSDEEP:384:42XHEtPwbdvIbwKBBEHYpJgLa0Mp8u9sLgU:jHMobBiB+HqgLa1Kx
          MD5:3D34E2789682844E8B5A06BE3B1C81BF
          SHA1:0141D82B4B604E08E620E63B8257FB6A1E210CAF
          SHA-256:40B1A6F1318C565E985AFFB8DF304991E908AB1C36C8E960E7AC177E3002FCA0
          SHA-512:886780D6CE3F2955C8FAC38F75DC3A2E017F68ED8FCC75BAA6D74A5E4018CFBF2B99F59D0DBFA5D2728EB1AD7F3F8FE54F0AD3F29D74AFC43E2CDC1A21F889C4
          Malicious:false
          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F................{........................'....................................................Rich............PE..d...^."`.........." .....(..........T.....................................................`..........................................X.......Y..d............p..................0....Q...............................R..8............@...............................text....'.......(.................. ..`.rdata.......@.......,..............@..@.data...H....`.......J..............@....pdata.......p.......L..............@..@.rsrc................P..............@..@.reloc..0............R..............@..B........................................................................................................................................................................................................................................................
          C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Cipher\_raw_ocb.pyd
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
          Category:dropped
          Size (bytes):17920
          Entropy (8bit):5.285518610964193
          Encrypted:false
          SSDEEP:384:txQrFBe/i+/puqeXOv3oTezczeO9p9iYDWYLJzUn:Q5B8txuqeXOfoTezcSO9pUY1JY
          MD5:194D1F38FAB24A3847A0B22A120D635B
          SHA1:A96A9DF4794CDA21E845AAFE2D5ACD5A40A9C865
          SHA-256:FCC68F211C6D2604E8F93E28A3065F6E40F1E044C34D33CC8349EB3873559A0C
          SHA-512:07324B03B7DD804090B00BC62C41162FD1788AE3C8450BCA25D63BF254009D04A7ACDF7ACFAF473A3D1BE1FA58B0007FA35D8E486F90C9B48384C035C83B0CCF
          Malicious:false
          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F.f.......................................$....................................................Rich....................PE..d...a."`.........." .....(... ......T.....................................................`.........................................@I......<J..d....p.......`..................$....A...............................A..8............@...............................text....'.......(.................. ..`.rdata.......@.......,..............@..@.data........P.......<..............@....pdata.......`.......>..............@..@.rsrc........p.......B..............@..@.reloc..$............D..............@..B................................................................................................................................................................................................................................................
          C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Cipher\_raw_ofb.pyd
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
          Category:dropped
          Size (bytes):12288
          Entropy (8bit):4.696064367032408
          Encrypted:false
          SSDEEP:192:V05p7mr3Tutd9PUv22NeLfPI5k3bo7tDLUan:tD6t/N4a3bEZUan
          MD5:0628DC6D83F4A9DDDB0552BD0CC9B54C
          SHA1:C73F990B84A126A05F1D32D509B6361DCA80BC93
          SHA-256:F136B963B5CEB60B0F58127A925D68F04C1C8A946970E10C4ABC3C45A1942BC7
          SHA-512:78D005A2FEC5D1C67FC2B64936161026F9A0B1756862BAF51EAF14EDEE7739F915D059814C8D6F66797F84A28071C46B567F3392DAF4FF7FCDFA94220C965C1A
          Malicious:false
          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F................{........................'....................................................Rich............PE..d...`."`.........." ................T.....................................................`..........................................7.......8..d....`.......P..X............p..$....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......&..............@....pdata..X....P.......(..............@..@.rsrc........`.......,..............@..@.reloc..$....p......................@..B........................................................................................................................................................................................................................................................
          C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Hash\_BLAKE2b.pyd
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
          Category:dropped
          Size (bytes):14336
          Entropy (8bit):5.219784380683583
          Encrypted:false
          SSDEEP:192:305p7mr3Tutd9Pwv2e42bF7i+V2rQnjt1wmg9jN+mp23XDLUk:rD6tTephi+AojO9jbQHUk
          MD5:59F65C1AD53526840893980B52CD0497
          SHA1:E675A09577C75D877CB1305E60EB3D03A4051B73
          SHA-256:2DF02E84CFD77E91D73B3551BDDA868277F8AE38B262FA44528E87208D0B50FC
          SHA-512:5E9782793A8BB6437D718A36862C13CDE5E7E3780E6F3E82C01F7B2F83EBBDB63F66B3C988FA8DEF36077F17FA1F6C2C77A82FABBD7C17D1568E7CEA19E7EDD6
          Malicious:false
          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F................{........................'....................................................Rich............PE..d...[."`.........." ................T.....................................................`..........................................8......|9..d....`.......P..@............p..$....2...............................2..8............0...............................text............................... ..`.rdata.......0....... ..............@..@.data...H....@......................@....pdata..@....P.......0..............@..@.rsrc........`.......4..............@..@.reloc..$....p.......6..............@..B........................................................................................................................................................................................................................................................
          C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Hash\_BLAKE2s.pyd
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
          Category:dropped
          Size (bytes):13824
          Entropy (8bit):5.171175600505211
          Encrypted:false
          SSDEEP:192:O05p7mr3Tutd9Pwv2aKbxdcgatX1WmkaA09L9kDLUhX:MD6tTZgtX15kanYU
          MD5:4D8230D64493CE217853B4D3B6768674
          SHA1:C845366E7C02A2402BA00B9B6735E1FAD3F2F1EF
          SHA-256:06885DC99A7621BA3BE3B28CB4BCF972549E23ACF62A710F6D6C580AABA1F25A
          SHA-512:C32D5987A0B1DED7211545CB7D3D7482657CA7D74A9083D37A33F65BBE2E7E075CB52EFAEEA00F1840AB8F0BAF7DF1466A4F4E880ABF9650A709814BCEE2F945
          Malicious:false
          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F................{........................'....................................................Rich............PE..d...\."`.........." ................T.....................................................`..........................................8.......9..d....`.......P..@............p..$....2...............................2..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......,..............@....pdata..@....P......................@..@.rsrc........`.......2..............@..@.reloc..$....p.......4..............@..B........................................................................................................................................................................................................................................................
          C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Hash\_MD2.pyd
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
          Category:dropped
          Size (bytes):13824
          Entropy (8bit):5.171087190344686
          Encrypted:false
          SSDEEP:384:ajJzPAI2p3C2p+EhKnLg9yH8puzoFaPERIQAVqYU:GITp3pp+EhmLg9yH8puzoFaPERIQp
          MD5:4B4831FCFCA23CEBEC872CCCCE8C3CE1
          SHA1:9CA26A95C31E679B0D4CFEDEACEA38334B29B3F3
          SHA-256:75250C7B7EE9F7F944D9C23161D61FE80D59572180A30629C97D1867ECF32093
          SHA-512:7218D67A78EBC76D1AA23AEDDF7B7D209A9E65D4A50FD57F07680953BDF40E42B33D3D6388119B54E3948DA433D0F895BCC0F98E6D1AF4B9821AEFE2300C7EA0
          Malicious:false
          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F.f.......................................$....................................................Rich....................PE..d...V."`.........." ................T.....................................................`..........................................9.......9..d....`.......P..(............p..$....2...............................2..8............0...............................text...h........................... ..`.rdata.......0......................@..@.data...x....@.......,..............@....pdata..(....P......................@..@.rsrc........`.......2..............@..@.reloc..$....p.......4..............@..B................................................................................................................................................................................................................................................
          C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Hash\_MD4.pyd
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
          Category:dropped
          Size (bytes):13824
          Entropy (8bit):5.0894476079532565
          Encrypted:false
          SSDEEP:192:ZE4+jfKIb3gudUPpwVp1sAD7I/9hAkeTOre5QDLU+db:CjJzPQwVp1sAD7KvpUv5uUob
          MD5:642B9CCEA6E2D6F610D209DC3AACF281
          SHA1:8F816AA1D94F085E2FE30A14B4247410910DA8F9
          SHA-256:E5DFB0A60E0E372AE1FF4D0E3F01B22E56408F0F9B04C610ECEF2A5847D6D879
          SHA-512:A728E2F6264A805CE208FEB24600D23EC04C7D17481A39B01F90E47D82CF6C369D6151BB4170D993BE98CEFE8E6BDF2044CF0DC623BAE662C5584812875FC3B8
          Malicious:false
          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F.f.......................................$....................................................Rich....................PE..d...V."`.........." ................T.....................................................`..........................................8.......8..d....`.......P..(............p..$....1...............................2..8............0...............................text............................... ..`.rdata.......0......................@..@.data........@.......,..............@....pdata..(....P......................@..@.rsrc........`.......2..............@..@.reloc..$....p.......4..............@..B................................................................................................................................................................................................................................................
          C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Hash\_MD5.pyd
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
          Category:dropped
          Size (bytes):15360
          Entropy (8bit):5.432796797907171
          Encrypted:false
          SSDEEP:192:N9FZ/KFjb3OuTPU84At56BTBvzcuiDSjeoGIQUPTrLFDLUEPLdN:/wztA8Tt5OwuiDSyoGPmXdUEPB
          MD5:180017650B62058058CB81B53540A9BF
          SHA1:696EECA75621B75BC07E2982EB66D61A1DFECDB6
          SHA-256:8146110D92B2F50B3EB02557BE6EE4586EEC1A2AD7204B48A4F28B8859FE6E29
          SHA-512:9AD447F0B15639C1FA3300E80EC5B175589930CB9166CF108FAFA74093CE791E1FF55CF6686ABF090A8B44BA6B743FEEBA270F378ED405F15418406AB8D01E9B
          Malicious:false
          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F.f.......................................$....................................................Rich....................PE..d...W."`.........." ..... ..........T.....................................................`.........................................P8...... 9..d....`.......P..X............p..$....1...............................1..8............0...............................text............ .................. ..`.rdata..p....0.......$..............@..@.data........@.......2..............@....pdata..X....P.......4..............@..@.rsrc........`.......8..............@..@.reloc..$....p.......:..............@..B................................................................................................................................................................................................................................................
          C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Hash\_RIPEMD160.pyd
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
          Category:dropped
          Size (bytes):13824
          Entropy (8bit):5.099895592918567
          Encrypted:false
          SSDEEP:192:s05p7mr3Tutd9Pgv239k9UgPKsVQJukk7+rDLU8:OD6tD3G9tPKsVQJuUDU
          MD5:11F184E124E91BE3EBDF5EAF92FDE408
          SHA1:5B0440A1A2FBD1B21D5AF7D454098A2B7C404864
          SHA-256:F9220CA8A1948734EC753B1ADA5E655DAF138AF76F01A79C14660B2B144C2FAE
          SHA-512:37B3916A5A4E6D7052DDB72D34347F46077BDF1BA1DCF20928B827B3D2C411C612B4E145DFE70F315EA15E8F7F00946D26E4728F339EDDF08C72B4E493C56BC3
          Malicious:false
          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F................{........................'....................................................Rich............PE..d...Z."`.........." ......... ......T.....................................................`.........................................p9......H:..d....`.......P...............p..$...@3..............................`3..8............0...............................text...X........................... ..`.rdata.......0......................@..@.data...H....@.......,..............@....pdata.......P......................@..@.rsrc........`.......2..............@..@.reloc..$....p.......4..............@..B........................................................................................................................................................................................................................................................
          C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Hash\_SHA1.pyd
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
          Category:dropped
          Size (bytes):17920
          Entropy (8bit):5.65813713656815
          Encrypted:false
          SSDEEP:192:Bj51JwTx7uuj/krY1ZLhGZo2R1J+0eDPSgkNZuOdlptvTLLB5b+vDLUE+Ea:sxQr89hTOJ+0QPSfu6rlZ+/UE+
          MD5:51A01A11848322AC53B07D4D24F97652
          SHA1:141097D0F0F1C5432B1F1A571310BD4266E56A6D
          SHA-256:E549A4FE85759CBFC733ECF190478514B46ECA34EDA2370F523328F6DC976F30
          SHA-512:23281BE77496AF3A6507B610191AF5AA005C974F27129073FD70D51E82A5D3E55FB8C7FF28CF1886B55E264B736AB506EE0D97210E764EB1618C74DE2B44E64A
          Malicious:false
          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F.f.......................................$....................................................Rich....................PE..d...W."`.........." .....*..........T.....................................................`.........................................PH......(I..d....p.......`..X...............$....A...............................A..8............@...............................text....).......*.................. ..`.rdata..x....@......................@..@.data........P.......<..............@....pdata..X....`.......>..............@..@.rsrc........p.......B..............@..@.reloc..$............D..............@..B................................................................................................................................................................................................................................................
          C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Hash\_SHA224.pyd
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
          Category:dropped
          Size (bytes):21504
          Entropy (8bit):5.882538742896355
          Encrypted:false
          SSDEEP:384:lRlEGHXgKXqHGcvYHp5RYcARQOj4MSTjqgPmEO2vUk:NdHXgP/YtswvdUk
          MD5:B20D629142A1354BA94033CAC15D7D8C
          SHA1:CD600F33D5BC5FA3E70BDF346A8D0FB935166468
          SHA-256:147CE6747635B374570D3A1D9FCAB5B195F67E99E34C0F59018A3686A07A3917
          SHA-512:72EFD1C653732FB620787B26D0CA44086405A070EC3CD4BBA5445854C5D7DDE6D669060845D093A1FC2593ED6E48630344FA6F0AF685186FB554D8BB9BC97AA0
          Malicious:false
          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F.f.......................................$....................................................Rich....................PE..d...Y."`.........." .....6... ......T.....................................................`..........................................Z.......Z..d............p..................$....R...............................R..8............P...............................text....5.......6.................. ..`.rdata..8....P.......:..............@..@.data...(....`.......J..............@....pdata.......p.......L..............@..@.rsrc................P..............@..@.reloc..$............R..............@..B................................................................................................................................................................................................................................................
          C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Hash\_SHA256.pyd
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
          Category:dropped
          Size (bytes):21504
          Entropy (8bit):5.88515673373227
          Encrypted:false
          SSDEEP:384:ARlEGHXiKXqHGcvYHp5RYcARQOj4MSTjqgPmEm9Uk:SdHXiP/YtswvdVk
          MD5:6FF2518A93F7279E8FDAC0CE8DE4BF3F
          SHA1:77F4713D4F287E2950C06A0EF2F8C7C8D53BABDD
          SHA-256:27B4DB005685D8E31E37BD632767D5FFC81818D24B622E3D25B8F08F43E29B57
          SHA-512:26A8448D34F70AF62D702851B8353708FB3A1B984CBDC1D2EABE582CAAD8D56B0A835A4C914EB7824DADCF62E83B84D3A669C06ACAF0E1001EB66F85BC5D0377
          Malicious:false
          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F.f.......................................$....................................................Rich....................PE..d...X."`.........." .....6... ......T.....................................................`..........................................Z.......Z..d............p..................$....R...............................R..8............P...............................text....5.......6.................. ..`.rdata..8....P.......:..............@..@.data...(....`.......J..............@....pdata.......p.......L..............@..@.rsrc................P..............@..@.reloc..$............R..............@..B................................................................................................................................................................................................................................................
          C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Hash\_SHA384.pyd
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
          Category:dropped
          Size (bytes):26624
          Entropy (8bit):5.843159039658928
          Encrypted:false
          SSDEEP:768:2HJh9k54Stui0gel9soFdkO66MlPGXmXcCkyk:2H6Ju/FZ6nPxM6k
          MD5:8B59C61BB3A3ADFBB7B8C39F11B8084B
          SHA1:49595C3F830422FEF88D8FBAF003F32EF25501CE
          SHA-256:FBD9CDD873EAFAD3C03C05FFEB0D67F779C2D191389351FE2D835E7D8ECA534F
          SHA-512:6FEDCC8631723B63D3D8CAD6D57953EB356C53814FD6F1ECA6299E2A5272F67C58090D339B5E6BB1DA15F7BEB451FCC9A41129AB7F578155A17BBE0C1D385AA6
          Malicious:false
          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F.f.......................................$....................................................Rich....................PE..d...Y."`.........." .....H..."......T.....................................................`..........................................k......hl..d...............................$...pd...............................d..8............`...............................text....F.......H.................. ..`.rdata.......`.......L..............@..@.data...(............^..............@....pdata...............`..............@..@.rsrc................d..............@..@.reloc..$............f..............@..B................................................................................................................................................................................................................................................
          C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Hash\_SHA512.pyd
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
          Category:dropped
          Size (bytes):26624
          Entropy (8bit):5.896939915107
          Encrypted:false
          SSDEEP:768:VxpB9/i4z5tui0gel9soFdkO66MlPGXmXcPtOJkw:Vx11u/FZ6nPxM8k
          MD5:6A84B1C402DB7FE29E991FCA86C3CECF
          SHA1:FC62477E770F4267C58853C92584969B2F0FEBE2
          SHA-256:CF8FD7B6BBC38FE3570B2C610E9C946CD56BE5D193387B9146F09D9B5745F4BC
          SHA-512:B9D1195429E674778A90262E0A438B72224B113B7222535DAA361222DEE049C9929481D6E1138117655EAE9B2735D51638209A6EF07963F5249AD74F0BFD75C6
          Malicious:false
          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F.f.......................................$....................................................Rich....................PE..d...Z."`.........." .....H..."......T.....................................................`..........................................l.......l..d...............................$....d...............................e..8............`...............................text...xG.......H.................. ..`.rdata..H....`.......L..............@..@.data...(............^..............@....pdata...............`..............@..@.rsrc................d..............@..@.reloc..$............f..............@..B................................................................................................................................................................................................................................................
          C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Hash\_ghash_clmul.pyd
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
          Category:dropped
          Size (bytes):12800
          Entropy (8bit):4.957384431518367
          Encrypted:false
          SSDEEP:192:PUBpDmr37utd9PHv2O3sER2fi2s4DLUgdLl:zDit6O3sa4XUO
          MD5:1D49E6E34FE84C972484B6293CC2F297
          SHA1:3A799DB7102912DA344112712FD2236A099C7F5E
          SHA-256:B2FD9F57815B3F7FFC3365D02510B88DBE74AB1EFF8BE9099DC902412057244D
          SHA-512:CAD8FCC78006D643590C3D784C2DF051B8C448DE457B41507F031C9D7891036AD3F8E00B695D92F5138C250B2426A57C16F7293237054A245FF08B26AD86CF25
          Malicious:false
          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............................@......................@.......@.......@.......f.......f.......f.......f.......Rich............................PE..d...\."`.........." ................T.....................................................`..........................................8.......8..d....`.......P...............p..$....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......(..............@....pdata.......P.......*..............@..@.rsrc........`......................@..@.reloc..$....p.......0..............@..B........................................................................................................................................................................................................................................
          C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Hash\_ghash_portable.pyd
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
          Category:dropped
          Size (bytes):13312
          Entropy (8bit):5.014628606839607
          Encrypted:false
          SSDEEP:192:lUBpDmr37utd9PVv27c0qKzLF4DHxXUcDLU/:9DitwzvV4DREiU/
          MD5:CDD1A63E9F508D01EEBEE7646A278805
          SHA1:3CB34B17B63F2F61C2FA1B1338D0B94CF9EE67AF
          SHA-256:AB96945D26FEF23EF4B12E1BD5B1841CFECB8B06AB490B436E3F1A977A7F5E8B
          SHA-512:5F136D8EBFE6AC43846C4820FF8A3C81D991FCACC219C23DDD0674E75B930A1A948D02925BCC7BD807F5A68F01F65B35037B8A193143EB552D224E1DD906C158
          Malicious:false
          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F................K........................&.......................................'............Rich....................PE..d...\."`.........." ................T.....................................................`..........................................7.......8..d....`.......P..X............p..$....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......*..............@....pdata..X....P.......,..............@..@.rsrc........`.......0..............@..@.reloc..$....p.......2..............@..B................................................................................................................................................................................................................................................
          C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Hash\_keccak.pyd
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
          Category:dropped
          Size (bytes):15360
          Entropy (8bit):5.243633265407984
          Encrypted:false
          SSDEEP:192:QUN0iKNb3NuUPyxfFNhoCoK7e+TcBXJ2kMQ75i6nElDLUH:dYz8JpF39oK6+QBXJ2k775NKU
          MD5:57A49AC595084A19516C64079EE1A4C7
          SHA1:4B188D0E9965AB0DA8D9363FC7FEEE737DF81F74
          SHA-256:D7DA3DC02AC4685D3722E5AF63CA1A8857D53454D59CF64C784625D649897D72
          SHA-512:693989D01070835DC9D487C904F012EE5BE72219E1EEAEC56EE3BC35659192714D8F538BEA30F4849B3A3D4BCF24705EDFE84AD2742F6C8562F6C6215F7917BE
          Malicious:false
          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F.f.......................................$....................................................Rich....................PE..d...[."`.........." ..... ..........T.....................................................`..........................................8.......9..d....`.......P..d............p..$...p2...............................2..8............0...............................text............ .................. ..`.rdata.......0.......$..............@..@.data........@.......2..............@....pdata..d....P.......4..............@..@.rsrc........`.......8..............@..@.reloc..$....p.......:..............@..B................................................................................................................................................................................................................................................
          C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Hash\_poly1305.pyd
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
          Category:dropped
          Size (bytes):14848
          Entropy (8bit):5.253962925838046
          Encrypted:false
          SSDEEP:192:t39lJPKBb3+ujPH/41fPnVSEsV3+ldpCArU8vOjpDLUFDdA:V9wzdz/afPCV3YdjdvMUFpA
          MD5:C19895CE6ABC5D85F63572308BD2D403
          SHA1:6B444E59112792B59D3BA4F304A30B62EEBD77FA
          SHA-256:1BCA3479A4CC033E8BC3B4DD8DCC531F38E7B7FE650A7DA09120CCAC100D70A4
          SHA-512:D8D493D51DE052F2A0BB18C4CD6F5E15AB5D5CCB3276D38DDA44382746656618560878359D6C95A76B223CBD4B2CD39C817EC7FC3108EED5D541CF4BD95AAA14
          Malicious:false
          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F.f.......................................$....................................................Rich....................PE..d...\."`.........." ................T.....................................................`..........................................8......h9..d....`.......P..|............p..$....1...............................1..8............0...............................text............................... ..`.rdata.......0......."..............@..@.data........@.......0..............@....pdata..|....P.......2..............@..@.rsrc........`.......6..............@..@.reloc..$....p.......8..............@..B................................................................................................................................................................................................................................................
          C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Math\_modexp.pyd
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
          Category:dropped
          Size (bytes):32768
          Entropy (8bit):5.913715253597897
          Encrypted:false
          SSDEEP:384:4ea6OoLEx/fpMgEXNSNk/IppSQDLw16UADNIz7Izy+3O3nCpDN+cGJVtV81UpSu8:44OoMpMgqSpz41ht7EOeYcUV4ipwr
          MD5:150F31A18FDCCB30695E8A11B844CB9A
          SHA1:85A333C8A866AAFBF6B3766CED0B7079A2358C42
          SHA-256:D26D543EFC9A6C3D5BA52FFC55965A2C3DBB7E634776EF6C1789E5DF8E4DF3E5
          SHA-512:DDFE93CBE315E060A8F0B3863A1675D8F156BF84F157CD7BCBD7EC57F88C72DD21E6C2A5077A142D828DAD0C40149EE4064C34E6EE26787A8B32D4AC9A18E1CA
          Malicious:false
          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........P.R.>.R.>.R.>.[...V.>..?.P.>.F.?.Q.>.R.?.{.>..;.Y.>..:.Z.>..=.Q.>..6.V.>..>.S.>....S.>..<.S.>.RichR.>.........PE..d...i."`.........." .....V...,............................................................`..........................................~..d.......d...............T...............$....q...............................q..8............p..(............................text...(U.......V.................. ..`.rdata.......p.......Z..............@..@.data...H............n..............@....pdata..T............t..............@..@.rsrc................|..............@..@.reloc..$............~..............@..B........................................................................................................................................................................................................................................................
          C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Protocol\_scrypt.pyd
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
          Category:dropped
          Size (bytes):12288
          Entropy (8bit):4.725087774300977
          Encrypted:false
          SSDEEP:192:N942/KIb3bu95Pp2abc64uVNn4DLUOVdB:FJzCxl464aGUOf
          MD5:66052F3B3D4C48E95377B1B827B959BB
          SHA1:CF3F0F82B87E67D75B42EAAB144AE7677E0C882E
          SHA-256:C9A6A7D7CE0238A8D03BCC1E43FD419C46FAEA3E89053355199DEDF56DADAFA4
          SHA-512:9A7F45CE151890032574ED1EF8F45640E489987DC3AF716E5D7F31127BA3675E1F4C775229184C52D9A3792DF9CB2B3D0D3BE079192C40E900BA0CC69E8E3EE5
          Malicious:false
          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........./...A...A...A.......A.@.@...A...@...A...@..A.@.D...A.@.E...A.@.B...A.f.I...A.f.A...A.f....A.f.C...A.Rich..A.........................PE..d...b."`.........." ................T.....................................................`.........................................P8..d....8..d....`.......P..4............p..$....1...............................1..8............0...............................text...X........................... ..`.rdata.......0......................@..@.data........@.......&..............@....pdata..4....P.......(..............@..@.rsrc........`.......,..............@..@.reloc..$....p......................@..B........................................................................................................................................................................................................................................
          C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\PublicKey\_ec_ws.pyd
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
          Category:dropped
          Size (bytes):748032
          Entropy (8bit):7.627003962799197
          Encrypted:false
          SSDEEP:12288:b3HtKHoxJ8gf1266y8IXhJvCKAmqVLzcrZgYIMGv1iLD9yQvG6h:b3NKHoxJFf1p34hcrn5Go9yQO6
          MD5:B96D4854F02D932D9D84DB7CE254C85A
          SHA1:61F8F284EEB65B21A5373DA85270802B9E0ABBF4
          SHA-256:E73BC5D362A1439FD87BF3901D5B2D4534B50E3B935C841F25D3C49BF3D4D7EE
          SHA-512:1FDE226034F48B29143E1B3042FB42C91BE8DE5DDC53B2F2FA3DAB1CCA99FB34AF3A8FB57B0CB5B152943BE156B4521DAE04FB80B08EC04A3F371E30D137297A
          Malicious:false
          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........j.2...a...a...a.sba...alz.`...a.`.`...a...a...alz.`...alz.`...alz.`...aJy.`...aJy.`...aJy.a...aJy.`...aRich...a........................PE..d...g."`.........." .....V................................................................`.........................................p_.......a..d...............H...............0....H...............................I..8............p..(............................text....T.......V.................. ..`.rdata.......p.......Z..............@..@.data...X....p.......P..............@....pdata..H............X..............@..@.rsrc................f..............@..@.reloc..0............h..............@..B........................................................................................................................................................................................................................................
          C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Util\_cpuid_c.pyd
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
          Category:dropped
          Size (bytes):10240
          Entropy (8bit):4.662736103035243
          Encrypted:false
          SSDEEP:96:5y8MdJTCaDAH37Belrzu1x/r8qJ7pfJsPG6Q9qHaGi0oYAsDJ9UqvA:0TdJTlDmNelrzuLFf0Qd03DLU
          MD5:E17F1BA35CF28FA1DDA7B1EC29573E0E
          SHA1:6EB63305E38BD75931E3325E0C3F58F7CB3F2AD0
          SHA-256:D37CCB530F177F3E39C05B0CA0A70661B2541CCAF56818DAD4FCF336EEED3321
          SHA-512:8E7AF8712592084178E3B93FE54E60AC32A774D151896AFEE937CDB3BB9F629F4B597F85AF9B56A1C14612121357FC0DDAA45E71D91B13C36E88292D3050A1B9
          Malicious:false
          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........mr..............t......,}.......g..............,}......,}......,}.......~.......~.......~.......~......Rich............................PE..d...`."`.........." ................T........................................p............`..........................................'..|...|'..P....P.......@...............`..$....!...............................!..8............ ...............................text............................... ..`.rdata..H.... ......................@..@.data...H....0....... ..............@....pdata.......@......."..............@..@.rsrc........P.......$..............@..@.reloc..$....`.......&..............@..B........................................................................................................................................................................................................................................
          C:\Users\user\AppData\Local\Temp\_MEI59442\Cryptodome\Util\_strxor.pyd
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
          Category:dropped
          Size (bytes):10240
          Entropy (8bit):4.620728904455609
          Encrypted:false
          SSDEEP:96:5Z8MdJTCaDAH37Belrzu1x/r8qJ7pfJsPG6QgcfPPYdsDJ9UKvb:nTdJTlDmNelrzuLFf0Q5P3DLU
          MD5:3369F9BB8B0EE93E5AD5B201956DC60F
          SHA1:A5B75CBD6CE905A179E49888E798CD6AE9E9194D
          SHA-256:5940E97E687A854E446DC859284A90C64CF6D87912C37172B8823A8C3A7B73DF
          SHA-512:C4E71D683BE64A8E6AB533FA4C1C3040B96D0BE812EA74C99D2D2B5D52470C24B45D55366A7ACB9D8CDA759A618CBAF0D0A7ECFEF4C0954DF89FDB768D9893E2
          Malicious:false
          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........mr..............t......,}.......g..............,}......,}......,}.......~.......~.......~.......~......Rich............................PE..d...b."`.........." ................T........................................p............`..........................................&..t...d'..P....P.......@...............`..$....!...............................!..8............ ...............................text...x........................... ..`.rdata..0.... ......................@..@.data...H....0....... ..............@....pdata.......@......."..............@..@.rsrc........P.......$..............@..@.reloc..$....`.......&..............@..B........................................................................................................................................................................................................................................
          C:\Users\user\AppData\Local\Temp\_MEI59442\Include\pyconfig.h
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:C source, ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):20968
          Entropy (8bit):5.299505749559475
          Encrypted:false
          SSDEEP:384:rG3tApdkHRMxURInz/8BsRV4igeaX8Ji2MgsdgTaXgDl:rG3tAp9gSEIaafZXvl
          MD5:D05B864E86C9798E387D0EDAB3E39ADD
          SHA1:EC4504D65B7DF6880ACD9193B9D23B42EE65BAE8
          SHA-256:07B81E3ACD9A6235FD5FFD40EBF20983DFCE021EC1AA6AD0FE65D77C2D85C296
          SHA-512:E25451280E8270D96BD1AD92426B387B204DB05D3147BAC565D811C8C7DC69028236A9CAB145D87DBD90EC9262AECE4D25F0D2AFA0686556C265DD86E9B7E476
          Malicious:false
          Preview: #ifndef Py_CONFIG_H..#define Py_CONFIG_H..../* pyconfig.h. NOT Generated automatically by configure.....This is a manually maintained version used for the Watcom,..Borland and Microsoft Visual C++ compilers. It is a..standard part of the Python distribution.....WINDOWS DEFINES:..The code specific to Windows should be wrapped around one of..the following #defines....MS_WIN64 - Code specific to the MS Win64 API..MS_WIN32 - Code specific to the MS Win32 (and Win64) API (obsolete, this covers all supported APIs)..MS_WINDOWS - Code specific to Windows, but all versions...Py_ENABLE_SHARED - Code if the Python core is built as a DLL.....Also note that neither "_M_IX86" or "_MSC_VER" should be used for..any purpose other than "Windows Intel x86 specific" and "Microsoft..compiler specific". Therefore, these should be very rare.......NOTE: The following symbols are deprecated:..NT, USE_DL_EXPORT, USE_DL_IMPORT, DL_EXPORT, DL_IMPORT..MS_CORE_DLL.....WIN32 is still required for the locale modul
          C:\Users\user\AppData\Local\Temp\_MEI59442\SnapshotLogExtractor.exe.manifest
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):1508
          Entropy (8bit):5.28204358975334
          Encrypted:false
          SSDEEP:24:2dt4+iNoDgOMPgi0iiNK+bkgxIme7cb3jgMkb4+GE:cSFKgOSEK+bkgxImeMcn3GE
          MD5:0950C0B3DC0F795A1D08F361FD6CC4D4
          SHA1:5CDEA189E431311AA236988C0DC0570D2DC48A78
          SHA-256:38EB983BDF185D50BBEA8AB2F97B2B4F1A16BF2BB0FBB810A614535EB68A00A6
          SHA-512:2AC607DF23C004DB672E1496A4597F3ED72519987394CED348879A55CBC13831ED7D260905B4BED5B826802A24DF53CC713688F02F4806B8B69E3B2E8D91F2B3
          Malicious:true
          Preview: <?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <assemblyIdentity type="win32" name="SnapshotLogExtractor" processorArchitecture="amd64" version="1.0.0.0"/>.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false"/>.. </requestedPrivileges>.. </security>.. </trustInfo>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" language="*" processorArchitecture="*" version="6.0.0.0" publicKeyToken="6595b64144ccf1df"/>.. <compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"/>.. </dependentAssembly>.. </dependency>.. <compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">.. <application>.. <supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/>.. <supportedOS Id="{35138b9a-5d
          C:\Users\user\AppData\Local\Temp\_MEI59442\VCRUNTIME140.dll
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
          Category:dropped
          Size (bytes):94088
          Entropy (8bit):6.4315064777018955
          Encrypted:false
          SSDEEP:1536:bS6NH9M7vShoxXqYGZLAy10i5XNS83NT/sM9MYDiRecbbVKKoB98:bFRmxXqX0yvX7mHYWRecbb8l
          MD5:7942BE5474A095F673582997AE3054F1
          SHA1:E982F6EBC74D31153BA9738741A7EEC03A9FA5E8
          SHA-256:8EE6B49830436FF3BEC9BA89213395427B5535813930489F118721FD3D2D942C
          SHA-512:49FBC9D441362B65A8D78B73D4FDCF988F22D38A35A36A233FCD54E99E95E29B804BE7EABE2B174188C7860EBB34F701E13ED216F954886A285BED7127619039
          Malicious:false
          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......(r%Ml.K.l.K.l.K....n.K.ek..g.K.l.J.@.K..bH.a.K..bO.|.K..bN.s.K..bK.m.K..b..m.K..bI.m.K.Richl.K.........................PE..d...".._.........." .........^............................................................`A.........................................1..4....9.......p.......P.......L...#..........H...T...............................8............................................text............................... ..`.rdata...?.......@..................@..@.data...@....@.......4..............@....pdata.......P.......8..............@..@_RDATA.......`.......D..............@..@.rsrc........p.......F..............@..@.reloc...............J..............@..B................................................................................................................................................................................................................
          C:\Users\user\AppData\Local\Temp\_MEI59442\_asyncio.pyd
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
          Category:dropped
          Size (bytes):65200
          Entropy (8bit):5.936135132210556
          Encrypted:false
          SSDEEP:768:1KtLESSSKuyDjnU8qHM60tWqJsCOjzBa36SWWASQHxIrYndRTgDG4yOGdBhi:1eoSnKJX8Lk6SWWAJHxIrYnrTsyOX
          MD5:3A5FBFDC3091114488BC30CC1873365B
          SHA1:A4DA519A41CE499430F5FEA6F731F59B41E8031D
          SHA-256:A055E2B17CBA4199B48DB6848E44543399870958F49B1AFCE10534C46298EF2A
          SHA-512:00E08A09F7124E3E300A834796CC106CE07F8801749DC2CE451D5397ED822C2B3C602C20344B44C608C4FC0048CAC6897748DAAB91D80A1BE877A9C44E531DC1
          Malicious:false
          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......V.................a........................................I..........................................Rich....................PE..d...../`.........." .....`................................................... ............`............................................P...@...d...................................@v..T............................v..8............p..0............................text....^.......`.................. ..`.rdata..0J...p...L...d..............@..@.data.... ..........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................
          C:\Users\user\AppData\Local\Temp\_MEI59442\_bz2.pyd
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
          Category:dropped
          Size (bytes):86704
          Entropy (8bit):6.4231520665801645
          Encrypted:false
          SSDEEP:1536:9935WVusUjdXTR0HKFOtqb+6F1nVOnV8gOHiS3CUI5IrMVvLhyI:rMYXTBFOtqt1nVOnagOHiS3C15IrMVTr
          MD5:5A8B3602B3560868BD819B10C6343874
          SHA1:73A5CE4D07479894F24B776EB387ABD33DEB83A9
          SHA-256:00D2F34AEE55B473BCC11838469B94A62D01FDF4465E19F7D7388C79132F019E
          SHA-512:2F2F8305FD8853C479B5D2A442110EFC3AD41A3C482CD554EBCC405FCF097E230F5CD45DBFB44050B5BD6FAE662CE7CAC0583C9784050F0C7D09A678768587DB
          Malicious:false
          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........;.8.Z.k.Z.k.Z.k."Sk.Z.k.+.j.Z.k5..k.Z.k.+.j.Z.k.+.j.Z.k.+.j.Z.k<(.j.Z.k.2.j.Z.k.Z.k.Z.k<(.j.Z.k<(.j.Z.k<(?k.Z.k<(.j.Z.kRich.Z.k........PE..d...../`.........." .........f......................................................0`....`..........................................&..H....&.......`.......P..L....6.......p...... ...T...............................8...............@............................text...V........................... ..`.rdata...B.......D..................@..@.data........@......................@....pdata..L....P....... ..............@..@.rsrc........`.......*..............@..@.reloc.......p.......4..............@..B........................................................................................................................................................................................................................................
          C:\Users\user\AppData\Local\Temp\_MEI59442\_ctypes.pyd
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
          Category:dropped
          Size (bytes):127152
          Entropy (8bit):5.909438043992169
          Encrypted:false
          SSDEEP:3072:iKsh+SFyRF8Awspd/+0iuzQklotv++frZA0wrboVIrBPX:BFSFyM2MklgfrZQYs
          MD5:E1EF9F5C77B01C82CF72522EC96B2A11
          SHA1:E83DAA56A104F6EA6235822C644B6554C3958CFE
          SHA-256:A79CF8259890D5843CF8EAF29DB8DBD4BFABED50F4D859756F93AC2B30617023
          SHA-512:4231EC5B06EFFAE6497BF62853B79420529CABAEE6B58F519C3C30BDD42C925E85979C29C2DB0747DCFF3F99F3B19DC02ECE96347E08CF49EB0ABB1E19238C01
          Malicious:false
          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......jzQ...?...?...?.'c..(.?..j>.,.?..j:.%.?..j;.&.?..j<.*.?..i>.,.?.us;./.?.us>.(.?..r>.-.?...>...?..i2.(.?..i?./.?..i../.?..i=./.?.Rich..?.................PE..d...../`.........." ................._....................................... ......#c....`.........................................pt.......t.......................................,..T........................... -..8............ ...............................text...)........................... ..`.rdata..rp... ...r..................@..@.data...D?.......:...x..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................
          C:\Users\user\AppData\Local\Temp\_MEI59442\_decimal.pyd
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
          Category:dropped
          Size (bytes):270512
          Entropy (8bit):6.519323984264977
          Encrypted:false
          SSDEEP:6144:DT5I6qDoelE8pbeLraagpKGpRwnKtlE0ZzmylUQ9qWMa3pLW1AeW77CDNvFFF:D4Dox816Pgp7/9LfwtFF
          MD5:77510DBA8F87D26741D0A2501D61AD48
          SHA1:FFF70DDCBB5DDF34419A4196A341BFFF52D2D3EE
          SHA-256:6C5BA4AD0C7B89B83E2A0A2C6CC4927992AA0ADC449EEA6AACAAFF2B55F544F6
          SHA-512:9B84491BFBB5523B9C73580A8E434AD87A0CCC540FE9D522EE97324C9C20A68D1F45ADC712DADD2D3966C4D613AD40B8000A2DE4B44A7268020E461D21ABF284
          Malicious:false
          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........)..H...H...H...0...H...9...H...9...H...9...H...9...H...:...H... ...H...H...H...:...H...:...H...:...H...:{..H...:...H..Rich.H..........PE..d...../`.........." .........J...............................................0............`.........................................P...P........................,........... ..`...p...T...............................8...............(............................text............................... ..`.rdata..............................@..@.data...X*.......$..................@....pdata...,..........................@..@.rsrc...............................@..@.reloc..`.... ......................@..B........................................................................................................................................................................................................................................
          C:\Users\user\AppData\Local\Temp\_MEI59442\_hashlib.pyd
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
          Category:dropped
          Size (bytes):66224
          Entropy (8bit):6.045178683083549
          Encrypted:false
          SSDEEP:768:Kyz+AYBO+TSDBUx/tF5IzZL0fpdM9M9GD2Fe7POoJd3xIrYIFwDG4ylq+h2L:7f+TSVyFy1kYuGM4OozxIrYIuyoL
          MD5:8F7EDAFF246C46DBF09AB5554B918B37
          SHA1:C14C33B14419F5D24FB36E5F1BF1760A9C63228B
          SHA-256:9154B36C178D84A901EDAD689A53148451EF3C851A91447A0654F528A620D944
          SHA-512:1947A1010FA1B07671AA471D5821792DEE7F2B0CD1937D3F944CD0201A299E6CB37A41DEBBBD1BC6E774186F6D08AD6264055CBA7652B0D5BD22691431CB360E
          Malicious:false
          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........d..J...J...J...C}M.N....t..H....t..A....t..B....t..I....w..H....m..H....l..I...J........w..K....w..K....w!.K....w..K...RichJ...........PE..d...../`.........." .....d..........XC.......................................0......@.....`.............................................P.................................... ..........T...........................P...8............................................text....b.......d.................. ..`.rdata..8R.......T...h..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B........................................................................................................................................................................................................................................
          C:\Users\user\AppData\Local\Temp\_MEI59442\_lzma.pyd
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
          Category:dropped
          Size (bytes):162992
          Entropy (8bit):6.7688653597526125
          Encrypted:false
          SSDEEP:3072:tjV4GSDhSGLHujkOqWAgyWl02t9T+6znfo9mNovFUgirYDz5IrD1l9:tjV4GSDhNLHfOqAR+MwYOvFGrYfs
          MD5:CAA58290AB4414E2E22CC0B6FF4B2D29
          SHA1:840902AAF7DB40DA17018776E5C842014C3A81AC
          SHA-256:185D407BCCA7399C458133F2CE1EFA938352B8093B2DE040C91C3C3088AB173F
          SHA-512:A82E380AB1676424E52A36C08EABD572375DD36A7FE2B9DF51D48C368AED6C04B0B3674BC6A9787EFEDD0ED70BB1869ED1A2F3A1F4238485710092B9CBADD00E
          Malicious:false
          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^..h...;...;...;..V;...;...:...;...:...;...:...;...:...;...:...;A..:...;...;x..;...: ..;...:...;..:;...;...:...;Rich...;................PE..d...../`.........." .....|...........2....................................................`..........................................6..L....7..x............`.......`..........4...x...T..............................8...............8............................text....z.......|.................. ..`.rdata..............................@..@.data........P.......4..............@....pdata.......`.......<..............@..@.rsrc................T..............@..@.reloc..4............^..............@..B........................................................................................................................................................................................................................................
          C:\Users\user\AppData\Local\Temp\_MEI59442\_multiprocessing.pyd
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
          Category:dropped
          Size (bytes):29872
          Entropy (8bit):6.105536609142348
          Encrypted:false
          SSDEEP:768:0DiX93BNuE/eglCp7nBIrAt/5YDG4yTGhP:L3JCp7nBIrAt/qyTI
          MD5:BC608CE15EF2A69C79FF9FFD5F5F074A
          SHA1:3034BF16A074BFC35764749165C7A7853BA595B9
          SHA-256:25857B22FBB275FC2524DFC468731912F93BB52A744FD20410EB29EC6986FC8E
          SHA-512:397049A1C223B093A96D0490E1CE2E542F85CC878C1753454671B782873C61653162F5BE4689072647CC7D9779BAEFA91E315049982924CD6F1799D77B8DFFA5
          Malicious:false
          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........E..f+..f+..f+......f+.F.*..f+.F....f+.F./..f+.F.(..f+.o.*..f+...*..f+..f*..f+.o.&..f+.o.+..f+.o....f+.o.)..f+.Rich.f+.................PE..d...../`.........." ....."...8......X...............................................z.....`.........................................0Q..`....Q..x............p.......X...............C..T............................C..8............@...............................text...s .......".................. ..`.rdata.......@.......&..............@..@.data...x....`.......B..............@....pdata.......p.......H..............@..@.rsrc................L..............@..@.reloc...............V..............@..B........................................................................................................................................................................................................................................
          C:\Users\user\AppData\Local\Temp\_MEI59442\_overlapped.pyd
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
          Category:dropped
          Size (bytes):46256
          Entropy (8bit):6.1056092355093625
          Encrypted:false
          SSDEEP:768:BZ1zGwqrwi+3B7U3Nw6GCFoYWERxPRhXjxbwK0tIrttdq+DG4y2hF:B/qfkMw67RhXjxUjtIrttdqqys
          MD5:60AF9DF3C5D25C193D73A566E763B0B8
          SHA1:A87C3285FF6F59528611F42577D30DBF35827B45
          SHA-256:C63632BF1B28F7F1007FF093A9EF3D034CB9480FC373C29E06A407B223B6DDFF
          SHA-512:57C33929EC284013E88696AB7C099D570D0211D99F8E2027F1D8DB9AE66810CCBA6992959A2D543929F59BFC67CC4D1CC9264046E02DF9CD119C3B1D2EC41A20
          Malicious:false
          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........h....................j.......j.......j.......j.......C...............................C.......C.......C.......C.......Rich....................PE..d...../`.........." .....B...X......X.....................................................`.............................................X.......................................... g..T............................g..8............`...............................text....A.......B.................. ..`.rdata...5...`...6...F..............@..@.data...p............|..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................
          C:\Users\user\AppData\Local\Temp\_MEI59442\_queue.pyd
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
          Category:dropped
          Size (bytes):29360
          Entropy (8bit):6.0985444711613725
          Encrypted:false
          SSDEEP:384:h9UfkQsgFJvU2S66i6rEM3ay3njs+cEFVIrmUZDG4y8EnXrhGr:ysg/vT6rEM3XAAVIrmUZDG4yTbhGr
          MD5:671A9AC9B34F07ADA65BF1635E4626C5
          SHA1:D4A6E478CAAACDBDB52F57D12E16BA96671D30F2
          SHA-256:3F1FC09B3F0A5C8C7AFF4223D002952AB26F462AA390940A9F00454815204739
          SHA-512:92617258EF747F93AB2C378F5C9A2AAC14668D834DF15939C1EF83A555490B9EE3380D7341BEE60C33057482736A595593749B8794DDEAA9649339363095108C
          Malicious:false
          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......V.................m........................................I...........V...............................Rich....................PE..d...../`.........." .........:......................................................j]....`.........................................`C..L....C..d....p.......`..0....V..............03..T............................3..8............0..@............................text............................... ..`.rdata..h....0......."..............@..@.data... ....P.......@..............@....pdata..0....`.......F..............@..@.rsrc........p.......J..............@..@.reloc...............T..............@..B........................................................................................................................................................................................................................................
          C:\Users\user\AppData\Local\Temp\_MEI59442\_socket.pyd
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
          Category:dropped
          Size (bytes):80048
          Entropy (8bit):6.1373349418022105
          Encrypted:false
          SSDEEP:1536:pcuyMvO1TOvmy28K3XOAW9/s+m+pB7WBSrpZVjs7VIrBwFyUa7:tKOvCOAW9/sb+pEBSrbaVIrBwa
          MD5:E71C0C49F7E2BD39CAFEED1DCA29455B
          SHA1:22CB314298C6C38E3246F73DC7277ED00D6B8449
          SHA-256:3B0EA76A2B0CAABF5B8994D3789778575ECBF2831ACAF4D53D274E265D271622
          SHA-512:4C09599C7C93427B30A011CC39738983C79F0835292E5C0E7E19F6329F33810773D0E97E20F4698D22B6D0B8B643521BC3CE318C890366872ED26B6D3DAB5C05
          Malicious:false
          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...................&...P....P....P....P....y...........W...y....y....y.J...y....Rich..................PE..d...../`.........." .....z...........(.......................................`............`.........................................p...P............@.......0...............P.........T...........................0...8............................................text..."y.......z.................. ..`.rdata...y.......z...~..............@..@.data...(...........................@....pdata.......0......................@..@.rsrc........@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................
          C:\Users\user\AppData\Local\Temp\_MEI59442\_ssl.pyd
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
          Category:dropped
          Size (bytes):154288
          Entropy (8bit):5.923322166762792
          Encrypted:false
          SSDEEP:3072:XaMiyO3ZrA0be4qd8yKN9zyrcOmcq7SJdWXxoyp6jRKRQp5IrM70Vr:XaMiLrAmeb87vyri7ShRKR44
          MD5:39919E97DC418E0099B2A0BB332A8C77
          SHA1:F04C9D78B3D5E2A95EA3535C363D8B05D666D39E
          SHA-256:B38B09BF0421B1F49338DED8021D7BC56BE19902D9B21A9B6E9C8DF448F93EB2
          SHA-512:F179EBE84AE065ED63E71F2855B2B69CDEDFC8BE70DACE0EB07C8B191768EACE1312562E27E77492481F214F85D31F35C88C2B1F7A3881CEE9DFFFFA7FFC668A
          Malicious:false
          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........T...5..5..5..Mt..5.RD..5.RD..5.RD..5.RD..5.{G..5.I\..5.]..5..5.4.{G..5.{G..5.{G...5.{G..5.Rich.5.........PE..d...../`.........." .........................................................p............`.............................................d............P.......@.......>.......`..........T...............................8............................................text...I........................... ..`.rdata..(...........................@..@.data....k.......f..................@....pdata.......@......................@..@.rsrc........P.......&..............@..@.reloc.......`.......0..............@..B........................................................................................................................................................................................................................................
          C:\Users\user\AppData\Local\Temp\_MEI59442\_tkinter.pyd
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
          Category:dropped
          Size (bytes):65200
          Entropy (8bit):6.108382719080725
          Encrypted:false
          SSDEEP:768:CeVy+EmB0pT3r+nLDAttIJvFkkfkUwvMB6hcvJ0ewyWtttKhxIrYS+DG4yXh8:Cu4SobA0t0FUdm6hcB0Dy82hxIrYSqyu
          MD5:A0C85C0A2093BA39CB6C8595FB0EE28E
          SHA1:685D9B062F77EEB61ADBD86430FFA12EB5155A8A
          SHA-256:6D894E7E0E2CE8852DC20DCAF779F4AF5A5B9B3D498A5AF88EA6D23381D1F43E
          SHA-512:9C9AED39AAFEF337DFD28A4889C15B205C072A3472983C154A64426C912BBD9C08EC4F20E496D350AFB6E12898C4F3883F555B642E640C0D331C6D8219EA3D21
          Malicious:false
          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........}!...OG..OG..OG.d.G..OG.mNF..OG.mJF..OG.mKF..OG.mLF..OG.nNF..OG.tNF..OG.tNF..OG..NGC.OG.nBF..OG.nOF..OG.n.G..OG.nMF..OGRich..OG........PE..d...../`.........." .....z...j............................................... ............`.............................................P...................................... ......T...........................0...8............................................text....x.......z.................. ..`.rdata...C.......D...~..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc.. ...........................@..B........................................................................................................................................................................................................................................
          C:\Users\user\AppData\Local\Temp\_MEI59442\base_library.zip
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:Zip archive data, at least v2.0 to extract
          Category:dropped
          Size (bytes):790865
          Entropy (8bit):5.442377989158696
          Encrypted:false
          SSDEEP:12288:V6FbkKgHyL3ZvXZIfshpBnLVy0pfqEg86PDF+PPdHfk18m:8FbkHStvXHpBnLVy0pfqEgVPeHflm
          MD5:F6214CDE3A7663C427609251E7C20CDE
          SHA1:61CA41712EE1D01D7948E1FC0FEDE6ACA81AA7D1
          SHA-256:3C6FB7BB4F1CA2FA8679DD0799B33DD1E9DFDE1BF030B872367BD53F8EEF3981
          SHA-512:3FB8EDBA7182AFB05A11DAAF19129779078DEB667A8263FD362A5DD2FB72EDB690EF05A62D351044A20850C31925942E5E120C73F3B8BF8EB5BF6F0BEB174EFC
          Malicious:false
          Preview: PK..........!..*.N............_bootlocale.pyca.......C.O.o..v.....................@...sx...d.Z.d.d.l.Z.d.d.l.Z.e.j...d...r,d.d.d...Z.nHz.e.j...W.n2..e.yh......e.e.d...rZd.d.d...Z.n.d.d.d...Z.Y.n.0.d.d.d...Z.d.S.).z.A minimal subset of the locale module used at interpreter startup.(imported by the _io module), in order to reduce startup time...Don't import directly from third-party code; use the `locale` module instead!......N..winTc....................C...s....t.j.j.r.d.S.t.....d...S.).N..UTF-8.....)...sys..flags..utf8_mode.._locale.._getdefaultlocale....do_setlocale..r.....KC:\Users\williawu\AppData\Local\Programs\Python\Python39\lib\_bootlocale.py..getpreferredencoding....s..........r......getandroidapilevelc....................C...s....d.S.).Nr....r....r....r....r....r....r........s......c....................C...s....t.j.j.r.d.S.d.d.l.}.|...|...S.).Nr....r....).r....r....r......localer....).r....r....r....r....r....r........s............c....................C...s6...|.r.J...t.j.j.r.
          C:\Users\user\AppData\Local\Temp\_MEI59442\libcrypto-1_1.dll
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
          Category:dropped
          Size (bytes):3405504
          Entropy (8bit):6.09493403531493
          Encrypted:false
          SSDEEP:49152:nuTKuk2CoIU6iuUOjPWTLAOh5PlThRLh+dEOO2oXRzos7gUcfjE0OP61gKTNPY6i:jX+/UtO22bC1gAy6x8X1CPwDv3uFfJgf
          MD5:AA811BB63DBD4C5859B68332326F60B1
          SHA1:6E5584D5C59D2F79CBF60C6C71A92ECD7E4E0977
          SHA-256:00A1EEB37372D11559BF44C9E68AF9C841C41C95A173F3DFEC4E0B5923D0CAE0
          SHA-512:DAD9B14F501FD63824480F8801ACD4004DD46F7A6965AC8AB91E573676236A11099F4B7CFDF7B3F6C0CC52A3B2E5D9B50F715F53A1F4F858EA2A5EB15D5092CD
          Malicious:false
          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......x...<.<.<.5.;...n...>.n...7.n...4.n...?.g...7.<.......!.....E.....=...W.=.....=.Rich<.................PE..d...f.._.........." .....d$..........s........................................4..... .4...`.........................................`....h...3.@.....3.|.....1.......3.......4..O...~,.8............................~,...............3..............................text....b$......d$................. ..`.rdata..v.....$......h$.............@..@.data....z...p1..,...J1.............@....pdata..d.....1......v1.............@..@.idata...#....3..$...23.............@..@.00cfg........3......V3.............@..@.rsrc...|.....3......X3.............@..@.reloc...x....4..z...`3.............@..B........................................................................................................................................................
          C:\Users\user\AppData\Local\Temp\_MEI59442\libffi-7.dll
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
          Category:dropped
          Size (bytes):32792
          Entropy (8bit):6.3566777719925565
          Encrypted:false
          SSDEEP:384:2nypDwZH1XYEMXvdQOsNFYzsQDELCvURDa7qscTHstU0NsICwHLZxXYIoBneEAR8:2l0Vn5Q28J8qsqMttktDxOpWDG4yKRF
          MD5:EEF7981412BE8EA459064D3090F4B3AA
          SHA1:C60DA4830CE27AFC234B3C3014C583F7F0A5A925
          SHA-256:F60DD9F2FCBD495674DFC1555EFFB710EB081FC7D4CAE5FA58C438AB50405081
          SHA-512:DC9FF4202F74A13CA9949A123DFF4C0223DA969F49E9348FEAF93DA4470F7BE82CFA1D392566EAAA836D77DDE7193FED15A8395509F72A0E9F97C66C0A096016
          Malicious:false
          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6.3.r}]Ar}]Ar}]A{..Ap}]A .\@p}]A..\@q}]Ar}\AU}]A .X@~}]A .Y@z}]A .^@q}]A..Y@t}]A..^@s}]A..]@s}]A.._@s}]ARichr}]A........................PE..d......].........." .....F...$.......I....................................................`..........................................j.......m..P....................f...............b...............................b...............`.. ............................text....D.......F.................. ..`.rdata..H....`.......J..............@..@.data................^..............@....pdata...............`..............@..@.reloc...............d..............@..B................................................................................................................................................................................................................................................................................
          C:\Users\user\AppData\Local\Temp\_MEI59442\libssl-1_1.dll
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
          Category:dropped
          Size (bytes):689856
          Entropy (8bit):5.527421108285584
          Encrypted:false
          SSDEEP:12288:JSFixJwA4MsFSI8d0q6iMN/sM4uBmxN7llYKk72k4OE1jZO4rRU2lvz:CbStd0eD7ll6ylRlhrRU2lvz
          MD5:2335285F5AC87173BD304EFEDDFA1D85
          SHA1:64558D2150120ABED3514DB56299721C42C6FE58
          SHA-256:1B57A201184559164DEDBDDCB43BB110A18CAFA19EA3D00FC23274CCFC420E94
          SHA-512:82737590D5EC7315CE8485C4794C01BFCCE176CE443740A9F0CF5ADFC3C3ED31A714556D33C1CA56DB486636111D1AD855F606C87E5F322A505C535187CE2BDE
          Malicious:false
          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........#...BkT.BkT.BkT.:.T.BkT.*jU.BkT.*jU.BkT.*nU.BkT.*oU.BkT.*hU.BkT(+jU.BkT.BjThCkT(+oU.BkT(+kU.BkT(+.T.BkT(+iU.BkTRich.BkT........................PE..d......_.........." .....(...H.......%..............................................}.....`.........................................0....N..05..........s.......lK...j..........L.......8........................... ................ ..0............................text...g&.......(.................. ..`.rdata..:%...@...&...,..............@..@.data...!M...p...D...R..............@....pdata...T.......V..................@..@.idata...V... ...X..................@..@.00cfg...............D..............@..@.rsrc...s............F..............@..@.reloc..5............N..............@..B................................................................................................................................................
          C:\Users\user\AppData\Local\Temp\_MEI59442\pyexpat.pyd
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
          Category:dropped
          Size (bytes):190128
          Entropy (8bit):6.322708411184094
          Encrypted:false
          SSDEEP:3072:7vz8d41wUwBapkcqz9dwbW0g+aq4jMVLwKLrCfmI2k9BeFC0O1JAQLRtVIrBhH:7b71wUwBRndwbW0g+pLafm89BeFMPLnS
          MD5:F38C38FA0E17DB7935B92CB827CF0356
          SHA1:4D58B54307DE86D384D246B5577A55DB1DE96EB5
          SHA-256:9E481E46A93F74675A0AC6C9565E6B75511F2E5064F764F7F7E2F77680B41378
          SHA-512:1429B59AC51B1C4D137DB7A985A519A9914CD1184AF53448CBB6675B62151D428CD05818D811CB8A63AE45D80D302F6EEEF28EF7D4723C9A5AE4942F7E424EFD
          Malicious:false
          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ SfFA=5FA=5FA=5O9.5LA=5.0<4DA=5.084MA=5.094NA=5.0>4EA=5.3<4DA=5.)<4EA=5FA<54A=5.304BA=5.3=4GA=5.3.5GA=5.3?4GA=5RichFA=5........PE..d...../`.........." ......................................................................`.............................................P............................................5..T............................6..8............ ...............................text............................... ..`.rdata..\.... ......................@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................
          C:\Users\user\AppData\Local\Temp\_MEI59442\python39.dll
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
          Category:dropped
          Size (bytes):4457136
          Entropy (8bit):6.437891101126715
          Encrypted:false
          SSDEEP:49152:AAm3ZRxE7ySyb1jiL9jGqGkZbxWXd+aG227wtnwvIsuoYSmkAiOFwVwvQoNGPa4F:elbhnwuCf2z/VhfTPLH1M/9wE
          MD5:088904A7F5B53107DB42E15827E3AF98
          SHA1:1768E7FB1685410E188F663F5B259710F597E543
          SHA-256:3761C232E151E9CEAF6C7D37B68DA3DF1962E3106E425CC3937D1F60170F3718
          SHA-512:C5EDC25FD9A37673F769AF1A1FD540B41E68351BC30B44BC83A1D0D4A8FB078888BBB31173A77EF47698631C9816BC05637B499C20D63E3D65457D9AA4BC2C6B
          Malicious:false
          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................9........s......9.......9.......9.........z........................O...........................Rich............PE..d...../`.........." ......#..b#......H........................................F....._.D...`.........................................0J<.......=.|.... F.......C.`.....C......0F..u....$.T............................$.8............0#.`............................text.....#.......#................. ..`.rdata.......0#......"#.............@..@.data.......@=......&=.............@....pdata..`.....C..0...6A.............@..@.rsrc........ F......fC.............@..@.reloc...u...0F..v...pC.............@..B................................................................................................................................................................................................................................................
          C:\Users\user\AppData\Local\Temp\_MEI59442\select.pyd
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
          Category:dropped
          Size (bytes):28848
          Entropy (8bit):6.169348815906495
          Encrypted:false
          SSDEEP:384:NWu7bFrbE4nSG98HhIJg6mwhYtHqmGXYPAr70cEJoVIrmGrDG4y8eFhVjZ:00TSIc6mwhKHqPY8dVIrmGrDG4yfhT
          MD5:1E74BA085EB08A3AFFE5F5FABAAA6CAF
          SHA1:46E3EFBD21DC0A2C7650ED949BC7E7E91B37EFEA
          SHA-256:36BE2A85C1989DC171BDE986950B81D3E9CDA21F1D1BF2F81F7FE15FFEFAD511
          SHA-512:517A109490C3724A630A85471E28FF3C4F96C9810B96F5BAA9B66473EF59ED4055E331C8DA064A53BC12892FB674F417B3485E96F16015E1437CBD2CA67E87D8
          Malicious:false
          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........nC...-...-...-..w....-.$~,...-.$~(...-.$~)...-.$~....-..},...-..g,...-...,...-..} ...-..}-...-..}....-..}/...-.Rich..-.........................PE..d...../`.........." ....."...4......................................................~.....`..........................................Q..L....Q..x............p..T....T..........@....B..T...........................0C..8............@..(............................text.... .......".................. ..`.rdata.......@.......&..............@..@.data........`.......B..............@....pdata..T....p.......D..............@..@.rsrc................H..............@..@.reloc..@............R..............@..B................................................................................................................................................................................................................................
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl86t.dll
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
          Category:dropped
          Size (bytes):1705120
          Entropy (8bit):6.496511987047776
          Encrypted:false
          SSDEEP:24576:umJTd0nVi/Md3bupZkKBhWPRIlq5YZ6a2CXH7oZgKGc+erWJUVWyubuapwQDlaTR:umJTd4iMwXH7oZgKb++BVL4B+GITgr0h
          MD5:C0B23815701DBAE2A359CB8ADB9AE730
          SHA1:5BE6736B645ED12E97B9462B77E5A43482673D90
          SHA-256:F650D6BC321BCDA3FC3AC3DEC3AC4E473FB0B7B68B6C948581BCFC54653E6768
          SHA-512:ED60384E95BE8EA5930994DB8527168F78573F8A277F8D21C089F0018CD3B9906DA764ED6FCC1BD4EFAD009557645E206FBB4E5BAEF9AB4B2E3C8BB5C3B5D725
          Malicious:false
          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........k)...GD..GD..GD.bFE..GD9..D..GD.bDE..GD.bBE..GD.bCE..GD.r.D..GD.jAE..GD.jFE..GD..FD..GD.bOE..GD.bGE..GD.b.D..GD.bEE..GDRich..GD........PE..d......\.........." .....d..........0h.......................................@.......b....`..........................................p..._......T.......0.... ............... .......<...............................=...............................................text....b.......d.................. ..`.rdata...k.......l...h..............@..@.data...."..........................@....pdata....... ......................@..@.rsrc...0...........................@..@.reloc....... ......................@..B........................................................................................................................................................................................................................................
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl8\8.4\platform-1.0.14.tm
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):10012
          Entropy (8bit):4.988870027581882
          Encrypted:false
          SSDEEP:192:oM9irmCuZgxr31nvnaLAlgspxUth+PNkuQmYz6mh8029d2rPYVzXWamv:oM9irmCuixrxvispxUth+IzX29grPKzu
          MD5:AAD7CE4027C713577DF2BC8D35406C13
          SHA1:931262903B347F18AC1BE338524DB851B7AAE5BB
          SHA-256:D4B3D9601454EA4828DFF3BE426C33FB845D005E98D2CC139DBB0D69CAD3168B
          SHA-512:F54362286A3BCC4A421AC1687C6C1986C6575CF7233207D905EBE9217323612663728B8300D5660FC1F5A297BE7D2BFA770F8743C8D115533C3EA8BA5004BC36
          Malicious:false
          Preview: # -*- tcl -*-.# ### ### ### ######### ######### #########.## Overview..# Heuristics to assemble a platform identifier from publicly available.# information. The identifier describes the platform of the currently.# running tcl shell. This is a mixture of the runtime environment and.# of build-time properties of the executable itself..#.# Examples:.# <1> A tcl shell executing on a x86_64 processor, but having a.# wordsize of 4 was compiled for the x86 environment, i.e. 32.# bit, and loaded packages have to match that, and not the.# actual cpu..#.# <2> The hp/solaris 32/64 bit builds of the core cannot be.# distinguished by looking at tcl_platform. As packages have to.# match the 32/64 information we have to look in more places. In.# this case we inspect the executable itself (magic numbers,.# i.e. fileutil::magic::filetype)..#.# The basic information used comes out of the 'os' and 'machine'.# entries of the 'tcl_platform' array. A number of general and.# os/machine specific
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl8\8.4\platform\shell-1.1.4.tm
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:Tcl script, ASCII text
          Category:dropped
          Size (bytes):5977
          Entropy (8bit):4.79231401569641
          Encrypted:false
          SSDEEP:96:Wo05xaJIrnU0gEMydSv+lrnU0gEMPdSvfSrnUN4y1mP3jm5Q1/I+gYQ1KyHe36mV:Wo05xaJsnU0DMAK+5nU0DMFKfunUN4Oc
          MD5:2A8B773513480EFA986D9CE061218348
          SHA1:85763F378A68BA6A1EEE9887CDCF34C14D3AD5BF
          SHA-256:2F812A0550716B88930174A8CA245698427CD286680C0968558AE269AB52440D
          SHA-512:D3EC3891CC897A8ABB949EBA6A055D9283BA6E491E1CAEA132D894E7B3FD3B159E8226E0BBCDF369DB3F0E00AA1E0347E5B1838353E75B8AE114A83016010238
          Malicious:false
          Preview: .# -*- tcl -*-.# ### ### ### ######### ######### #########.## Overview..# Higher-level commands which invoke the functionality of this package.# for an arbitrary tcl shell (tclsh, wish, ...). This is required by a.# repository as while the tcl shell executing packages uses the same.# platform in general as a repository application there can be.# differences in detail (i.e. 32/64 bit builds)...# ### ### ### ######### ######### #########.## Requirements..package require platform.namespace eval ::platform::shell {}..# ### ### ### ######### ######### #########.## Implementation..# -- platform::shell::generic..proc ::platform::shell::generic {shell} {. # Argument is the path to a tcl shell... CHECK $shell. LOCATE base out.. set code {}. # Forget any pre-existing platform package, it might be in. # conflict with this one.. lappend code {package forget platform}. # Inject our platform package. lappend code [list source $base]. # Query and print the architectu
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl8\8.5\msgcat-1.6.1.tm
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:Tcl script, ASCII text
          Category:dropped
          Size (bytes):33935
          Entropy (8bit):4.898273709861797
          Encrypted:false
          SSDEEP:768:joWBAxonz0L7KILBk0U8Vl9NFljRFpGA1TrPiBDxDFP8sCNl:MWBAxgzY7KIL7j1NFl1Fp11/PiBVBksU
          MD5:DB52847C625EA3290F81238595A915CD
          SHA1:45A4ED9B74965E399430290BCDCD64ACA5D29159
          SHA-256:4FDF70FDCEDEF97AA8BD82A02669B066B5DFE7630C92494A130FC7C627B52B55
          SHA-512:5A8FB4ADA7B2EFBF1CADD10DBE4DC7EA7ACD101CB8FD0B80DAD42BE3ED8804FC8695C53E6AEEC088C2D4C3EE01AF97D148B836289DA6E4F9EE14432B923C7E40
          Malicious:false
          Preview: # msgcat.tcl --.#.#.This file defines various procedures which implement a.#.message catalog facility for Tcl programs. It should be.#.loaded with the command "package require msgcat"..#.# Copyright (c) 2010-2015 by Harald Oehlmann..# Copyright (c) 1998-2000 by Ajuba Solutions..# Copyright (c) 1998 by Mark Harrison..#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES...package require Tcl 8.5-.# When the version number changes, be sure to update the pkgIndex.tcl file,.# and the installation directory in the Makefiles..package provide msgcat 1.6.1..namespace eval msgcat {. namespace export mc mcexists mcload mclocale mcmax mcmset mcpreferences mcset\. mcunknown mcflset mcflmset mcloadedlocales mcforgetpackage\.. mcpackageconfig mcpackagelocale.. # Records the list of locales to search. variable Loclist {}.. # List of currently loaded locales. variable LoadedLocales {}.. # Rec
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl8\8.5\tcltest-2.5.0.tm
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:Tcl script, UTF-8 Unicode text
          Category:dropped
          Size (bytes):101389
          Entropy (8bit):4.78335748687105
          Encrypted:false
          SSDEEP:1536:r3UFHL/k3tqN0E7NkhtMcrQ3qoyX2/2rCmTMttfN/CrQnXcwIHmlDB/mizvB21J1:r3UdOAVfnPIHmlDFmiDB21cK/xasmhC
          MD5:D34207F736FA9FC26785A4D87C867A44
          SHA1:24E533DDD16C67E0D0B9ED303A40C9D90ABF3E80
          SHA-256:3BFD9E06826C98490E22B00200488D06C1FE49E3B78E24E985ABC377B04021FE
          SHA-512:1007E5812CBF7D907E33FD769FDC4E9A9D0E68852E91208F5C887A2A86849AF69A11CE4B00358059193A46D17F19C26A255A22C107D30433482A8A0CE7ED0D03
          Malicious:false
          Preview: # tcltest.tcl --.#.#.This file contains support code for the Tcl test suite. It.# defines the tcltest namespace and finds and defines the output.# directory, constraints available, output and error channels,.#.etc. used by Tcl tests. See the tcltest man page for more.#.details..#.# This design was based on the Tcl testing approach designed and.# initially implemented by Mary Ann May-Pumphrey of Sun.#.Microsystems..#.# Copyright (c) 1994-1997 Sun Microsystems, Inc..# Copyright (c) 1998-1999 by Scriptics Corporation..# Copyright (c) 2000 by Ajuba Solutions.# Contributions from Don Porter, NIST, 2002. (not subject to US copyright).# All rights reserved...package require Tcl 8.5-..;# -verbose line uses [info frame].namespace eval tcltest {.. # When the version number changes, be sure to update the pkgIndex.tcl file,. # and the install directory in the Makefiles. When the minor version. # changes (new feature) be sure to update the man page as well..
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl8\8.6\http-2.9.0.tm
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:Tcl script, ASCII text
          Category:dropped
          Size (bytes):108619
          Entropy (8bit):4.834993492587442
          Encrypted:false
          SSDEEP:1536:nFRYkDjVePrJwFR09W9JXvfM/2QXjjCV4ScA4MaLm1r:nF2wjVePrJyRpXv9+CV4S74rLg
          MD5:E9C1DBACE852DE98ECC8906918C3167A
          SHA1:A3CECEC2C8E67EB0BFCAA6E0DF8970440C29175F
          SHA-256:D66A3E47106268C4FDE02F857EFDBBC9C44C9BFC6246B7678919F6DAD3C3B68D
          SHA-512:C830CCA95D8EF2476BFD1B8AA8D0BBD8C557C44989D7398991716DE6F20C075A7FB321ABC0E48A1E5DDF8B4228444678D08761A5FA9D3C417CD58718235F0937
          Malicious:false
          Preview: # http.tcl --.#.#.Client-side HTTP for GET, POST, and HEAD commands. These routines can.#.be used in untrusted code that uses the Safesock security policy..#.These procedures use a callback interface to avoid using vwait, which.#.is not defined in the safe base..#.# See the file "license.terms" for information on usage and redistribution of.# this file, and for a DISCLAIMER OF ALL WARRANTIES...package require Tcl 8.6-.# Keep this in sync with pkgIndex.tcl and with the install directories in.# Makefiles.package provide http 2.9.0..namespace eval http {. # Allow resourcing to not clobber existing data.. variable http. if {![info exists http]} {..array set http {.. -accept */*.. -pipeline 1.. -postfresh 0.. -proxyhost {}.. -proxyport {}.. -proxyfilter http::ProxyRequired.. -repost 0.. -urlencoding utf-8.. -zip 1..}..# We need a useragent string of this style or various servers will..# refuse to send us compressed content even when we ask for it. This..#
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\auto.tcl
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):21148
          Entropy (8bit):4.7268785966563405
          Encrypted:false
          SSDEEP:384:vyPcB5RJtAZ7SP9nYP9I5HU3mOuWzXBEWKYHEN+7yBtYSbI0QD+lM:AcB5RJtAFSPBYPN3mOuiVHEN+78YSbqT
          MD5:5E9B3E874F8FBEAADEF3A004A1B291B5
          SHA1:B356286005EFB4A3A46A1FDD53E4FCDC406569D0
          SHA-256:F385515658832FEB75EE4DCE5BD53F7F67F2629077B7D049B86A730A49BD0840
          SHA-512:482C555A0DA2E635FA6838A40377EEF547746B2907F53D77E9FFCE8063C1A24322D8FAA3421FC8D12FDCAFF831B517A65DAFB1CEA6F5EA010BDC18A441B38790
          Malicious:false
          Preview: # auto.tcl --.#.# utility procs formerly in init.tcl dealing with auto execution of commands.# and can be auto loaded themselves..#.# Copyright (c) 1991-1993 The Regents of the University of California..# Copyright (c) 1994-1998 Sun Microsystems, Inc..#.# See the file "license.terms" for information on usage and redistribution of.# this file, and for a DISCLAIMER OF ALL WARRANTIES..#..# auto_reset --.#.# Destroy all cached information for auto-loading and auto-execution, so that.# the information gets recomputed the next time it's needed. Also delete any.# commands that are listed in the auto-load index..#.# Arguments:.# None...proc auto_reset {} {. global auto_execs auto_index auto_path. if {[array exists auto_index]} {..foreach cmdName [array names auto_index] {.. set fqcn [namespace which $cmdName].. if {$fqcn eq ""} {...continue.. }.. rename $fqcn {}..}. }. unset -nocomplain auto_execs auto_index ::tcl::auto_oldpath. if {[catch {llength $auto_path}]} {..
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\clock.tcl
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):128934
          Entropy (8bit):5.001022641779315
          Encrypted:false
          SSDEEP:3072:6klVEuSDFeEzGtdaui+urVke5i1IsQ5SvtTImhrYnPrzAvtt2eyw7uZH/SOyQasa:yDFeEzMaui+urVke5i1R6SvtTImhrYPK
          MD5:F1E825244CC9741595F47F4979E971A5
          SHA1:7159DD873C567E10CADAF8638D986FFE11182A27
          SHA-256:F0CF27CB4B5D9E3B5D7C84B008981C8957A0FF94671A52CC6355131E55DD59FB
          SHA-512:468C881EB7CE92C91F28CAE2471507A76EF44091C1586DCD716309E3252ED00CCB847EC3296C1954CA6F965161664F7BB73F21A24B9FF5A86F625C0B67C74F67
          Malicious:false
          Preview: #----------------------------------------------------------------------.#.# clock.tcl --.#.#.This file implements the portions of the [clock] ensemble that are.#.coded in Tcl. Refer to the users' manual to see the description of.#.the [clock] command and its subcommands..#.#.#----------------------------------------------------------------------.#.# Copyright (c) 2004,2005,2006,2007 by Kevin B. Kenny.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES..#.#----------------------------------------------------------------------..# We must have message catalogs that support the root locale, and we need.# access to the Registry on Windows systems...uplevel \#0 {. package require msgcat 1.6. if { $::tcl_platform(platform) eq {windows} } {..if { [catch { package require registry 1.1 }] } {.. namespace eval ::tcl::clock [list variable NoRegistry {}]..}. }.}..# Put the library directory into the namespace
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\encoding\ascii.enc
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1090
          Entropy (8bit):2.009389929214244
          Encrypted:false
          SSDEEP:12:5TUvEESVrVJ/eyN9j233V2NdWTeVCT0VbsV7EV7sYnVAMmVZyg851VqxsGkl/:5TUmJvRju3ShVbsZiAMiZyb7PF
          MD5:68D69C53B4A9F0AABD60646CA7E06DAE
          SHA1:DD83333DC1C838BEB9102F063971CCC20CC4FD80
          SHA-256:294C97175FD0894093B866E73548AE660AEED0C3CC1E73867EB66E52D34C0DD2
          SHA-512:48960E838D30401173EA0DF8597BB5D9BC3A09ED2CFFCB774BA50CB0B2ACCF47AAD3BA2782B3D4A92BEF572CBD98A3F4109FC4344DB82EB207BFDE4F61094D72
          Malicious:false
          Preview: # Encoding file: ascii, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E0000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\encoding\big5.enc
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):92873
          Entropy (8bit):3.255311357682213
          Encrypted:false
          SSDEEP:768:3kkmY4kD7HGJxYXIdjQWTGzvKHBDViIM1sbh+dJE+FKw0sXlWVvDg21jj9:cGfKqIQCGzv8D7ksb2Ur79jj9
          MD5:9E67816F304FA1A8E20D2270B3A53364
          SHA1:9E35EBF3D5380E34B92FE2744124F9324B901DD3
          SHA-256:465AE2D4880B8006B1476CD60FACF676875438244C1D93A7DBE4CDE1035E745F
          SHA-512:EE529DA3511EB8D73465EB585561D54833C46B8C31062299B46F5B9EE7EB5BE473E630AA264F45B2806FC1B480C8ED39A173FF1756CB6401B363568E951F0637
          Malicious:false
          Preview: # Encoding file: big5, multi-byte.M.003F 0 89.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.00000000000000000000000000000000000000000
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\encoding\cp1250.enc
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1091
          Entropy (8bit):3.286986942547087
          Encrypted:false
          SSDEEP:24:CqTUmJvRju3ShVbsZiAMiZyb7Ptuja5z8twsDO4yT2H:JgmOEVIwAMiw/Ptuja5z8RDtyT2H
          MD5:79ACD9BD261A252D93C9D8DDC42B8DF6
          SHA1:FA2271030DB9005D71FAAD60B44767955D5432DD
          SHA-256:1B42DF7E7D6B0FEB17CB0BC8D97E6CE6899492306DD880C48A39D1A2F0279004
          SHA-512:607F21A84AE569B19DF42463A56712D232CA192E1827E53F3ACB46D373EF4165A38FFBF116E28D4EAAEF49B08F6162C7A1C517CCE2DFACA71DA07193FEFFFF06
          Malicious:false
          Preview: # Encoding file: cp1250, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.20AC0081201A0083201E2026202020210088203001602039015A0164017D0179.009020182019201C201D202220132014009821220161203A015B0165017E017A.00A002C702D8014100A4010400A600A700A800A9015E00AB00AC00AD00AE017B.00B000B102DB014200B400B500B600B700B80105015F00BB013D02DD013E017C.015400C100C2010200C40139010600C7010C00C9011800CB011A00CD00CE010E.01100143014700D300D4015000D600D70158016E00DA017000DC00DD016200DF.015500E100E2010300E4013A010700E7010D00E
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\encoding\cp1251.enc
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1091
          Entropy (8bit):3.288070862623515
          Encrypted:false
          SSDEEP:24:CTTUmJvRju3ShVbsZiAMiZyb7P4DRrwFsC/+H+SAJlM9aHe3cmx:wgmOEVIwAMiw/PStwFz/T5+smx
          MD5:55FB20FB09C610DB38C22CF8ADD4F7B8
          SHA1:604396D81FD2D90F5734FE6C3F283F8F19AABB64
          SHA-256:2D1BED2422E131A140087FAF1B12B8A46F7DE3B6413BAE8BC395C06F0D70B9B0
          SHA-512:07C6640BB40407C384BCF646CC436229AEC77C6398D57659B739DC4E180C81A1524F55A5A8F7B3F671A53320052AD888736383486CC01DFC317029079B17172E
          Malicious:false
          Preview: # Encoding file: cp1251, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.04020403201A0453201E20262020202120AC203004092039040A040C040B040F.045220182019201C201D202220132014009821220459203A045A045C045B045F.00A0040E045E040800A4049000A600A7040100A9040400AB00AC00AD00AE0407.00B000B104060456049100B500B600B704512116045400BB0458040504550457.0410041104120413041404150416041704180419041A041B041C041D041E041F.0420042104220423042404250426042704280429042A042B042C042D042E042F.043004310432043304340435043604370438043
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\encoding\cp1252.enc
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1091
          Entropy (8bit):3.2209074629945476
          Encrypted:false
          SSDEEP:24:C4TUmJvRju3ShVbsZiAMiZyb7PMmVurcNvPNNAkbnMH+tjg:rgmOEVIwAMiw/PMhrUok7zE
          MD5:5900F51FD8B5FF75E65594EB7DD50533
          SHA1:2E21300E0BC8A847D0423671B08D3C65761EE172
          SHA-256:14DF3AE30E81E7620BE6BBB7A9E42083AF1AE04D94CF1203565F8A3C0542ACE0
          SHA-512:EA0455FF4CD5C0D4AFB5E79B671565C2AEDE2857D534E1371F0C10C299C74CB4AD113D56025F58B8AE9E88E2862F0864A4836FED236F5730360B2223FDE479DC
          Malicious:false
          Preview: # Encoding file: cp1252, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.20AC0081201A0192201E20262020202102C62030016020390152008D017D008F.009020182019201C201D20222013201402DC21220161203A0153009D017E0178.00A000A100A200A300A400A500A600A700A800A900AA00AB00AC00AD00AE00AF.00B000B100B200B300B400B500B600B700B800B900BA00BB00BC00BD00BE00BF.00C000C100C200C300C400C500C600C700C800C900CA00CB00CC00CD00CE00CF.00D000D100D200D300D400D500D600D700D800D900DA00DB00DC00DD00DE00DF.00E000E100E200E300E400E500E600E700E800E
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\encoding\cp1253.enc
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1091
          Entropy (8bit):3.3530146237761445
          Encrypted:false
          SSDEEP:24:CRTUmJvRju3ShVbsZiAMiZyb7PMuW24OrKUQQSqJWeIDmq:CgmOEVIwAMiw/PMuW2nKJQSqJWeI1
          MD5:2E5F553D214B534EBA29A9FCEEC36F76
          SHA1:8FF9A526A545D293829A679A2ECDD33AA6F9A90E
          SHA-256:2174D94E1C1D5AD93717B9E8C20569ED95A8AF51B2D3AB2BCE99F1A887049C0E
          SHA-512:44AB13C0D322171D5EE62946086058CF54963F91EC3F899F3A10D051F9828AC66D7E9F8055026E938DDD1B97A30D5D450B89D72F9113DEE2DBBB62DDBBBE456C
          Malicious:false
          Preview: # Encoding file: cp1253, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.20AC0081201A0192201E20262020202100882030008A2039008C008D008E008F.009020182019201C201D20222013201400982122009A203A009C009D009E009F.00A00385038600A300A400A500A600A700A800A9000000AB00AC00AD00AE2015.00B000B100B200B3038400B500B600B703880389038A00BB038C00BD038E038F.0390039103920393039403950396039703980399039A039B039C039D039E039F.03A003A1000003A303A403A503A603A703A803A903AA03AB03AC03AD03AE03AF.03B003B103B203B303B403B503B603B703B803B
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\encoding\cp1254.enc
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1091
          Entropy (8bit):3.2357714075228494
          Encrypted:false
          SSDEEP:24:CWTUmJvRju3ShVbsZiAMiZyb7PMSrcmvPNNAkKMH+tZL/M:lgmOEVIwAMiw/PMSrrokKzR0
          MD5:35AD7A8FC0B80353D1C471F6792D3FD8
          SHA1:484705A69596C9D813EA361625C3A45C6BB31228
          SHA-256:BC4CBE4C99FD65ABEA45FBDAF28CC1D5C42119280125FBBD5C2C11892AE460B2
          SHA-512:CCA3C6A4B826E0D86AC10E45FFC6E5001942AA1CF45B9E0229D56E06F2600DDA0139764F1222C56CF7A9C14E6E6C387F9AB265CB9B936E803FECD8285871C70F
          Malicious:false
          Preview: # Encoding file: cp1254, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.20AC0081201A0192201E20262020202102C62030016020390152008D008E008F.009020182019201C201D20222013201402DC21220161203A0153009D009E0178.00A000A100A200A300A400A500A600A700A800A900AA00AB00AC00AD00AE00AF.00B000B100B200B300B400B500B600B700B800B900BA00BB00BC00BD00BE00BF.00C000C100C200C300C400C500C600C700C800C900CA00CB00CC00CD00CE00CF.011E00D100D200D300D400D500D600D700D800D900DA00DB00DC0130015E00DF.00E000E100E200E300E400E500E600E700E800E
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\encoding\cp1255.enc
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1091
          Entropy (8bit):3.267336792625871
          Encrypted:false
          SSDEEP:24:CfTUmJvRju3ShVbsZiAMiZyb7PMI22iEePlNQhv6l50b:MgmOEVIwAMiw/PMI27EsQhvgg
          MD5:0419DBEE405723E7A128A009DA06460D
          SHA1:660DBE4583923CBDFFF6261B1FADF4349658579C
          SHA-256:F8BD79AE5A90E5390D77DC31CB3065B0F93CB8813C9E67ACCEC72E2DB2027A08
          SHA-512:FDD9F23A1B5ABBF973BEE28642A7F28F767557FE842AF0B30B1CF97CD258892F82E547392390A51900DC7FF5D56433549A5CB463779FC131E885B00568F86A32
          Malicious:false
          Preview: # Encoding file: cp1255, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.20AC0081201A0192201E20262020202102C62030008A2039008C008D008E008F.009020182019201C201D20222013201402DC2122009A203A009C009D009E009F.00A000A100A200A320AA00A500A600A700A800A900D700AB00AC00AD00AE00AF.00B000B100B200B300B400B500B600B700B800B900F700BB00BC00BD00BE00BF.05B005B105B205B305B405B505B605B705B805B9000005BB05BC05BD05BE05BF.05C005C105C205C305F005F105F205F305F40000000000000000000000000000.05D005D105D205D305D405D505D605D705D805D
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\encoding\cp1256.enc
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1091
          Entropy (8bit):3.3332869352420795
          Encrypted:false
          SSDEEP:24:C0TUmJvRju3ShVbsZiAMiZyb7Ps0pPESLym/cwPm+ZMZjyco/fQIG/h:XgmOEVIwAMiw/Ps0FPLym/AsBfg/h
          MD5:0FFA293AA50AD2795EAB7A063C4CCAE5
          SHA1:38FEE39F44E14C3A219978F8B6E4DA548152CFD6
          SHA-256:BBACEA81D4F7A3A7F3C036273A4534D31DBF8B6B5CCA2BCC4C00CB1593CF03D8
          SHA-512:AB4A6176C8C477463A6CABD603528CEB98EF4A7FB9AA6A8659E1AA6FE3F88529DB9635D41649FBAD779AEB4413F9D8581E6CA078393A3042B468E8CAE0FA0780
          Malicious:false
          Preview: # Encoding file: cp1256, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.20AC067E201A0192201E20262020202102C62030067920390152068606980688.06AF20182019201C201D20222013201406A921220691203A0153200C200D06BA.00A0060C00A200A300A400A500A600A700A800A906BE00AB00AC00AD00AE00AF.00B000B100B200B300B400B500B600B700B800B9061B00BB00BC00BD00BE061F.06C1062106220623062406250626062706280629062A062B062C062D062E062F.063006310632063306340635063600D7063706380639063A0640064106420643.00E0064400E2064506460647064800E700E800E
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\encoding\cp1257.enc
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1091
          Entropy (8bit):3.2734430397929604
          Encrypted:false
          SSDEEP:24:CNTUmJvRju3ShVbsZiAMiZyb7PtuWTfN641PaxUVG4da:ugmOEVIwAMiw/PtuWkgVfa
          MD5:A1CCD70248FEA44C0EBB51FB71D45F92
          SHA1:CC103C53B3BA1764714587EAEBD92CD1BC75194D
          SHA-256:4151434A714FC82228677C39B07908C4E19952FC058E26E7C3EBAB7724CE0C77
          SHA-512:74E4A13D65FAB11F205DB1E6D826B06DE421282F7461B273196FD7EECEE123EA0BD32711640B15B482C728966CC0C70FFC67AEDAD91566CA87CD623738E34726
          Malicious:false
          Preview: # Encoding file: cp1257, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.20AC0081201A0083201E20262020202100882030008A2039008C00A802C700B8.009020182019201C201D20222013201400982122009A203A009C00AF02DB009F.00A0000000A200A300A4000000A600A700D800A9015600AB00AC00AD00AE00C6.00B000B100B200B300B400B500B600B700F800B9015700BB00BC00BD00BE00E6.0104012E0100010600C400C501180112010C00C90179011601220136012A013B.01600143014500D3014C00D500D600D701720141015A016A00DC017B017D00DF.0105012F0101010700E400E501190113010D00E
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\encoding\cp1258.enc
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1091
          Entropy (8bit):3.226508038800896
          Encrypted:false
          SSDEEP:24:CKlTUmJvRju3ShVbsZiAMiZyb7PMIX2jmvPNNXkohWiZo//:xgmOEVIwAMiw/PMIXXfkohnun
          MD5:BB010BFF4DD16B05EEB6E33E5624767A
          SHA1:6294E42ED22D75679FF1464FF41D43DB3B1824C2
          SHA-256:0CDB59E255CCD7DCF4AF847C9B020AEAEE78CE7FCF5F214EBCF123328ACF9F24
          SHA-512:2CD34F75DC61DC1495B0419059783A5579932F43DB9B125CADCB3838A142E0C1CD7B42DB71EF103E268206E31099D6BB0670E84D5658C0E18D0905057FF87182
          Malicious:false
          Preview: # Encoding file: cp1258, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.20AC0081201A0192201E20262020202102C62030008A20390152008D008E008F.009020182019201C201D20222013201402DC2122009A203A0153009D009E0178.00A000A100A200A300A400A500A600A700A800A900AA00AB00AC00AD00AE00AF.00B000B100B200B300B400B500B600B700B800B900BA00BB00BC00BD00BE00BF.00C000C100C2010200C400C500C600C700C800C900CA00CB030000CD00CE00CF.011000D1030900D300D401A000D600D700D800D900DA00DB00DC01AF030300DF.00E000E100E2010300E400E500E600E700E800E
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\encoding\cp437.enc
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1090
          Entropy (8bit):3.447501009231115
          Encrypted:false
          SSDEEP:24:CFyTUmJvRju3ShVbsZiAMiZyb7P4jpuKBIrRjK8DvmH:wygmOEVIwAMiw/PYwjKgmH
          MD5:8645C2DFCC4D5DAD2BCD53A180D83A2F
          SHA1:3F725245C66050D39D9234BAACE9D047A3842944
          SHA-256:D707A1F03514806E714F01CBFCB7C9F9973ACDC80C2D67BBD4E6F85223A50952
          SHA-512:208717D7B1CBDD8A0B8B3BE1B6F85353B5A094BDC370E6B8396158453DD7DC400EE6C4D60490AD1A1F4C943E733298FC971AE30606D6BAB14FB1290B886C76D0
          Malicious:false
          Preview: # Encoding file: cp437, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.00C700FC00E900E200E400E000E500E700EA00EB00E800EF00EE00EC00C400C5.00C900E600C600F400F600F200FB00F900FF00D600DC00A200A300A520A70192.00E100ED00F300FA00F100D100AA00BA00BF231000AC00BD00BC00A100AB00BB.259125922593250225242561256225562555256325512557255D255C255B2510.25142534252C251C2500253C255E255F255A25542569256625602550256C2567.2568256425652559255825522553256B256A2518250C25882584258C25902580.03B100DF039303C003A303C300B503C403A60398
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\encoding\cp737.enc
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1090
          Entropy (8bit):3.551534707521956
          Encrypted:false
          SSDEEP:24:CjTUmJvRju3ShVbsZiAMiZyb7P48KhQFhWeYDr1K8DZckbiY:WgmOEVIwAMiw/P9KhQFhWeY31Kk2Y
          MD5:C68ADEFE02B77F6E6B5217CD83D46406
          SHA1:C95EA4ED3FBEF013D810C0BFB193B15FA8ADE7B8
          SHA-256:8BFCA34869B3F9A3B2FC71B02CBAC41512AF6D1F8AB17D2564E65320F88EDE10
          SHA-512:5CCAACD8A9795D4FE0FD2AC6D3E33C10B0BCC43B29B45DFBA66FBD180163251890BB67B8185D806E4341EB01CB1CED6EA682077577CC9ED948FC094B099A662A
          Malicious:false
          Preview: # Encoding file: cp737, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.039103920393039403950396039703980399039A039B039C039D039E039F03A0.03A103A303A403A503A603A703A803A903B103B203B303B403B503B603B703B8.03B903BA03BB03BC03BD03BE03BF03C003C103C303C203C403C503C603C703C8.259125922593250225242561256225562555256325512557255D255C255B2510.25142534252C251C2500253C255E255F255A25542569256625602550256C2567.2568256425652559255825522553256B256A2518250C25882584258C25902580.03C903AC03AD03AE03CA03AF03CC03CD03CB03CE
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\encoding\cp775.enc
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1090
          Entropy (8bit):3.3818286672990854
          Encrypted:false
          SSDEEP:24:CsOTUmJvRju3ShVbsZiAMiZyb7P4DBcqb67JnsUgqIPfJ:AgmOEVIwAMiw/PSzb67NsrLPR
          MD5:DE1282E2925870A277AF9DE4C52FA457
          SHA1:F4301A1340A160E1F282B5F98BF9FACBFA93B119
          SHA-256:44FB04B5C72B584B6283A99B34789690C627B5083C5DF6E8B5B7AB2C68903C06
          SHA-512:08173FC4E5FC9AA9BD1E296F299036E49C0333A876EA0BDF40BEC9F46120329A530B6AA57B32BC83C7AA5E6BD20DE9F616F4B17532EE54634B6799C31D8F668F
          Malicious:false
          Preview: # Encoding file: cp775, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.010600FC00E9010100E4012300E501070142011301560157012B017900C400C5.00C900E600C6014D00F6012200A2015A015B00D600DC00F800A300D800D700A4.0100012A00F3017B017C017A201D00A600A900AE00AC00BD00BC014100AB00BB.259125922593250225240104010C01180116256325512557255D012E01602510.25142534252C251C2500253C0172016A255A25542569256625602550256C017D.0105010D01190117012F01610173016B017E2518250C25882584258C25902580.00D300DF014C014300F500D500B5014401360137
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\encoding\cp850.enc
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1090
          Entropy (8bit):3.301196372002172
          Encrypted:false
          SSDEEP:24:C9TUmJvRju3ShVbsZiAMiZyb7P4jpuKBc+mTRF5aefDT4HJ:EgmOEVIwAMiw/PYelF5xfn4p
          MD5:FF3D96C0954843C7A78299FED6986D9E
          SHA1:5EAD37788D124D4EE49EC4B8AA1CF6AAA9C2849C
          SHA-256:55AA2D13B789B3125F5C9D0DC5B6E3A90D79426D3B7825DCD604F56D4C6E36A2
          SHA-512:B76CD82F3204E17D54FB679615120564C53BBE27CC474101EE073EFA6572B50DB2E9C258B09C0F7EAE8AC445D469461364C81838C07D41B43E353107C06C247E
          Malicious:false
          Preview: # Encoding file: cp850, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.00C700FC00E900E200E400E000E500E700EA00EB00E800EF00EE00EC00C400C5.00C900E600C600F400F600F200FB00F900FF00D600DC00F800A300D800D70192.00E100ED00F300FA00F100D100AA00BA00BF00AE00AC00BD00BC00A100AB00BB.2591259225932502252400C100C200C000A9256325512557255D00A200A52510.25142534252C251C2500253C00E300C3255A25542569256625602550256C00A4.00F000D000CA00CB00C8013100CD00CE00CF2518250C2588258400A600CC2580.00D300DF00D400D200F500D500B500FE00DE00DA
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\encoding\cp852.enc
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1090
          Entropy (8bit):3.3816687566591797
          Encrypted:false
          SSDEEP:24:CPTUmJvRju3ShVbsZiAMiZyb7P4OvEUs5ycHQjc59X/C:mgmOEVIwAMiw/Pkv5ycHQjc59Xa
          MD5:25A59EA83B8E9F3322A54B138861E274
          SHA1:904B357C30603DFBCF8A10A054D9399608B131DF
          SHA-256:5266B6F18C3144CFADBCB7B1D27F0A7EAA1C641FD3B33905E42E4549FD373770
          SHA-512:F7E41357849599E7BA1D47B9B2E615C3C2EF4D432978251418EBF9314AAEB0E1B0A56ED14ED9BA3BE46D3DABE5DD80E0CA6592AE88FB1923E7C3D90D7F846709
          Malicious:false
          Preview: # Encoding file: cp852, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.00C700FC00E900E200E4016F010700E7014200EB0150015100EE017900C40106.00C90139013A00F400F6013D013E015A015B00D600DC01640165014100D7010D.00E100ED00F300FA01040105017D017E0118011900AC017A010C015F00AB00BB.2591259225932502252400C100C2011A015E256325512557255D017B017C2510.25142534252C251C2500253C01020103255A25542569256625602550256C00A4.01110110010E00CB010F014700CD00CE011B2518250C258825840162016E2580.00D300DF00D401430144014801600161015400DA
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\encoding\cp855.enc
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1090
          Entropy (8bit):3.3580450853378596
          Encrypted:false
          SSDEEP:24:CoTUmJvRju3ShVbsZiAMiZyb7P4hHVLjwk6rMZCb32SLauDbr:hgmOEVIwAMiw/PM/wcMb3VuuT
          MD5:0220F1955F01B676D2595C30DEFB6064
          SHA1:F8BD4BF6D95F672CB61B8ECAB580A765BEBDAEA5
          SHA-256:E3F071C63AC43AF66061506EF2C574C35F7BF48553FB5158AE41D9230C1A10DF
          SHA-512:F7BFF7D6534C9BFDBF0FB0147E31E948F60E933E6DA6A39E8DC62CC55FEBDD6901240460D7B3C0991844CDEE7EB8ED26E5FDBBC12BDC9B8173884D8FCA123B69
          Malicious:false
          Preview: # Encoding file: cp855, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0452040204530403045104010454040404550405045604060457040704580408.04590409045A040A045B040B045C040C045E040E045F040F044E042E044A042A.0430041004310411044604260434041404350415044404240433041300AB00BB.259125922593250225240445042504380418256325512557255D043904192510.25142534252C251C2500253C043A041A255A25542569256625602550256C00A4.043B041B043C041C043D041D043E041E043F2518250C25882584041F044F2580.042F044004200441042104420422044304230436
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\encoding\cp857.enc
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1090
          Entropy (8bit):3.2936796452153128
          Encrypted:false
          SSDEEP:24:CaTUmJvRju3ShVbsZiAMiZyb7P4jpu6u/5WH5aeoC4ljIJ:jgmOEVIwAMiw/Pr/UH5xp4l6
          MD5:58C52199269A3BB52C3E4C20B5CE6093
          SHA1:888499D9DFDF75C60C2770386A4500F35753CE70
          SHA-256:E39985C6A238086B54427475519C9E0285750707DB521D1820E639723C01C36F
          SHA-512:754667464C4675E8C8F2F88A9211411B3648068085A898D693B33BF3E1FAECC9676805FD2D1A4B19FAAB30E286236DCFB2FC0D498BF9ABD9A5E772B340CEE768
          Malicious:false
          Preview: # Encoding file: cp857, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.00C700FC00E900E200E400E000E500E700EA00EB00E800EF00EE013100C400C5.00C900E600C600F400F600F200FB00F9013000D600DC00F800A300D8015E015F.00E100ED00F300FA00F100D1011E011F00BF00AE00AC00BD00BC00A100AB00BB.2591259225932502252400C100C200C000A9256325512557255D00A200A52510.25142534252C251C2500253C00E300C3255A25542569256625602550256C00A4.00BA00AA00CA00CB00C8000000CD00CE00CF2518250C2588258400A600CC2580.00D300DF00D400D200F500D500B5000000D700DA
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\encoding\cp860.enc
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1090
          Entropy (8bit):3.438607583601603
          Encrypted:false
          SSDEEP:24:CMTUmJvRju3ShVbsZiAMiZyb7P4Aj4AxOt49+nK8DvmH:VgmOEVIwAMiw/PeR+snKgmH
          MD5:8CA7C4737A18D5326E9A437D5ADC4A1A
          SHA1:C6B1E9320EEF46FC9A23437C255E4085EA2980DB
          SHA-256:6DB59139627D29ABD36F38ED2E0DE2A6B234A7D7E681C7DBAF8B888F1CAC49A5
          SHA-512:2D2427E7A3FF18445321263A42C6DA560E0250691ACBE5113BDE363B36B5E9929003F3C91769A02FF720AB8261429CBFA9D9580C1065FFE77400327B1A5539A6
          Malicious:false
          Preview: # Encoding file: cp860, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.00C700FC00E900E200E300E000C100E700EA00CA00E800CD00D400EC00C300C2.00C900C000C800F400F500F200DA00F900CC00D500DC00A200A300D920A700D3.00E100ED00F300FA00F100D100AA00BA00BF00D200AC00BD00BC00A100AB00BB.259125922593250225242561256225562555256325512557255D255C255B2510.25142534252C251C2500253C255E255F255A25542569256625602550256C2567.2568256425652559255825522553256B256A2518250C25882584258C25902580.03B100DF039303C003A303C300B503C403A60398
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\encoding\cp861.enc
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1090
          Entropy (8bit):3.4494568686644276
          Encrypted:false
          SSDEEP:24:ClTUmJvRju3ShVbsZiAMiZyb7P4jpOkPn9R2GRK8DvmH:8gmOEVIwAMiw/PAPXvKgmH
          MD5:45F0D888DBCB56703E8951C06CFAED51
          SHA1:53529772EA6322B7949DB73EEBAED91E5A5BA3DA
          SHA-256:A43A5B58BFC57BD723B12BBDEA9F6E1A921360B36D2D52C420F37299788442D3
          SHA-512:61D0C361E1C7D67193409EC327568867D1FD0FE448D11F16A08638D3EE31BE95AD37B8A2E67B8FB448D09489AA3F5D65AD9AC18E9BDC690A049F0C015BA806F1
          Malicious:false
          Preview: # Encoding file: cp861, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.00C700FC00E900E200E400E000E500E700EA00EB00E800D000F000DE00C400C5.00C900E600C600F400F600FE00FB00DD00FD00D600DC00F800A300D820A70192.00E100ED00F300FA00C100CD00D300DA00BF231000AC00BD00BC00A100AB00BB.259125922593250225242561256225562555256325512557255D255C255B2510.25142534252C251C2500253C255E255F255A25542569256625602550256C2567.2568256425652559255825522553256B256A2518250C25882584258C25902580.03B100DF039303C003A303C300B503C403A60398
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\encoding\cp862.enc
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1090
          Entropy (8bit):3.4900477558394694
          Encrypted:false
          SSDEEP:24:CdMTUmJvRju3ShVbsZiAMiZyb7P4N6rRjK8DvmH:iMgmOEVIwAMiw/PljKgmH
          MD5:E417DCE52E8438BBE9AF8AD51A09F9E3
          SHA1:EF273671D46815F22996EA632D22CC27EB8CA44B
          SHA-256:AEA716D490C35439621A8F00CA7E4397EF1C70428E206C5036B7AF25F1C3D82F
          SHA-512:97D65E05008D75BC56E162D51AB76888E1FA0591D9642D7C0D09A5CE823904B5D6C14214828577940EDBE7F0265ABACDD67E4E12FACFDF5C7CD35FA80B90EC02
          Malicious:false
          Preview: # Encoding file: cp862, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.05D005D105D205D305D405D505D605D705D805D905DA05DB05DC05DD05DE05DF.05E005E105E205E305E405E505E605E705E805E905EA00A200A300A520A70192.00E100ED00F300FA00F100D100AA00BA00BF231000AC00BD00BC00A100AB00BB.259125922593250225242561256225562555256325512557255D255C255B2510.25142534252C251C2500253C255E255F255A25542569256625602550256C2567.2568256425652559255825522553256B256A2518250C25882584258C25902580.03B100DF039303C003A303C300B503C403A60398
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\encoding\cp863.enc
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1090
          Entropy (8bit):3.450081751310228
          Encrypted:false
          SSDEEP:24:CXTUmJvRju3ShVbsZiAMiZyb7P4aGuXVsq5RNK8DvmH:egmOEVIwAMiw/PT3VswKgmH
          MD5:A2C4062EB4F37C02A45B13BD08EC1120
          SHA1:7F6ED89BD0D415C64D0B8A037F08A47FEADD14C4
          SHA-256:13B5CB481E0216A8FC28BFA9D0F6B060CDF5C457B3E12435CA826EB2EF52B068
          SHA-512:95EFDA8CBC5D52E178640A145859E95A780A8A25D2AF88F98E8FFFA035016CABAE2259D22B3D6A95316F64138B578934FAF4C3403E35C4B7D42E0369B5D88C9B
          Malicious:false
          Preview: # Encoding file: cp863, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.00C700FC00E900E200C200E000B600E700EA00EB00E800EF00EE201700C000A7.00C900C800CA00F400CB00CF00FB00F900A400D400DC00A200A300D900DB0192.00A600B400F300FA00A800B800B300AF00CE231000AC00BD00BC00BE00AB00BB.259125922593250225242561256225562555256325512557255D255C255B2510.25142534252C251C2500253C255E255F255A25542569256625602550256C2567.2568256425652559255825522553256B256A2518250C25882584258C25902580.03B100DF039303C003A303C300B503C403A60398
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\encoding\cp864.enc
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1090
          Entropy (8bit):3.6558830653506647
          Encrypted:false
          SSDEEP:24:CwTUmJvRju3YhVbsZiAMiZyb7P46SY927iqtcYQjDUjSD:5gmOqVIwAMiw/PCXjcYQfcSD
          MD5:3C88BF83DBA99F7B682120FBEEC57336
          SHA1:E0CA400BAE0F66EEBE4DFE147C5A18DD3B00B78C
          SHA-256:E87EC076F950FCD58189E362E1505DD55B0C8F4FA7DD1A9331C5C111D2CE569F
          SHA-512:6BD65D0A05F57333DA0078759DB2FC629B56C47DAB24E231DE41AD0DF3D07BF7A2A55D1946A7BA38BE228D415FB2BDB606BF1EF243974ED7DFD204548B2A43BA
          Malicious:false
          Preview: # Encoding file: cp864, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.00200021002200230024066A0026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.00B000B72219221A259225002502253C2524252C251C25342510250C25142518.03B2221E03C600B100BD00BC224800AB00BBFEF7FEF8009B009CFEFBFEFC009F.00A000ADFE8200A300A4FE8400000000FE8EFE8FFE95FE99060CFE9DFEA1FEA5.0660066106620663066406650666066706680669FED1061BFEB1FEB5FEB9061F.00A2FE80FE81FE83FE85FECAFE8BFE8DFE91FE93FE97FE9BFE9FFEA3FEA7FEA9.FEABFEADFEAFFEB3FEB7FEBBFEBFFEC1FEC5FECBFECF00A600AC00F700D7FEC9.0640FED3FED7FEDBFEDFFEE3FEE7FEEBFEEDFEEF
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\encoding\cp865.enc
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1090
          Entropy (8bit):3.451408971174579
          Encrypted:false
          SSDEEP:24:CsKTUmJvRju3ShVbsZiAMiZyb7P4jpuKBn9RUK8DvmH:ggmOEVIwAMiw/PYRXUKgmH
          MD5:6F290E2C3B8A8EE38642C23674B18C71
          SHA1:0EB40FEEB8A382530B69748E08BF513124232403
          SHA-256:407FC0FE06D2A057E9BA0109EA9356CAB38F27756D135EF3B06A85705B616F50
          SHA-512:A975F69360A28484A8A3B4C93590606B8F372A27EC612ECC2355C9B48E042DCE132E64411CF0B107AA5566CAF6954F6937BEBFE17A2AE79EFF25B67FA0F88B7D
          Malicious:false
          Preview: # Encoding file: cp865, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.00C700FC00E900E200E400E000E500E700EA00EB00E800EF00EE00EC00C400C5.00C900E600C600F400F600F200FB00F900FF00D600DC00F800A300D820A70192.00E100ED00F300FA00F100D100AA00BA00BF231000AC00BD00BC00A100AB00A4.259125922593250225242561256225562555256325512557255D255C255B2510.25142534252C251C2500253C255E255F255A25542569256625602550256C2567.2568256425652559255825522553256B256A2518250C25882584258C25902580.03B100DF039303C003A303C300B503C403A60398
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\encoding\cp866.enc
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1090
          Entropy (8bit):3.435639928335435
          Encrypted:false
          SSDEEP:24:CCTUmJvRju3ShVbsZiAMiZyb7P4GE+SAJlM9aHe3cIK8D/eke:bgmOEVIwAMiw/Pr5+sIK8ev
          MD5:C612610A7B63519BB7FEFEE26904DBB5
          SHA1:431270939D3E479BF9B9A663D9E67FCEBA79416F
          SHA-256:82633643CD326543915ACC5D28A634B5795274CD39974D3955E51D7330BA9338
          SHA-512:A3B84402AB66B1332C150E9B931E75B401378DDB4378D993DD460C81909DB72F2D136F0BE7B014F0A907D9EF9BE541C8E0B42CAB01667C6EF17E1DE1E0A3D0AE
          Malicious:false
          Preview: # Encoding file: cp866, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0410041104120413041404150416041704180419041A041B041C041D041E041F.0420042104220423042404250426042704280429042A042B042C042D042E042F.0430043104320433043404350436043704380439043A043B043C043D043E043F.259125922593250225242561256225562555256325512557255D255C255B2510.25142534252C251C2500253C255E255F255A25542569256625602550256C2567.2568256425652559255825522553256B256A2518250C25882584258C25902580.0440044104420443044404450446044704480449
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\encoding\cp869.enc
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1090
          Entropy (8bit):3.458262128093304
          Encrypted:false
          SSDEEP:24:CtTUmJvRju3ShVbsZiAMiZyb7P4UN+lhNo5+8dKfQFhWGDrjz9:EgmOEVIwAMiw/PxYNo5+8dKfQFhWG3jZ
          MD5:51B18570775BCA6465BD338012C9099C
          SHA1:E8149F333B1809DCCDE51CF8B6332103DDE7FC30
          SHA-256:27F16E3DD02B2212C4980EA09BDC068CF01584A1B8BB91456C03FCABABE0931E
          SHA-512:EB285F0E5A9333FFF0E3A6E9C7CAC9D44956EDF180A46D623989A93683BC70EE362256B58EB9AED3BFC6B5C8F5DB4E42540DFC681D51D22A97398CD18F76A1E1
          Malicious:false
          Preview: # Encoding file: cp869, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850386008700B700AC00A620182019038820150389.038A03AA038C00930094038E03AB00A9038F00B200B303AC00A303AD03AE03AF.03CA039003CC03CD039103920393039403950396039700BD0398039900AB00BB.25912592259325022524039A039B039C039D256325512557255D039E039F2510.25142534252C251C2500253C03A003A1255A25542569256625602550256C03A3.03A403A503A603A703A803A903B103B203B32518250C2588258403B403B52580.03B603B703B803B903BA03BB03BC03BD03BE03BF
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\encoding\cp874.enc
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1090
          Entropy (8bit):3.2660589395582478
          Encrypted:false
          SSDEEP:24:CSyTUmJvRju3ShVbsZiAMiZyb7PQXzHmED43U/TW5dV:CgmOEVIwAMiw/PIr43UKV
          MD5:7884C95618EF4E9BAA1DED2707F48467
          SHA1:DA057E1F93F75521A51CC725D47130F41E509E70
          SHA-256:3E067363FC07662EBE52BA617C2AAD364920F2AF395B3416297400859ACD78BB
          SHA-512:374AA659A8DB86C023187D02BD7993516CE0EC5B4C6743AD4956AA2DDB86D2B4A57B797253913E08E40485BF3263FBD1C74DDE2C00E6F228201811ED89A6DFF0
          Malicious:false
          Preview: # Encoding file: cp874, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.20AC008100820083008420260086008700880089008A008B008C008D008E008F.009020182019201C201D20222013201400980099009A009B009C009D009E009F.00A00E010E020E030E040E050E060E070E080E090E0A0E0B0E0C0E0D0E0E0E0F.0E100E110E120E130E140E150E160E170E180E190E1A0E1B0E1C0E1D0E1E0E1F.0E200E210E220E230E240E250E260E270E280E290E2A0E2B0E2C0E2D0E2E0E2F.0E300E310E320E330E340E350E360E370E380E390E3A00000000000000000E3F.0E400E410E420E430E440E450E460E470E480E49
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\encoding\cp932.enc
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):48207
          Entropy (8bit):3.450462303370557
          Encrypted:false
          SSDEEP:768:LhuW1PJnT9TO7RaQiPCLUKr7KBi9FrOLdtZ7RkEw:LZPV9KuqTxFGXZlQ
          MD5:AA4398630883066C127AA902832C82E4
          SHA1:D0B3DEB0EE6539CE5F28A51464BFBB3AA03F28E5
          SHA-256:9D33DF6E1CFDD2CF2553F5E2758F457D710CAFF5F8C69968F2665ACCD6E9A6FD
          SHA-512:77794E74B0E6B5855773EE9E1F3B1DA9DB7661D66485DAE6F61CA69F6DA9FD308A55B3A76C9B887135949C60FC3888E6F9A45C6BC481418737AA452A0D9CAE64
          Malicious:false
          Preview: # Encoding file: cp932, multi-byte.M.003F 0 46.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080000000000000000000850086000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000FF61FF62FF63FF64FF65FF66FF67FF68FF69FF6AFF6BFF6CFF6DFF6EFF6F.FF70FF71FF72FF73FF74FF75FF76FF77FF78FF79FF7AFF7BFF7CFF7DFF7EFF7F.FF80FF81FF82FF83FF84FF85FF86FF87FF88FF89FF8AFF8BFF8CFF8DFF8EFF8F.FF90FF91FF92FF93FF94FF95FF96FF97FF98FF99FF9AFF9BFF9CFF9DFF9EFF9F.0000000000000000000000000000000000000000
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\encoding\cp936.enc
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):132509
          Entropy (8bit):3.458586416034501
          Encrypted:false
          SSDEEP:1536:JUbXcUPivzybu9VBPbUQMp8nDr+VFQQHkrUkAEAd4WD7tH8dd1+a:muVDQEr2dhDBH8d3+a
          MD5:27280A39A06496DE6035203A6DAE5365
          SHA1:3B1D07B02AE7E3B40784871E17F36332834268E6
          SHA-256:619330192984A80F93AC6F2E4E5EAA463FD3DDDC75C1F65F3975F33E0DD7A0BB
          SHA-512:EA05CC8F9D6908EE2241E2A72374DAAD55797B5A487394B4C2384847C808AF091F980951941003039745372022DE88807F93EEF6CDB3898FBB300A48A09B66E8
          Malicious:false
          Preview: # Encoding file: cp936, multi-byte.M.003F 0 127.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.20AC000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.000000000000000000000000000000000000000
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\encoding\cp949.enc
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):130423
          Entropy (8bit):3.0309641114333425
          Encrypted:false
          SSDEEP:1536:fimT/rTarSdgL6MVTCwCWUw62Ljv10xb+KYTuHEh:ftT/IQYLzGxSdCy
          MD5:6788B104D2297CBD8D010E2776AF6EBA
          SHA1:904A8B7846D34521634C8C09013DBB1D31AF47CA
          SHA-256:26BCB620472433962717712D04597A63264C8E444459432565C4C113DE0A240B
          SHA-512:0DF73561B76159D0A94D16A2DAB22F2B3D88C67146A840CB74D19E70D50A4C7E4DDF1952B5B805471985A896CA9F1B69C3FC4E6D8D17454566D7D39377BA1394
          Malicious:false
          Preview: # Encoding file: cp949, multi-byte.M.003F 0 125.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.000000000000000000000000000000000000000
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\encoding\cp950.enc
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):91831
          Entropy (8bit):3.253346615914323
          Encrypted:false
          SSDEEP:768:VkkmY4kD7HGJxYXIdjQW7GzvKHBDViIM1sbh+dJE+FKw0sXlWVvDg21jjA:mGfKqIQwGzv8D7ksb2Ur79jjA
          MD5:A0F8C115D46D02A5CE2B8C56AFF53235
          SHA1:6605FCCB235A08F9032BB45231B1A6331764664B
          SHA-256:1FB9A3D52D432EA2D6CD43927CEBF9F58F309A236E1B11D20FE8D5A5FB944E6E
          SHA-512:124EA2134CF59585DB2C399B13DE67089A6BB5412D2B210DF484FA38B77555AAF0605D04F441BDC2B0BE0F180FA17C145731D7826DA7556A573D357CC00A968F
          Malicious:false
          Preview: # Encoding file: cp950, multi-byte.M.003F 0 88.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\encoding\dingbats.enc
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1093
          Entropy (8bit):3.7149721845090347
          Encrypted:false
          SSDEEP:24:vJM0UmJvRjuyfqYCsUBOdXBCbtwHviANskfUPiXFtoE4OSFgHrBPkq:vKfmOEqYCs6CXRPiANIiXFt9XSMdPH
          MD5:7715CC78774FEA9EB588397D8221FA5B
          SHA1:6A21D57B44A0856ABCDE61B1C16CB93F4E4C3D74
          SHA-256:3BDE9AE7EAF9BE799C84B2AA4E80D78BE8ACBACA1E486F10B9BDD42E3AEDDCB2
          SHA-512:C7500B9DD36F7C92C1A92B8F7BC507F6215B12C26C8CB4564A8A87299859C29C05DEFD3212DE8F2DB76B7DFAB527D6C7B10D1E9A9F6B682F1B5BC4911CFAD26C
          Malicious:false
          Preview: # Encoding file: dingbats, single-byte.S.003F 1 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.00202701270227032704260E2706270727082709261B261E270C270D270E270F.2710271127122713271427152716271727182719271A271B271C271D271E271F.2720272127222723272427252726272726052729272A272B272C272D272E272F.2730273127322733273427352736273727382739273A273B273C273D273E273F.2740274127422743274427452746274727482749274A274B25CF274D25A0274F.27502751275225B225BC25C6275625D727582759275A275B275C275D275E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.0000276127622763276427652766276726632666266526602460246124622463.2464246524662467246824692776277727782779277A277B277C277D277E277F.2780278127822783278427852786278727882789278A278B278C278D278E278F.2790279127922793279421922194219527982799279A279B279C279D279E279F.27A027A127A227A327A427A527A627A727A82
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\encoding\ebcdic.enc
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1054
          Entropy (8bit):2.92745681322567
          Encrypted:false
          SSDEEP:24:scICJZoBqoQzRKCGW5JyY9yZk3Vvd2p4Z4XgiAmV3q:JmqrRKCtEYYZk3V4WSwitV6
          MD5:67212AAC036FE54C8D4CDCB2D03467A6
          SHA1:465509C726C49680B02372501AF7A52F09AB7D55
          SHA-256:17A7D45F3B82F2A42E1D36B13DB5CED077945A3E82700947CD1F803DD2A60DBF
          SHA-512:9500685760800F5A31A755D582FCEDD8BB5692C27FEEEC2709D982C0B8FCB5238AFB310DCB817F9FE140086A8889B7C60D5D1017764CEB03CB388DD22C8E0B3E
          Malicious:false
          Preview: S.006F 0 1.00.0000000100020003008500090086007F0087008D008E000B000C000D000E000F.0010001100120013008F000A0008009700180019009C009D001C001D001E001F.0080008100820083008400920017001B00880089008A008B008C000500060007.0090009100160093009400950096000400980099009A009B00140015009E001A.002000A000E200E400E000E100E300E500E700F10060002E003C0028002B007C.002600E900EA00EB00E800ED00EE00EF00EC00DF00210024002A0029003B009F.002D002F00C200C400C000C100C300C500C700D1005E002C0025005F003E003F.00F800C900CA00CB00C800CD00CE00CF00CC00A8003A002300400027003D0022.00D800610062006300640065006600670068006900AB00BB00F000FD00FE00B1.00B0006A006B006C006D006E006F00700071007200AA00BA00E600B800C600A4.00B500AF0073007400750076007700780079007A00A100BF00D000DD00DE00AE.00A200A300A500B700A900A700B600BC00BD00BE00AC005B005C005D00B400D7.00F900410042004300440045004600470048004900AD00F400F600F200F300F5.00A6004A004B004C004D004E004F00500051005200B900FB00FC00DB00FA00FF.00D900F70053005400550056005700580059005A00B200D400D600D200D300D5.00300031003
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\encoding\euc-cn.enc
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):85574
          Entropy (8bit):2.3109636068522357
          Encrypted:false
          SSDEEP:384:SgOycCs6mBixg1k6y8NMSwR8JMvz6VaVZmASVHBtGtRfS7FXtQ/RSJj9fNLSmXn/:SdC4BmCkjSwAO6VIrahNrVNTSYG3Oln
          MD5:9A60E5D1AB841DB3324D584F1B84F619
          SHA1:BCCC899015B688D5C426BC791C2FCDE3A03A3EB5
          SHA-256:546392237F47D71CEE1DAA1AAE287D94D93216A1FABD648B50F59DDCE7E8AE35
          SHA-512:E9F42B65A8DFB157D1D3336A94A83D372227BAA10A82EB0C6B6FB5601AA352A576FA3CDFD71EDF74A2285ABCA3B1D3172BB4B393C05B3B4AB141AAF04B10F426
          Malicious:false
          Preview: # Encoding file: euc-cn, multi-byte.M.003F 0 82.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.000000000000000000000000000000000000000
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\encoding\euc-jp.enc
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):82537
          Entropy (8bit):2.267779266005065
          Encrypted:false
          SSDEEP:384:c7C2o8+/s5VHxANqsFvGFkMpUEg4MWv947ebZ745zIPcvZ3p6JhE1mrUH2xUoSuL:U+UTHxAlFxkUeGcOmaj6JhEMrUwLf3d1
          MD5:453626980EB36062E32D98ACECCCBD6E
          SHA1:F8FCA3985009A2CDD397CB3BAE308AF05B0D7CAC
          SHA-256:3BFB42C4D36D1763693AEFCE87F6277A11AD5A756D691DEDA804D9D0EDCB3093
          SHA-512:0F026E1EF3AE1B08BBC7050DB0B181B349511F2A526D2121A6100C426674C0FB1AD6904A5CC11AA924B7F03E33F6971599BAF85C94528428F2E22DCB7D6FE443
          Malicious:false
          Preview: # Encoding file: euc-jp, multi-byte.M.003F 0 79.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850086008700880089008A008B008C008D0000008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.000000000000000000000000000000000000000
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\encoding\euc-kr.enc
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):93918
          Entropy (8bit):2.3267174168729032
          Encrypted:false
          SSDEEP:768:1/W3oNwgt2qyVY1OVxk6ZN4KYDN1uq44hohExh:1/W3pqv10xb+KYTuHEh
          MD5:93FEADA4D8A974E90E77F6EB8A9F24AB
          SHA1:89CDA4FE6515C9C03551E4E1972FD478AF3A419C
          SHA-256:1F1AD4C4079B33B706E948A735A8C3042F40CC68065C48C220D0F56FD048C33B
          SHA-512:7FC43C273F8C2A34E7AD29375A36B6CAC539AC4C1CDCECFAF0B366DCFE605B5D924D09DAD23B2EE589B1A8A63EE0F7A0CE32CE74AC873369DE8555C9E27A5EDF
          Malicious:false
          Preview: # Encoding file: euc-kr, multi-byte.M.003F 0 90.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.000000000000000000000000000000000000000
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\encoding\gb12345.enc
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):86619
          Entropy (8bit):2.2972446758995697
          Encrypted:false
          SSDEEP:384:XSeUMIZQkyMiS4Y3fPOYo55XVi684z6WwQrrNoTRoyzDciB126afGG9whRJGAy/I:XhcQjSr3XeXVbmWdWd/zl5auG2hU/I
          MD5:12DBEEF45546A01E041332427FEC7A51
          SHA1:5C8E691AE3C13308820F4CF69206D765CFD5094B
          SHA-256:0C0DF17BFECE897A1DA7765C822453B09866573028CECCED13E2EFEE02BCCCC4
          SHA-512:FC8A250EE17D5E94A765AFCD9464ECAE74A4E2FF594A8632CEAEC5C84A3C4D26599642DA42E507B7873C37849D3E784CFB0792DE5B4B4262428619D7473FF611
          Malicious:false
          Preview: # Encoding file: gb12345, double-byte.D.233F 0 83.21.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.000030003001300230FB02C902C700A8300330052015FF5E2225202620182019.201C201D3014301530083009300A300B300C300D300E300F3016301730103011.00B100D700F72236222722282211220F222A222922082237221A22A522252220.23122299222B222E2261224C2248223D221D2260226E226F22642265221E2235.22342642264000B0203220332103FF0400A4FFE0FFE1203000A7211626062605.25CB25CF25CE25C725C625A125A025B325B2203B219221902191219330130000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\encoding\gb1988.enc
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1091
          Entropy (8bit):3.1978221748141253
          Encrypted:false
          SSDEEP:24:qrmTUmJvRju36hVbsZiAMiZyb7PN8pUPnfk5JM0RHFj:qSgmO8VIwAMiw/PNPQPFj
          MD5:06645FE6C135D2EDE313629D24782F98
          SHA1:49C663AC26C1FE4F0FD1428C9EF27058AEE6CA95
          SHA-256:A2717AE09E0CF2D566C245DC5C5889D326661B40DB0D5D9A6D95B8E6B0F0E753
          SHA-512:DB544CFE58753B2CF8A5D65321A2B41155FE2430DB6783DD2F20E1244657482072633D16C8AC99765C113B60E99C8718263C483763A34C5E4BB04B4FFBA41976
          Malicious:false
          Preview: # Encoding file: gb1988, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.002000210022002300A500250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D203E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.0000FF61FF62FF63FF64FF65FF66FF67FF68FF69FF6AFF6BFF6CFF6DFF6EFF6F.FF70FF71FF72FF73FF74FF75FF76FF77FF78FF79FF7AFF7BFF7CFF7DFF7EFF7F.FF80FF81FF82FF83FF84FF85FF86FF87FF88FF89FF8AFF8BFF8CFF8DFF8EFF8F.FF90FF91FF92FF93FF94FF95FF96FF97FF98FF99FF9AFF9BFF9CFF9DFF9EFF9F.000000000000000000000000000000000000000
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\encoding\gb2312-raw.enc
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):84532
          Entropy (8bit):2.3130049332819502
          Encrypted:false
          SSDEEP:384:KSevutIzbwixZ1J9vS+MReR8cMvwKVDAcmaj8HEtG0waFtFsKQ2RzIjTfYahm6n3:Kat+wmTJYReltKVMeYkXOjYo5tG3VN+
          MD5:BF74C90D28E52DD99A01377A96F462E3
          SHA1:DBA09C670F24D47B95D12D4BB9704391B81DDA9A
          SHA-256:EC11BFD49C715CD89FB9D387A07CF54261E0F4A1CCEC1A810E02C7B38AD2F285
          SHA-512:8F5A86BB57256ED2412F6454AF06C52FB44C83EB7B820C642CA9216E9DB31D6EC22965BF5CB9E8AE4492C77C1F48EB2387B1CBDC80F6CDA33FA57C57EC9FF9CD
          Malicious:false
          Preview: # Encoding file: gb2312, double-byte.D.233F 0 81.21.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.000030003001300230FB02C902C700A8300330052015FF5E2225202620182019.201C201D3014301530083009300A300B300C300D300E300F3016301730103011.00B100D700F72236222722282211220F222A222922082237221A22A522252220.23122299222B222E2261224C2248223D221D2260226E226F22642265221E2235.22342642264000B0203220332103FF0400A4FFE0FFE1203000A7211626062605.25CB25CF25CE25C725C625A125A025B325B2203B219221902191219330130000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.00000000000000000000000000000000000000
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\encoding\gb2312.enc
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):85574
          Entropy (8bit):2.3109636068522357
          Encrypted:false
          SSDEEP:384:SgOycCs6mBixg1k6y8NMSwR8JMvz6VaVZmASVHBtGtRfS7FXtQ/RSJj9fNLSmXn/:SdC4BmCkjSwAO6VIrahNrVNTSYG3Oln
          MD5:9A60E5D1AB841DB3324D584F1B84F619
          SHA1:BCCC899015B688D5C426BC791C2FCDE3A03A3EB5
          SHA-256:546392237F47D71CEE1DAA1AAE287D94D93216A1FABD648B50F59DDCE7E8AE35
          SHA-512:E9F42B65A8DFB157D1D3336A94A83D372227BAA10A82EB0C6B6FB5601AA352A576FA3CDFD71EDF74A2285ABCA3B1D3172BB4B393C05B3B4AB141AAF04B10F426
          Malicious:false
          Preview: # Encoding file: euc-cn, multi-byte.M.003F 0 82.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.000000000000000000000000000000000000000
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\encoding\iso2022-jp.enc
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):192
          Entropy (8bit):4.915818681498601
          Encrypted:false
          SSDEEP:3:SOd5MNXVSVLqRIBXSl1AEXMV/RRDfANDemSjs5dqcRcRZMvs5BCUNZ:SVNFS01K+MtkvSjwqd9NZ
          MD5:224219C864280FA5FB313ADBC654E37D
          SHA1:39E20B41CFA8B269377AFA06F9C4D66EDD946ACB
          SHA-256:E12928E8B5754D49D0D3E799135DE2B480BA84B5DBAA0E350D9846FA67F943EC
          SHA-512:6E390D83B67E2FD5BCAC1BA603A9C6F8BE071FA64021612CE5F8EE33FD8E3840A8C31A7B00134A0039E46BDC66BEF7EB6EA1F8663BA72816B86AF792EF7BDC56
          Malicious:false
          Preview: # Encoding file: iso2022-jp, escape-driven.E.name..iso2022-jp.init..{}.final..{}.ascii..\x1b(B.jis0201..\x1b(J.jis0208..\x1b$B.jis0208..\x1b$@.jis0212..\x1b$(D.gb2312..\x1b$A.ksc5601..\x1b$(C.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\encoding\iso2022-kr.enc
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):115
          Entropy (8bit):4.945508829557185
          Encrypted:false
          SSDEEP:3:SOd5MNXVTEXIBXSl1AEXNELmUHhqQc6XfUNOvn:SVNFS1K+9Qc6sNA
          MD5:F6464F7C5E3F642BC3564D59B888C986
          SHA1:94C5F39256366ABB68CD67E3025F177F54ECD39D
          SHA-256:6AC0F1845A56A1A537B9A6D9BCB724DDDF3D3A5E61879AE925931B1C0534FBB7
          SHA-512:B9A7E0A9344D8E883D44D1A975A7C3B966499D34BA6206B15C90250F88A8FA422029CEF190023C4E4BE806791AC3BEA87FD8872B47185B0CE0F9ED9C38C41A84
          Malicious:false
          Preview: # Encoding file: iso2022-kr, escape-driven.E.name..iso2022-kr.init..\x1b$)C.final..{}.iso8859-1.\x0f.ksc5601..\x0e.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\encoding\iso2022.enc
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):226
          Entropy (8bit):4.925633473589168
          Encrypted:false
          SSDEEP:3:SOd5MNXVUW+IBXSl1AEXM56DfqQc6WHmSjs5dReQSXcRcRZMvs5BCUNxXeR5IHRv:SVNFUX1K+M55Qc6WGSjwRDSXd9NGIHRv
          MD5:745464FF8692E3C3D8EBBA38D23538C8
          SHA1:9D6F077598A5A86E6EB6A4EEC14810BF525FBD89
          SHA-256:753DDA518A7E9F6DC0309721B1FAAE58C9661F545801DA9F04728391F70BE2D0
          SHA-512:E919677CC96DEF4C75126A173AF6C229428731AB091CDDBB2A6CE4EB82BCD8191CE64A33B418057A15E094A48E846BEE7820619E414E7D90EDA6E2B66923DDA5
          Malicious:false
          Preview: # Encoding file: iso2022, escape-driven.E.name..iso2022.init..{}.final..{}.iso8859-1.\x1b(B.jis0201..\x1b(J.gb1988..\x1b(T.jis0208..\x1b$B.jis0208..\x1b$@.jis0212..\x1b$(D.gb2312..\x1b$A.ksc5601..\x1b$(C.jis0208..\x1b&@\x1b$B.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\encoding\iso8859-1.enc
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1094
          Entropy (8bit):3.163043970763833
          Encrypted:false
          SSDEEP:24:iyTUmJvRju3ShVbsZiAMiZyb7P4UPvvPNNAkbnMH+tjg:iygmOEVIwAMiw/PTvok7zE
          MD5:E3BAE26F5D3D9A4ADCF5AE7D30F4EC38
          SHA1:A71B6380EA3D23DC0DE11D3B8CEA86A4C8063D47
          SHA-256:754EF6BF3A564228AB0B56DDE391521DCC1A6C83CFB95D4B761141E71D2E8E87
          SHA-512:AFED8F5FE02A9A30987736F08B47F1C19339B5410D6020CC7EA37EA0D717A70AF6CDDC775F53CE261FCF215B579206E56458D61AB4CEB44E060BD6B3AC2F4C41
          Malicious:false
          Preview: # Encoding file: iso8859-1, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.00A000A100A200A300A400A500A600A700A800A900AA00AB00AC00AD00AE00AF.00B000B100B200B300B400B500B600B700B800B900BA00BB00BC00BD00BE00BF.00C000C100C200C300C400C500C600C700C800C900CA00CB00CC00CD00CE00CF.00D000D100D200D300D400D500D600D700D800D900DA00DB00DC00DD00DE00DF.00E000E100E200E300E400E500E600E700E8
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\encoding\iso8859-10.enc
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1095
          Entropy (8bit):3.2483197762497458
          Encrypted:false
          SSDEEP:24:jTUmJvRju3ShVbsZiAMiZyb7P4UP6L2yhBKyta:jgmOEVIwAMiw/PT6L2Ryta
          MD5:162E76BD187CB54A5C9F0B72A082C668
          SHA1:CEC787C4DE78F9DBB97B9C44070CF2C12A2468F7
          SHA-256:79F6470D9BEBD30832B3A9CA59CD1FDCA28C5BE6373BD01D949EEE1BA51AA7A8
          SHA-512:ADDBCA6E296286220FFF449D3E34E5267528627AFFF1FCBD2B9AC050A068D116452D70308049D88208FB7CB2C2F7582FCF1703CF22CFC125F2E6FA89B8A653FE
          Malicious:false
          Preview: # Encoding file: iso8859-10, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.00A0010401120122012A0128013600A7013B011001600166017D00AD016A014A.00B0010501130123012B0129013700B7013C011101610167017E2015016B014B.010000C100C200C300C400C500C6012E010C00C9011800CB011600CD00CE00CF.00D00145014C00D300D400D500D6016800D8017200DA00DB00DC00DD00DE00DF.010100E100E200E300E400E500E6012F010
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\encoding\iso8859-13.enc
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1095
          Entropy (8bit):3.267798724121087
          Encrypted:false
          SSDEEP:24:olTUmJvRju3ShVbsZiAMiZyb7P4UP1w4LaxUVG4dT:olgmOEVIwAMiw/PT+4VfT
          MD5:BF3993877A45AC7091CFC81CFD4A4D43
          SHA1:D462934A074EE13F2C810463FD061084953F77BC
          SHA-256:33C6072A006BA4E9513D7B7FD3D08B1C745CA1079B6D796C36B2A5AE8E4AE02B
          SHA-512:17489E6AD6A898628239EA1B43B4BE81ECC33608F0FD3F7F0E19CF74F7FC4752813C3C21F1DC73E9CC8765E23C63ED932799905381431DAF4E10A88EC29EBF6E
          Malicious:false
          Preview: # Encoding file: iso8859-13, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.00A0201D00A200A300A4201E00A600A700D800A9015600AB00AC00AD00AE00C6.00B000B100B200B3201C00B500B600B700F800B9015700BB00BC00BD00BE00E6.0104012E0100010600C400C501180112010C00C90179011601220136012A013B.01600143014500D3014C00D500D600D701720141015A016A00DC017B017D00DF.0105012F0101010700E400E501190113010
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\encoding\iso8859-14.enc
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1095
          Entropy (8bit):3.296489289648924
          Encrypted:false
          SSDEEP:24:vTUmJvRju3ShVbsZiAMiZyb7P4UPt6C5AkE7MH+tZS4Y:vgmOEVIwAMiw/PTAQAkCzsP
          MD5:3BE4986264587BEC738CC46EBB43D698
          SHA1:62C253AA7A868CE32589868FAB37336542457A96
          SHA-256:8D737283289BAF8C08EF1DD7E47A6C775DACE480419C5E2A92D6C0E85BB5B381
          SHA-512:CB9079265E47EF9672EAACFCE474E4D6771C6F61394F29CC59C9BBE7C99AE89A0EACD73F2BCDD8374C4E03BE9B1685F463F029E35C4070DF9D1B143B02CAD573
          Malicious:false
          Preview: # Encoding file: iso8859-14, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.00A01E021E0300A3010A010B1E0A00A71E8000A91E821E0B1EF200AD00AE0178.1E1E1E1F012001211E401E4100B61E561E811E571E831E601EF31E841E851E61.00C000C100C200C300C400C500C600C700C800C900CA00CB00CC00CD00CE00CF.017400D100D200D300D400D500D61E6A00D800D900DA00DB00DC00DD017600DF.00E000E100E200E300E400E500E600E700E
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\encoding\iso8859-15.enc
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1095
          Entropy (8bit):3.1878838020538374
          Encrypted:false
          SSDEEP:24:mTUmJvRju3ShVbsZiAMiZyb7P4UPvRarkbnMH+tjg:mgmOEVIwAMiw/PTvqk7zE
          MD5:6AE49F4E916B02EB7EDB160F88B5A27F
          SHA1:49F7A42889FB8A0D78C80067BDE18094DBE956EE
          SHA-256:C7B0377F30E42048492E4710FE5A0A54FA9865395B8A6748F7DAC53B901284F9
          SHA-512:397E636F4B95522FD3909B4546A1B7E31E92388DAE4F9F6B638875449E3498B49320F4C4A47168C7ADD43C78EF5680CAAEE40661DDC8205687532D994133EA3B
          Malicious:false
          Preview: # Encoding file: iso8859-15, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.00A000A100A200A320AC00A5016000A7016100A900AA00AB00AC00AD00AE00AF.00B000B100B200B3017D00B500B600B7017E00B900BA00BB01520153017800BF.00C000C100C200C300C400C500C600C700C800C900CA00CB00CC00CD00CE00CF.00D000D100D200D300D400D500D600D700D800D900DA00DB00DC00DD00DE00DF.00E000E100E200E300E400E500E600E700E
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\encoding\iso8859-16.enc
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1095
          Entropy (8bit):3.2349228762697972
          Encrypted:false
          SSDEEP:24:dTUmJvRju3ShVbsZiAMiZyb7P4UP/SlTPkyTtZVc:dgmOEVIwAMiw/PTqFPkypXc
          MD5:D30094CAEFA5C4A332159829C6CB7FEC
          SHA1:50FDA6C70A133CB64CF38AA4B2F313B54D2FD955
          SHA-256:C40CA014B88F97AE62AE1A816C5963B1ED432A77D84D89C3A764BA15C8A23708
          SHA-512:6EDD6912053D810D1E2B0698494D26E119EF1BF3FABC2FBFBA44551792800FA0CF163773E4F37F908C2DE41F05D6F17153656623A6D4681BE74EB253D9163422
          Malicious:false
          Preview: # Encoding file: iso8859-16, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.00A001040105014120AC201E016000A7016100A9021800AB017900AD017A017B.00B000B1010C0142017D201D00B600B7017E010D021900BB015201530178017C.00C000C100C2010200C4010600C600C700C800C900CA00CB00CC00CD00CE00CF.0110014300D200D300D4015000D6015A017000D900DA00DB00DC0118021A00DF.00E000E100E2010300E4010700E600E700E
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\encoding\iso8859-2.enc
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1094
          Entropy (8bit):3.269412550127009
          Encrypted:false
          SSDEEP:24:UTUmJvRju3ShVbsZiAMiZyb7P4UPPssm0O4yT2H:UgmOEVIwAMiw/PTPss5tyT2H
          MD5:69FCA2E8F0FD9B39CDD908348BD2985E
          SHA1:FF62EB5710FDE11074A87DAEE9229BCF7F66D7A0
          SHA-256:0E0732480338A229CC3AD4CDDE09021A0A81902DC6EDFB5F12203E2AFF44668F
          SHA-512:46A7899D17810D2E0FF812078D91F29BF2BB8770F09A02367CF8361229F424FC9B06EAC8E3756491612972917463B6F27DB3D897AFAE8DB5F159D45975D9CBD8
          Malicious:false
          Preview: # Encoding file: iso8859-2, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.00A0010402D8014100A4013D015A00A700A80160015E0164017900AD017D017B.00B0010502DB014200B4013E015B02C700B80161015F0165017A02DD017E017C.015400C100C2010200C40139010600C7010C00C9011800CB011A00CD00CE010E.01100143014700D300D4015000D600D70158016E00DA017000DC00DD016200DF.015500E100E2010300E4013A010700E7010D
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\encoding\iso8859-3.enc
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1094
          Entropy (8bit):3.178020305301999
          Encrypted:false
          SSDEEP:24:tTUmJvRju3ShVbsZiAMiZyb7P4UPp2g4kBTvSMkFtP0:tgmOEVIwAMiw/PTj4kBTvSDP0
          MD5:5685992A24D85E93BD8EA62755E327BA
          SHA1:B0BEBEDEC53FFB894D9FB0D57F25AB2A459B6DD5
          SHA-256:73342C27CF55F625D3DB90C5FC8E7340FFDF85A51872DBFB1D0A8CB1E43EC5DA
          SHA-512:E88ED02435026CA9B8A23073F61031F3A75C4B2CD8D2FC2B598F924ADF34B268AB16909120F1D96B794BDBC484C764FDE83B63C9FB122279AC5242D57030AF3A
          Malicious:false
          Preview: # Encoding file: iso8859-3, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.00A0012602D800A300A40000012400A700A80130015E011E013400AD0000017B.00B0012700B200B300B400B5012500B700B80131015F011F013500BD0000017C.00C000C100C2000000C4010A010800C700C800C900CA00CB00CC00CD00CE00CF.000000D100D200D300D4012000D600D7011C00D900DA00DB00DC016C015C00DF.00E000E100E2000000E4010B010900E700E8
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\encoding\iso8859-4.enc
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1094
          Entropy (8bit):3.2703067063488724
          Encrypted:false
          SSDEEP:24:KTUmJvRju3ShVbsZiAMiZyb7P4UP04xsD/njwKyjhJ:KgmOEVIwAMiw/PT06s3fylJ
          MD5:07576E85AFDB2816BBCFFF80E2A12747
          SHA1:CC1C2E6C35B005C17EB7B1A3D744983A86A75736
          SHA-256:17745BDD299779E91D41DB0CEE26CDC7132DA3666907A94210B591CED5A55ADB
          SHA-512:309EEF25EE991E3321A57D2CEE139C9C3E7C8B3D9408664AAFE9BA34E28EF5FB8167481F3C5CAD0557AE55249E47016CA3A6AC19857D76EFB58D0CDAC428F600
          Malicious:false
          Preview: # Encoding file: iso8859-4, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.00A001040138015600A40128013B00A700A8016001120122016600AD017D00AF.00B0010502DB015700B40129013C02C700B80161011301230167014A017E014B.010000C100C200C300C400C500C6012E010C00C9011800CB011600CD00CE012A.01100145014C013600D400D500D600D700D8017200DA00DB00DC0168016A00DF.010100E100E200E300E400E500E6012F010D
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\encoding\iso8859-5.enc
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1094
          Entropy (8bit):3.2716690950473573
          Encrypted:false
          SSDEEP:24:zTUmJvRju3ShVbsZiAMiZyb7P4UPNXe+SAJlM9aHe3cmy+:zgmOEVIwAMiw/PTNp5+smy+
          MD5:67577E6720013EEF73923D3F050FBFA1
          SHA1:F9F64BB6014068E2C0737186C694B8101DD9575E
          SHA-256:BC5ED164D15321404BBDCAD0D647C322FFAB1659462182DBD3945439D9ECBAE7
          SHA-512:B584DB1BD5BE97CCFCA2F71E765DEC66CF2ABE18356C911894C988B2238E14074748C71074E0633C7CA50733E189D937160A35438C720DB2243CBC3566F52629
          Malicious:false
          Preview: # Encoding file: iso8859-5, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.00A0040104020403040404050406040704080409040A040B040C00AD040E040F.0410041104120413041404150416041704180419041A041B041C041D041E041F.0420042104220423042404250426042704280429042A042B042C042D042E042F.0430043104320433043404350436043704380439043A043B043C043D043E043F.044004410442044304440445044604470448
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\encoding\iso8859-6.enc
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1094
          Entropy (8bit):2.9147595181616284
          Encrypted:false
          SSDEEP:24:YTUmJvRju3ShVbsZiAMiZyb7P4UPSIZjyco/rs:YgmOEVIwAMiw/PTBsBrs
          MD5:49DEC951C7A7041314DF23FE26C9B300
          SHA1:B810426354D857718CC841D424DA070EFB9F144F
          SHA-256:F502E07AE3F19CCDC31E434049CFC733DD5DF85487C0160B0331E40241AD0274
          SHA-512:CB5D8C5E807A72F35AD4E7DA80882F348D70052169A7ED5BB585152C2BF628177A2138BD0A982A398A8DF373E1D3E145AD1F6C52485DE57ECBE5A7ED33E13776
          Malicious:false
          Preview: # Encoding file: iso8859-6, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.00A000000000000000A40000000000000000000000000000060C00AD00000000.00000000000000000000000000000000000000000000061B000000000000061F.0000062106220623062406250626062706280629062A062B062C062D062E062F.0630063106320633063406350636063706380639063A00000000000000000000.064006410642064306440645064606470648
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\encoding\iso8859-7.enc
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1094
          Entropy (8bit):3.2933089629252037
          Encrypted:false
          SSDEEP:24:TMyTUmJvRju3ShVbsZiAMiZyb7P4UP1mKUQQSqJWeIDmq:TlgmOEVIwAMiw/PTkKJQSqJWeI1
          MD5:0AF65F8F07F623FA38E2D732400D95CF
          SHA1:D2903B32FEA225F3FB9239E622390A078C8A8FA6
          SHA-256:8FEC7631A69FCF018569EBADB05771D892678790A08E63C05E0007C9910D58A8
          SHA-512:EF03237A030C54E0E20DBA7ED724580C513490B9B3B043C1E885638E7BCE21415CE56C3902EA39689365B12E44194C6BF868C4D9BCBCA8FDC334BE77DA46E24D
          Malicious:false
          Preview: # Encoding file: iso8859-7, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.00A02018201900A30000000000A600A700A800A9000000AB00AC00AD00002015.00B000B100B200B303840385038600B703880389038A00BB038C00BD038E038F.0390039103920393039403950396039703980399039A039B039C039D039E039F.03A003A1000003A303A403A503A603A703A803A903AA03AB03AC03AD03AE03AF.03B003B103B203B303B403B503B603B703B8
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\encoding\iso8859-8.enc
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1094
          Entropy (8bit):2.9730608214144323
          Encrypted:false
          SSDEEP:24:uTUmJvRju3ShVbsZiAMiZyb7P4UPtePly0b:ugmOEVIwAMiw/PTtw
          MD5:45E35EFF7ED2B2DF0B5694A2B639FE1E
          SHA1:4EA5EC5331541EDE65A9CF601F5418FD4B6CFCBC
          SHA-256:E1D207917AA3483D9110E24A0CC0CD1E0E5843C8BFC901CFEE7A6D872DD945A9
          SHA-512:527283C9EFF2C1B21FAE716F5DFB938D8294B22938C76A73D88135312FA01B5C3DF288461CCE8B692928B334A28A7D29319F9F48733174C898F41BD1BEB8E862
          Malicious:false
          Preview: # Encoding file: iso8859-8, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.00A0000000A200A300A400A500A600A700A800A900D700AB00AC00AD00AE00AF.00B000B100B200B300B400B500B600B700B800B900F700BB00BC00BD00BE0000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000002017.05D005D105D205D305D405D505D605D705D8
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\encoding\iso8859-9.enc
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1094
          Entropy (8bit):3.1865263857127375
          Encrypted:false
          SSDEEP:24:XTUmJvRju3ShVbsZiAMiZyb7P4UPvvPNNAkKMH+tZL/M:XgmOEVIwAMiw/PTvokKzR0
          MD5:675C89ECD212C8524B1875095D78A5AF
          SHA1:F585C70A5589DE39558DAC016743FF85E0C5F032
          SHA-256:1CDCF510C38464E5284EDCFAEC334E3FC516236C1CA3B9AB91CA878C23866914
          SHA-512:E620657C5F521A101B6FF7B5FD9A7F0DDD560166BA109D20E91F2E828F81697F897DFA136533C0D6F24A9861E92F34C0CC0FA590F344713C089157F8AC3ECFE2
          Malicious:false
          Preview: # Encoding file: iso8859-9, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.00A000A100A200A300A400A500A600A700A800A900AA00AB00AC00AD00AE00AF.00B000B100B200B300B400B500B600B700B800B900BA00BB00BC00BD00BE00BF.00C000C100C200C300C400C500C600C700C800C900CA00CB00CC00CD00CE00CF.011E00D100D200D300D400D500D600D700D800D900DA00DB00DC0130015E00DF.00E000E100E200E300E400E500E600E700E8
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\encoding\jis0201.enc
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1092
          Entropy (8bit):3.1984111069807395
          Encrypted:false
          SSDEEP:24:zBTUmJvRju3ShVbsZiAMiZyb7PN8pUPnfk5JM0RHFj:zBgmOEVIwAMiw/PNPQPFj
          MD5:0DCB64ACBB4B518CC20F4E196E04692C
          SHA1:7AEB708C89C178FB4D5611C245EA1A7CF66ADF3A
          SHA-256:480F61D0E1A75DEE59BF9A66DE0BB78FAAE4E87FD6317F93480412123277D442
          SHA-512:4AFA210763DE9742626886D7D281AC15169CDC7A31D185F48D105190CA247AA014FB8F281AFCB4A0C31D2D55EE7D907B6A8E51FC4BEEDB9DB8C484E88CAA78A9
          Malicious:false
          Preview: # Encoding file: jis0201, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D203E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.0000FF61FF62FF63FF64FF65FF66FF67FF68FF69FF6AFF6BFF6CFF6DFF6EFF6F.FF70FF71FF72FF73FF74FF75FF76FF77FF78FF79FF7AFF7BFF7CFF7DFF7EFF7F.FF80FF81FF82FF83FF84FF85FF86FF87FF88FF89FF8AFF8BFF8CFF8DFF8EFF8F.FF90FF91FF92FF93FF94FF95FF96FF97FF98FF99FF9AFF9BFF9CFF9DFF9EFF9F.00000000000000000000000000000000000000
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\encoding\jis0208.enc
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):80453
          Entropy (8bit):2.274731552146978
          Encrypted:false
          SSDEEP:384:R7Cyeug/RAEo7umlshyGYknyRXglMVw9bq7bYI45zh2cvA3FXwhZ1BrUc2C5oS5u:RgZJo7uNhbyO1ZiEXPcXwhZbrUPkBso2
          MD5:F35938AC582E460A14646D2C93F1A725
          SHA1:A922ACACE0C1A4A7DDC92FE5DD7A116D30A3686B
          SHA-256:118EA160EF29E11B46DEC57AF2C44405934DD8A7C49D2BC8B90C94E8BAA6138B
          SHA-512:D27CD9C9D67370C288036AACA5999314231F7070152FF7EEF1F3379E748EF9047001430D391B61C281FF69AB4F709D47F8FF5390873B5DEFD105371AB8FB8872
          Malicious:false
          Preview: # Encoding file: jis0208, double-byte.D.2129 0 77.21.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000300030013002FF0CFF0E30FBFF1AFF1BFF1FFF01309B309C00B4FF4000A8.FF3EFFE3FF3F30FD30FE309D309E30034EDD30053006300730FC20152010FF0F.FF3C301C2016FF5C2026202520182019201C201DFF08FF0930143015FF3BFF3D.FF5BFF5D30083009300A300B300C300D300E300F30103011FF0B221200B100D7.00F7FF1D2260FF1CFF1E22662267221E22342642264000B0203220332103FFE5.FF0400A200A3FF05FF03FF06FF0AFF2000A72606260525CB25CF25CE25C70000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\encoding\jis0212.enc
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):70974
          Entropy (8bit):2.2631380488363284
          Encrypted:false
          SSDEEP:768:WmU4+qNPpEzjKgGWJACVeCssX2Qt5E2+G7PBIv:LU4+qNaCgGW7VGK2o+0qv
          MD5:F518436AC485F5DC723518D7872038E0
          SHA1:15013478760463A0BCE3577B4D646ECDB07632B5
          SHA-256:24A9D379FDA39F2BCC0580CA3E0BD2E99AE279AF5E2841C9E7DBE7F931D19CC0
          SHA-512:2325705D4772A10CD81082A035BEAC85E6C64C7CCFA5981955F0B85CAF9A95D8A0820092957822A05C2E8E773F2089035ED5E76BF3FAF19B0E7E6AED7B4214D8
          Malicious:false
          Preview: # Encoding file: jis0212, double-byte.D.2244 0 68.22.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.00000000000000000000000000000000000000000000000000000000000002D8.02C700B802D902DD00AF02DB02DA007E03840385000000000000000000000000.0000000000A100A600BF00000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000BA00AA00A900AE2122.00A4211600000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\encoding\koi8-r.enc
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1091
          Entropy (8bit):3.463428231669408
          Encrypted:false
          SSDEEP:24:KcJ5mTUmJvRju3ShVbsZiAMiZyb7PcSzm1XvRS3YcmchJQ3MAxSy:KmmgmOEVIwAMiw/Ptz8gBmRcAx5
          MD5:E66D42CB71669CA0FFBCDC75F6292832
          SHA1:366C137C02E069B1A93FBB5D64B9120EA6E9AD1F
          SHA-256:7142B1120B993D6091197574090FE04BE3EA64FFC3AD5A167A4B5E0B42C9F062
          SHA-512:6FBF7AF0302B4AA7EF925EFED7235E946EDA8B628AA204A8BBB0A3D1CB8C79DD37D9DD92A276AD14B55776FEBB3B55CF5881AC4013F95ED4E618E3B49771E8A5
          Malicious:false
          Preview: # Encoding file: koi8-r, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.25002502250C251025142518251C2524252C2534253C258025842588258C2590.259125922593232025A02219221A22482264226500A0232100B000B200B700F7.25502551255204512553255425552556255725582559255A255B255C255D255E.255F25602561040125622563256425652566256725682569256A256B256C00A9.044E0430043104460434043504440433044504380439043A043B043C043D043E.043F044F044004410442044304360432044C044B04370448044D04490447044A.042E04100411042604140415042404130425041
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\encoding\koi8-u.enc
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1091
          Entropy (8bit):3.439504497428066
          Encrypted:false
          SSDEEP:24:K+TUmJvRju3ShVbsZiAMiZyb7PcSzmn3gXDRS3YcmchJQ3MAxSy:K+gmOEVIwAMiw/Ptz0KgBmRcAx5
          MD5:D722EFEA128BE671A8FDA45ED7ADC586
          SHA1:DA9E67F64EC4F6A74C60CB650D5A12C4430DCFF7
          SHA-256:BBB729B906F5FC3B7EE6694B208B206D19A9D4DC571E235B9C94DCDD4A323A2A
          SHA-512:FDF183C1A0D9109E21F7EEBC5996318AEDED3F87319A980C4E96BFE1D43593BDB693D181744C5C7E391A849783E3594234060A9F76116DE56F9592EF95979E63
          Malicious:false
          Preview: # Encoding file: koi8-u, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.25002502250C251025142518251C2524252C2534253C258025842588258C2590.259125922593232025A02219221A22482264226500A0232100B000B200B700F7.25502551255204510454255404560457255725582559255A255B0491255D255E.255F25602561040104032563040604072566256725682569256A0490256C00A9.044E0430043104460434043504440433044504380439043A043B043C043D043E.043F044F044004410442044304360432044C044B04370448044D04490447044A.042E04100411042604140415042404130425041
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\encoding\ksc5601.enc
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):92877
          Entropy (8bit):2.32911747373862
          Encrypted:false
          SSDEEP:768:XtWS2ymX62EztZ1Oyxk1uGtQPUNg0q+6XVfEFh:XtWnzEn1HxRQQPV0Eeh
          MD5:599CEA614F5C5D01CDFA433B184AA904
          SHA1:C2FFA427457B4931E5A92326F251CD3D671059B0
          SHA-256:0F8B530AD0DECBF8DD81DA8291B8B0F976C643B5A292DB84680B31ECFBE5D00A
          SHA-512:43D24B719843A21E3E1EDDFC3607B1B198542306C2EC8D621188CD39BA913D23678D39D12D8370CC1CE12828661AF0A5F14AD2B2BF99F62387C5E3E365BA1E75
          Malicious:false
          Preview: # Encoding file: ksc5601, double-byte.D.233F 0 89.21.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.000030003001300200B72025202600A8300300AD20152225FF3C223C20182019.201C201D3014301530083009300A300B300C300D300E300F3010301100B100D7.00F7226022642265221E223400B0203220332103212BFFE0FFE1FFE526422640.222022A52312220222072261225200A7203B2606260525CB25CF25CE25C725C6.25A125A025B325B225BD25BC219221902191219321943013226A226B221A223D.221D2235222B222C2208220B2286228722822283222A222922272228FFE20000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\encoding\macCentEuro.enc
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1096
          Entropy (8bit):3.3601842107710365
          Encrypted:false
          SSDEEP:24:8jTUmJvRju3ShVbsZiAMiZyb7P4ZVPJS82WcVDX1MPEd4RPMppJ8K:8jgmOEVIwAMiw/PsVoy24VMppiK
          MD5:CADFBF5A4C7CAD984294284D643E9CA3
          SHA1:16B51D017001688A32CB7B15DE6E7A49F28B76FD
          SHA-256:8F3089F4B2CA47B7AC4CB78375B2BFAC01268113A7C67D020F8B5B7F2C25BBDA
          SHA-512:3941ACA62CF59BF6857BA9C300B4236F18690DE1213BB7FCFA0EC87DCD71152849F1DEAFB470CA4BC2ACC2C0C13D7FD57661BFC053960ADD7570DE365AE7E63C
          Malicious:false
          Preview: # Encoding file: macCentEuro, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.00C40100010100C9010400D600DC00E10105010C00E4010D0106010700E90179.017A010E00ED010F01120113011600F3011700F400F600F500FA011A011B00FC.202000B0011800A300A7202200B600DF00AE00A92122011900A822600123012E.012F012A22642265012B0136220222110142013B013C013D013E0139013A0145.0146014300AC221A01440147220600AB00BB202600A00148015000D50151014C.20132014201C201D2018201900F725CA014D0154015501582039203A01590156.01570160201A201E0161015A015B00C101
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\encoding\macCroatian.enc
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1096
          Entropy (8bit):3.3293096097500965
          Encrypted:false
          SSDEEP:24:8ULyTUmJvRju3ShVbsZiAMiZyb7P4SNMdNxOZwl+KR8DklJyseQWkv:8ULygmOEVIwAMiw/P34+KR8DklEswm
          MD5:F13D479550D4967A0BC76A60C89F1461
          SHA1:63F44E818284384DE07AB0D8B0CD6F7EBFE09AB9
          SHA-256:8D0B6A882B742C5CCE938241328606C111DDA0CB83334EBEDCDA17605F3641AE
          SHA-512:80AB9DCAAC1A496FD2CA6BE9959FE2DE201F504D8A58D114F2FF5D1F6AAD507F052B87D29D3EBA69093C3D965CC4C113C9EA6DB8EEBB67BD620ADF860CA2CC35
          Malicious:false
          Preview: # Encoding file: macCroatian, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.00C400C500C700C900D100D600DC00E100E000E200E400E300E500E700E900E8.00EA00EB00ED00EC00EE00EF00F100F300F200F400F600F500FA00F900FB00FC.202000B000A200A300A7202200B600DF00AE0160212200B400A82260017D00D8.221E00B122642265220600B522022211220F0161222B00AA00BA03A9017E00F8.00BF00A100AC221A01922248010600AB010C202600A000C000C300D501520153.01102014201C201D2018201900F725CAF8FF00A9204420AC2039203A00C600BB.201300B7201A201E203000C2010700C101
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\encoding\macCyrillic.enc
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1096
          Entropy (8bit):3.3482225358368565
          Encrypted:false
          SSDEEP:24:8dTUmJvRju3ShVbsZiAMiZyb7P4GE+SAJlM9aDpiR/Pk956e3cmh:8dgmOEVIwAMiw/Pr5NY3k9nsmh
          MD5:60FFC8E390A31157D8646AEAC54E58AE
          SHA1:3DE17B2A5866272602FB8E9C54930A4CD1F3B06C
          SHA-256:EB135A89519F2E004282DED21B11C3AF7CCB2320C9772F2DF7D1A4A1B674E491
          SHA-512:3644429A9BD42ADC356E1BD6FCFABEE120E851348B538A4FE4903B72A533174D7448A6C2DA71219E4CD5D0443C0475417D54C8E113005DF2CA20C608DE5E3306
          Malicious:false
          Preview: # Encoding file: macCyrillic, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0410041104120413041404150416041704180419041A041B041C041D041E041F.0420042104220423042404250426042704280429042A042B042C042D042E042F.202000B0049000A300A7202200B6040600AE00A9212204020452226004030453.221E00B122642265045600B504910408040404540407045704090459040A045A.0458040500AC221A01922248220600AB00BB202600A0040B045B040C045C0455.20132014201C201D2018201900F7201E040E045E040F045F211604010451044F.0430043104320433043404350436043704
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\encoding\macDingbats.enc
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1096
          Entropy (8bit):3.8086748658227827
          Encrypted:false
          SSDEEP:24:87JM0UmJvRjuyfqYCsUBOdXBCbtwHviANskNWkiXFtoE4OSFgHrBPkq:87KfmOEqYCs6CXRPiANHWkiXFt9XSMdf
          MD5:EBD121A4E93488A48FC0A06ADE9FD158
          SHA1:A40E6DB97D6DB2893A072B2275DC22E2A4D60737
          SHA-256:8FBCC63CB289AFAAE15B438752C1746F413F3B79BA5845C2EF52BA1104F8BDA6
          SHA-512:26879ABE4854908296F32B2BB97AEC1F693C56EC29A7DB9B63B2DA62282F2D2EDAE9D50738595D1530731DF5B1812719A74F50ADF521F80DD5067F3DF6A3517C
          Malicious:false
          Preview: # Encoding file: macDingbats, single-byte.S.003F 1 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.00202701270227032704260E2706270727082709261B261E270C270D270E270F.2710271127122713271427152716271727182719271A271B271C271D271E271F.2720272127222723272427252726272726052729272A272B272C272D272E272F.2730273127322733273427352736273727382739273A273B273C273D273E273F.2740274127422743274427452746274727482749274A274B25CF274D25A0274F.27502751275225B225BC25C6275625D727582759275A275B275C275D275E007F.F8D7F8D8F8D9F8DAF8DBF8DCF8DDF8DEF8DFF8E0F8E1F8E2F8E3F8E4008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.0000276127622763276427652766276726632666266526602460246124622463.2464246524662467246824692776277727782779277A277B277C277D277E277F.2780278127822783278427852786278727882789278A278B278C278D278E278F.2790279127922793279421922194219527982799279A279B279C279D279E279F.27A027A127A227A327A427A527A627A727
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\encoding\macGreek.enc
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1093
          Entropy (8bit):3.4271472017271556
          Encrypted:false
          SSDEEP:24:8dOTUmJvRju3ShVbsZiAMiZyb7P4Hlb7BMM2aSYjsSkUEkp1FsOSUTime:8kgmOEVIwAMiw/Pg7K23s0x1FsOJTime
          MD5:14AD68855168E3E741FE179888EA7482
          SHA1:9C2AD53D69F5077853A05F0933330B5D6F88A51C
          SHA-256:F7BFF98228DED981EC9A4D1D0DA62247A8D23F158926E3ACBEC3CCE379C998C2
          SHA-512:FB13F32197D3582BC20EEA604A0B0FD7923AE541CCEB3AF1CDE36B0404B8DB6312FB5270B40CBC8BA4C91B9505B57FB357EB875E8AFB3DB76DFB498CE17851ED
          Malicious:false
          Preview: # Encoding file: macGreek, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.00C400B900B200C900B300D600DC038500E000E200E4038400A800E700E900E8.00EA00EB00A3212200EE00EF202200BD203000F400F600A600AD00F900FB00FC.2020039303940398039B039E03A000DF00AE00A903A303AA00A7226000B000B7.039100B12264226500A503920395039603970399039A039C03A603AB03A803A9.03AC039D00AC039F03A1224803A400AB00BB202600A003A503A7038603880153.20132015201C201D2018201900F70389038A038C038E03AD03AE03AF03CC038F.03CD03B103B203C803B403B503C603B303B70
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\encoding\macIceland.enc
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1095
          Entropy (8bit):3.3292041026777457
          Encrypted:false
          SSDEEP:24:8KTUmJvRju3ShVbsZiAMiZyb7P4SNMVtOZm5YRMdjY4g4JysAWD:8KgmOEVIwAMiw/Pf2YRMFBEszD
          MD5:6D52A84C06970CD3B2B7D8D1B4185CE6
          SHA1:C434257D76A9FDF81CCCD8CC14242C8E3940FD89
          SHA-256:633F5E3E75BF1590C94AB9CBF3538D0F0A7A319DB9016993908452D903D9C4FD
          SHA-512:711F4DC86DD609823BF1BC5505DEE9FA3875A8AA7BCA31DC1B5277720C5ABE65B62E8A592FC55D99D1C7CA181FDDC2606551C43A9D12489B9FECFF152E9A3DCF
          Malicious:false
          Preview: # Encoding file: macIceland, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.00C400C500C700C900D100D600DC00E100E000E200E400E300E500E700E900E8.00EA00EB00ED00EC00EE00EF00F100F300F200F400F600F500FA00F900FB00FC.00DD00B000A200A300A7202200B600DF00AE00A9212200B400A8226000C600D8.221E00B12264226500A500B522022211220F03C0222B00AA00BA03A900E600F8.00BF00A100AC221A01922248220600AB00BB202600A000C000C300D501520153.20132014201C201D2018201900F725CA00FF0178204420AC00D000F000DE00FE.00FD00B7201A201E203000C200CA00C100C
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\encoding\macJapan.enc
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):48028
          Entropy (8bit):3.3111639331656635
          Encrypted:false
          SSDEEP:768:ehuW1PJnT9TO7RaQiPCLUKr7KBi9FrOLdtHJ:eZPV9KuqTxFGXp
          MD5:105B49F855C77AE0D3DED6C7130F93C2
          SHA1:BA187C52FAE9792DA5BFFBEAA781FD4E0716E0F6
          SHA-256:2A6856298EC629A16BDD924711DFE3F3B1E3A882DDF04B7310785D83EC0D566C
          SHA-512:5B5FBE69D3B67AF863759D92D4A68481EC2211FF84ED9F0B3BD6129857966DE32B42A42432C44B9246C9D0D9C4C546CD3C6D13FF49BD338192C24AD053C0602E
          Malicious:false
          Preview: # Encoding file: macJapan, multi-byte.M.003F 0 46.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.00A0FF61FF62FF63FF64FF65FF66FF67FF68FF69FF6AFF6BFF6CFF6DFF6EFF6F.FF70FF71FF72FF73FF74FF75FF76FF77FF78FF79FF7AFF7BFF7CFF7DFF7EFF7F.FF80FF81FF82FF83FF84FF85FF86FF87FF88FF89FF8AFF8BFF8CFF8DFF8EFF8F.FF90FF91FF92FF93FF94FF95FF96FF97FF98FF99FF9AFF9BFF9CFF9DFF9EFF9F.0000000000000000000000000000000000000
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\encoding\macRoman.enc
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1093
          Entropy (8bit):3.3361385497578406
          Encrypted:false
          SSDEEP:24:8TTUmJvRju3ShVbsZiAMiZyb7P4SNMVtOZm5YRMdjBtRg4JysAWD:8TgmOEVIwAMiw/P32YRMTtRBEszD
          MD5:30BECAE9EFD678B6FD1E08FB952A7DBE
          SHA1:E4D8EA6A0E70BB793304CA21EB1337A7A2C26A31
          SHA-256:68F22BAD30DAA81B215925416C1CC83360B3BB87EFC342058929731AC678FF37
          SHA-512:E87105F7A5A983ACEAC55E93FA802C985B2B19F51CB3C222B4C13DDCF17C32D08DF323C829FB4CA33770B668485B7D14B7F6B0CF2287B0D76091DE2A675E88BD
          Malicious:false
          Preview: # Encoding file: macRoman, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.00C400C500C700C900D100D600DC00E100E000E200E400E300E500E700E900E8.00EA00EB00ED00EC00EE00EF00F100F300F200F400F600F500FA00F900FB00FC.202000B000A200A300A7202200B600DF00AE00A9212200B400A8226000C600D8.221E00B12264226500A500B522022211220F03C0222B00AA00BA03A900E600F8.00BF00A100AC221A01922248220600AB00BB202600A000C000C300D501520153.20132014201C201D2018201900F725CA00FF0178204420AC2039203AFB01FB02.202100B7201A201E203000C200CA00C100CB0
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\encoding\macRomania.enc
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1095
          Entropy (8bit):3.342586490827578
          Encrypted:false
          SSDEEP:24:8tTUmJvRju3ShVbsZiAMiZyb7P4SNMVZSxOZFYRMdj/TAg4JysAWD:8tgmOEVIwAMiw/P3AtYRMFTABEszD
          MD5:C9AD5E42DA1D2C872223A14CC76F1D2B
          SHA1:E257BD16EF34FDC29D5B6C985A1B45801937354C
          SHA-256:71AE80ADFB437B7BC88F3C76FD37074449B3526E7AA5776D2B9FD5A43C066FA8
          SHA-512:74588523D35A562AD4B1AF2B570596194D8C5018D5B44C8BA2B1F6BAD422D06E90172B0E65BB975663F3A3C246BCF2F598E9778BA86D1C5A51F5C0A38A2670EC
          Malicious:false
          Preview: # Encoding file: macRomania, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.00C400C500C700C900D100D600DC00E100E000E200E400E300E500E700E900E8.00EA00EB00ED00EC00EE00EF00F100F300F200F400F600F500FA00F900FB00FC.202000B000A200A300A7202200B600DF00AE00A9212200B400A822600102015E.221E00B12264226500A500B522022211220F03C0222B00AA00BA21260103015F.00BF00A100AC221A01922248220600AB00BB202600A000C000C300D501520153.20132014201C201D2018201900F725CA00FF0178204400A42039203A01620163.202100B7201A201E203000C200CA00C100C
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\encoding\macThai.enc
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1092
          Entropy (8bit):3.539905812302991
          Encrypted:false
          SSDEEP:24:88TUmJvRju3ShVbsZiAMiZyb7P4oJi8XPHmED43U/Tmh:88gmOEVIwAMiw/PNJpP43U0
          MD5:163729C7C2B1F5A5DE1FB7866C93B102
          SHA1:633D190B5E281CFC0178F6C11DD721C6A266F643
          SHA-256:CEAD5EB2B0B44EF4003FBCB2E49CA0503992BA1D6540D11ACBBB84FDBBD6E79A
          SHA-512:2093E3B59622E61F29276886911FAA50BA3AA9D903CAF8CB778A1D3FDB3D1F7DA43071AFC3672C27BE175E7EEBBC542B655A85533F41EA39F32E80663CAF3B44
          Malicious:false
          Preview: # Encoding file: macThai, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.00AB00BB2026F88CF88FF892F895F898F88BF88EF891F894F897201C201DF899.FFFD2022F884F889F885F886F887F888F88AF88DF890F893F89620182019FFFD.00A00E010E020E030E040E050E060E070E080E090E0A0E0B0E0C0E0D0E0E0E0F.0E100E110E120E130E140E150E160E170E180E190E1A0E1B0E1C0E1D0E1E0E1F.0E200E210E220E230E240E250E260E270E280E290E2A0E2B0E2C0E2D0E2E0E2F.0E300E310E320E330E340E350E360E370E380E390E3AFEFF200B201320140E3F.0E400E410E420E430E440E450E460E470E480E
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\encoding\macTurkish.enc
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1095
          Entropy (8bit):3.353168947106635
          Encrypted:false
          SSDEEP:24:8QjTUmJvRju3ShVbsZiAMiZyb7P4SNMVtOZm5YRMdD/g4JysD:88gmOEVIwAMiw/P32YRM9BEsD
          MD5:F20CBBE1FF9289AC4CBAFA136A9D3FF1
          SHA1:382E34824AD8B79EF0C98FD516750649FD94B20A
          SHA-256:F703B7F74CC6F5FAA959F51C757C94623677E27013BCAE23BEFBA01A392646D9
          SHA-512:23733B711614EA99D954E92C6035DAC1237866107FE11CDD5B0CD2A780F22B9B7B879570DB38C6B9195F54DAD9DFB0D60641AB37DFF3C51CF1A11D1D36471B2D
          Malicious:false
          Preview: # Encoding file: macTurkish, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.00C400C500C700C900D100D600DC00E100E000E200E400E300E500E700E900E8.00EA00EB00ED00EC00EE00EF00F100F300F200F400F600F500FA00F900FB00FC.202000B000A200A300A7202200B600DF00AE00A9212200B400A8226000C600D8.221E00B12264226500A500B522022211220F03C0222B00AA00BA03A900E600F8.00BF00A100AC221A01922248220600AB00BB202600A000C000C300D501520153.20132014201C201D2018201900F725CA00FF0178011E011F01300131015E015F.202100B7201A201E203000C200CA00C100C
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\encoding\macUkraine.enc
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1095
          Entropy (8bit):3.3460856516901947
          Encrypted:false
          SSDEEP:24:8TzTUmJvRju3ShVbsZiAMiZyb7P4GE+SAJlM9aDpiR/Pk956e3cmq:8PgmOEVIwAMiw/Pr5NY3k9nsmq
          MD5:92716A59D631BA3A352DE0872A5CF351
          SHA1:A487946CB2EFD75FD748503D75E495720B53E5BC
          SHA-256:4C94E7FBE183379805056D960AB624D78879E43278262E4D6B98AB78E5FEFEA8
          SHA-512:863A667B6404ED02FE994089320EB0ECC34DC431D591D661277FB54A2055334DBEBCAAE1CA06FB8D190727EBA23A47B47991323BE35E74C182F83E5DEAA0D83B
          Malicious:false
          Preview: # Encoding file: macUkraine, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0410041104120413041404150416041704180419041A041B041C041D041E041F.0420042104220423042404250426042704280429042A042B042C042D042E042F.202000B0049000A300A7202200B6040600AE00A9212204020452226004030453.221E00B122642265045600B504910408040404540407045704090459040A045A.0458040500AC221A01922248220600AB00BB202600A0040B045B040C045C0455.20132014201C201D2018201900F7201E040E045E040F045F211604010451044F.04300431043204330434043504360437043
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\encoding\shiftjis.enc
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):41862
          Entropy (8bit):3.4936148161949747
          Encrypted:false
          SSDEEP:768:/huW1PJnT9TOZRaQiPCLUKr7KBi9FrOLdtY:/ZPV9KoqTxFGXY
          MD5:8FBCB1BBC4B59D6854A8FCBF25853E0D
          SHA1:2D56965B24125D999D1020C7C347B813A972647C
          SHA-256:7502587D52E7810228F2ECB45AC4319EA0F5C008B7AC91053B920010DC6DDF94
          SHA-512:128E66F384F9EA8F3E7FBEAD0D3AA1D45570EB3669172269A89AE3B522ED44E4572C6A5C9281B7E219579041D14FF0E76777A36E3902BFA1B58DC3DA729FA075
          Malicious:false
          Preview: # Encoding file: shiftjis, multi-byte.M.003F 0 40.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080000000000000000000850086008700000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000FF61FF62FF63FF64FF65FF66FF67FF68FF69FF6AFF6BFF6CFF6DFF6EFF6F.FF70FF71FF72FF73FF74FF75FF76FF77FF78FF79FF7AFF7BFF7CFF7DFF7EFF7F.FF80FF81FF82FF83FF84FF85FF86FF87FF88FF89FF8AFF8BFF8CFF8DFF8EFF8F.FF90FF91FF92FF93FF94FF95FF96FF97FF98FF99FF9AFF9BFF9CFF9DFF9EFF9F.0000000000000000000000000000000000000
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\encoding\symbol.enc
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1091
          Entropy (8bit):3.675943323650254
          Encrypted:false
          SSDEEP:24:Sd0UmJvRjuLoVoMQVoRmSdsTAsSnP9Us+yw4VivXObCXv:afmOEVoMQVoRmosTHSP9U/ydmXwCXv
          MD5:1B612907F31C11858983AF8C009976D6
          SHA1:F0C014B6D67FC0DC1D1BBC5F052F0C8B1C63D8BF
          SHA-256:73FD2B5E14309D8C036D334F137B9EDF1F7B32DBD45491CF93184818582D0671
          SHA-512:82D4A8F9C63F50E5D77DAD979D3A59729CD2A504E7159AE3A908B7D66DC02090DABD79B6A6DC7B998C32C383F804AACABC564A5617085E02204ADF0B13B13E5B
          Malicious:false
          Preview: # Encoding file: symbol, single-byte.S.003F 1 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002122000023220300250026220D002800292217002B002C2212002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.22450391039203A70394039503A603930397039903D1039A039B039C039D039F.03A0039803A103A303A403A503C203A9039E03A80396005B2234005D22A5005F.F8E503B103B203C703B403B503C603B303B703B903D503BA03BB03BC03BD03BF.03C003B803C103C303C403C503D603C903BE03C803B6007B007C007D223C007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.000003D2203222642044221E0192266326662665266021942190219121922193.00B000B12033226500D7221D2202202200F72260226122482026F8E6F8E721B5.21352111211C21182297229522052229222A2283228722842282228622082209.2220220700AE00A92122220F221A22C500AC2227222821D421D021D121D221D3.22C42329F8E8F8E9F8EA2211F8EBF8ECF8EDF8E
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\encoding\tis-620.enc
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1091
          Entropy (8bit):2.9763240350841884
          Encrypted:false
          SSDEEP:24:ZlTUmJvRju3ShVbsZiAMiZyb7PNHmED43U/TW5dF:PgmOEVIwAMiw/PJ43UKF
          MD5:7273E998972C9EFB2CEB2D5CD553DE49
          SHA1:4AA47E6DF964366FA3C29A0313C0DAE0FA63A78F
          SHA-256:330517F72738834ECBF4B6FA579F725B4B33AD9F4669975E727B40DF185751FF
          SHA-512:56BF15C123083D3F04FE0C506EE8ECE4C08C17754F0CAAD3566F1469728CFD2F0A487023DCB26432240EB09F064944D3EF08175979F5D1D2BF734E7C7C609055
          Malicious:false
          Preview: # Encoding file: tis-620, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E0000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.00000E010E020E030E040E050E060E070E080E090E0A0E0B0E0C0E0D0E0E0E0F.0E100E110E120E130E140E150E160E170E180E190E1A0E1B0E1C0E1D0E1E0E1F.0E200E210E220E230E240E250E260E270E280E290E2A0E2B0E2C0E2D0E2E0E2F.0E300E310E320E330E340E350E360E370E380E390E3A00000000000000000E3F.0E400E410E420E430E440E450E460E470E480E
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\history.tcl
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):7900
          Entropy (8bit):4.806010360595623
          Encrypted:false
          SSDEEP:192:DXzSaH9ox7j4LaQMpsyGb0XEACrHpff6Jy8qNy6QRIt5QYTLa3QAQYplavQqQIL0:DpH9m7DPnQdg+Q
          MD5:E8FD468CCD2EE620544FE204BDE2A59D
          SHA1:2E26B7977D900EAA7D4908D5113803DF6F34FC59
          SHA-256:9B6E400EB85440EC64AB66B4AC111546585740C9CA61FD156400D7153CBAD9F4
          SHA-512:13A40A4BDE32F163CB789C69BD260ABF41C6771E7AC50FB122C727B9F39BE5D73E4D8BAE040DDDD94C5F2B901AB7C32D9C6BB62310121CA8DB4ADE25CB9AA4B0
          Malicious:false
          Preview: # history.tcl --.#.# Implementation of the history command..#.# Copyright (c) 1997 Sun Microsystems, Inc..#.# See the file "license.terms" for information on usage and redistribution of.# this file, and for a DISCLAIMER OF ALL WARRANTIES..#...# The tcl::history array holds the history list and some additional.# bookkeeping variables..#.# nextid.the index used for the next history list item..# keep..the max size of the history list.# oldest.the index of the oldest item in the history...namespace eval ::tcl {. variable history. if {![info exists history]} {..array set history {.. nextid.0.. keep.20.. oldest.-20..}. }.. namespace ensemble create -command ::tcl::history -map {..add.::tcl::HistAdd..change.::tcl::HistChange..clear.::tcl::HistClear..event.::tcl::HistEvent..info.::tcl::HistInfo..keep.::tcl::HistKeep..nextid.::tcl::HistNextID..redo.::tcl::HistRedo. }.}...# history --.#.#.This is the main history command. See the man page for its interface..#.This does s
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\http1.0\http.tcl
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):9689
          Entropy (8bit):4.754346192989986
          Encrypted:false
          SSDEEP:192:kQkH8VqqNg5PPx7GRpoMJesrCL2coOG0vARQVSDR6VrKj7vWQYQN81QvLbDdv:pVqeglpu6toO3ACUnvv
          MD5:1DA12C32E7E4C040BD9AB2BCBAC5445B
          SHA1:8E8659BEF065AF9430509BBDD5FB4CFE0EF14153
          SHA-256:ACBFF9B5EF75790920B95023156FAD80B18AFF8CAFC4A6DC03893F9388E053A2
          SHA-512:A269C76C1684EC1A2E2AA611ABB459AA3BE2973FD456737BC8C8D2E5C8BC53A26BBC1488062281CA87E38D548281166C4D775C50C695AEC9741FE911BB431EAD
          Malicious:false
          Preview: # http.tcl.# Client-side HTTP for GET, POST, and HEAD commands..# These routines can be used in untrusted code that uses the Safesock.# security policy..# These procedures use a callback interface to avoid using vwait,.# which is not defined in the safe base..#.# See the http.n man page for documentation..package provide http 1.0..array set http {. -accept */*. -proxyhost {}. -proxyport {}. -useragent {Tcl http client package 1.0}. -proxyfilter httpProxyRequired.}.proc http_config {args} {. global http. set options [lsort [array names http -*]]. set usage [join $options ", "]. if {[llength $args] == 0} {..set result {}..foreach name $options {.. lappend result $name $http($name)..}..return $result. }. regsub -all -- - $options {} options. set pat ^-([join $options |])$. if {[llength $args] == 1} {..set flag [lindex $args 0]..if {[regexp -- $pat $flag]} {.. return $http($flag)..} else {.. return -code error "Unknown option $flag, must be:
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\http1.0\pkgIndex.tcl
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):735
          Entropy (8bit):4.669068874824871
          Encrypted:false
          SSDEEP:12:jHxxYRs+opS42wyGlTajUA43KXks4L57+HkuRz20JSv6C3l5kl:bbYRshS42wyGlTah9XkbL5i1z2jxXkl
          MD5:10EC7CD64CA949099C818646B6FAE31C
          SHA1:6001A58A0701DFF225E2510A4AAEE6489A537657
          SHA-256:420C4B3088C9DACD21BC348011CAC61D7CB283B9BEE78AE72EED764AB094651C
          SHA-512:34A0ACB689E430ED2903D8A903D531A3D734CB37733EF13C5D243CB9F59C020A3856AAD98726E10AD7F4D67619A3AF1018F6C3E53A6E073E39BD31D088EFD4AF
          Malicious:false
          Preview: # Tcl package index file, version 1.0.# This file is generated by the "pkg_mkIndex" command.# and sourced either when an application starts up or.# by a "package unknown" script. It invokes the.# "package ifneeded" command to set up package-related.# information so that packages will be loaded automatically.# in response to "package require" commands. When this.# script is sourced, the variable $dir must contain the.# full path name of this file's directory...package ifneeded http 1.0 [list tclPkgSetup $dir http 1.0 {{http.tcl source {httpCopyDone httpCopyStart httpEof httpEvent httpFinish httpMapReply httpProxyRequired http_code http_config http_data http_formatQuery http_get http_reset http_size http_status http_wait}}}].
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\init.tcl
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:Tcl script, ASCII text
          Category:dropped
          Size (bytes):24432
          Entropy (8bit):4.824619671192163
          Encrypted:false
          SSDEEP:384:U8Oh2gWD8Ud4zaJqacMQsRNLKx32LgWMOFaBBf6/9IrO1zWq8oXbjdEfdQxAp12Q:2OD8Ud4WJqJfcMOFt/9IrOBWq8oXwQxM
          MD5:B900811A252BE90C693E5E7AE365869D
          SHA1:345752C46F7E8E67DADEF7F6FD514BED4B708FC5
          SHA-256:BC492B19308BC011CFCD321F1E6E65E6239D4EEB620CC02F7E9BF89002511D4A
          SHA-512:36B8CDBA61B9222F65B055C0C513801F3278A3851912215658BCF0CE10F80197C1F12A5CA3054D8604DA005CE08DA8DCD303B8544706B642140A49C4377DD6CE
          Malicious:false
          Preview: # init.tcl --.#.# Default system startup file for Tcl-based applications. Defines.# "unknown" procedure and auto-load facilities..#.# Copyright (c) 1991-1993 The Regents of the University of California..# Copyright (c) 1994-1996 Sun Microsystems, Inc..# Copyright (c) 1998-1999 Scriptics Corporation..# Copyright (c) 2004 by Kevin B. Kenny. All rights reserved..#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES..#..# This test intentionally written in pre-7.5 Tcl.if {[info commands package] == ""} {. error "version mismatch: library\nscripts expect Tcl version 7.5b1 or later but the loaded version is\nonly [info patchlevel]".}.package require -exact Tcl 8.6.9..# Compute the auto path to use in this interpreter..# The values on the path come from several locations:.#.# The environment variable TCLLIBPATH.#.# tcl_library, which is the directory containing this init.tcl script..# [tclInit] (Tcl_Init()) sea
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\af.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):989
          Entropy (8bit):4.015702624322247
          Encrypted:false
          SSDEEP:12:4EnLzu8wcm2NkKcmtH3WhvdfjESBToOqepFHvFgdF69dixmem1OMVjeza6O6c:4azu8DtkN3bbJ75pF9gG3U2e+gc
          MD5:3A3B4D3B137E7270105DC7B359A2E5C2
          SHA1:2089B3948F11EF8CE4BD3D57167715ADE65875E9
          SHA-256:2981965BD23A93A09EB5B4A334ACB15D00645D645C596A5ECADB88BFA0B6A908
          SHA-512:044602E7228D2CB3D0A260ADFD0D3A1F7CAB7EFE5DD00C7519EAF00A395A48A46EEFDB3DE81902D420D009B137030BC98FF32AD97E9C3713F0990FE6C09887A2
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset af DAYS_OF_WEEK_ABBREV [list \. "So"\. "Ma"\. "Di"\. "Wo"\. "Do"\. "Vr"\. "Sa"]. ::msgcat::mcset af DAYS_OF_WEEK_FULL [list \. "Sondag"\. "Maandag"\. "Dinsdag"\. "Woensdag"\. "Donderdag"\. "Vrydag"\. "Saterdag"]. ::msgcat::mcset af MONTHS_ABBREV [list \. "Jan"\. "Feb"\. "Mar"\. "Apr"\. "Mei"\. "Jun"\. "Jul"\. "Aug"\. "Sep"\. "Okt"\. "Nov"\. "Des"\. ""]. ::msgcat::mcset af MONTHS_FULL [list \. "Januarie"\. "Februarie"\. "Maart"\. "April"\. "Mei"\. "Junie"\. "Julie"\. "Augustus"\. "September"\. "Oktober"\. "November"\. "Desember"\. ""]. ::msgcat::mcset af AM "VM". ::msgcat::mcset af PM "NM".}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\af_za.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):251
          Entropy (8bit):4.879621059534584
          Encrypted:false
          SSDEEP:6:SlSyEtJLlpuoo6dmouFygvNLouFqF3v6aZouFy9+3vR6HK:4EnLzu8YAgvNTYF3v6axAI3voq
          MD5:27C356DF1BED4B22DFA55835115BE082
          SHA1:677394DF81CDBAF3D3E735F4977153BB5C81B1A6
          SHA-256:3C2F5F631ED3603EF0D5BCB31C51B2353C5C27839C806A036F3B7007AF7F3DE8
          SHA-512:EE88348C103382F91F684A09F594177119960F87E58C5E4FC718C698AD436E332B74B8ED18DF8563F736515A3A6442C608EBCBE6D1BD13B3E3664E1AA3851076
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset af_ZA DATE_FORMAT "%d %B %Y". ::msgcat::mcset af_ZA TIME_FORMAT_12 "%l:%M:%S %P". ::msgcat::mcset af_ZA DATE_TIME_FORMAT "%d %B %Y %l:%M:%S %P %z".}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\ar.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1964
          Entropy (8bit):4.417722751563065
          Encrypted:false
          SSDEEP:24:4azu8fnkFewadQxvbkMPm/FiUoAwonC9UFsvSnvMq:46dw/L+C9cKSvF
          MD5:0A88A6BFF15A6DABAAE48A78D01CFAF1
          SHA1:90834BCBDA9B9317B92786EC89E20DCF1F2DBD22
          SHA-256:BF984EC7CF619E700FE7E00381FF58ABE9BD2F4B3DD622EB2EDACCC5E6681050
          SHA-512:85CB96321BB6FB3119D69540B9E76916F0C5F534BA01382E73F8F9A0EE67A7F1BFC39947335688F2C8F3DB9B51D969D8EA7C7104A035C0E949E8E009D4656288
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset ar DAYS_OF_WEEK_ABBREV [list \. "\u062d"\. "\u0646"\. "\u062b"\. "\u0631"\. "\u062e"\. "\u062c"\. "\u0633"]. ::msgcat::mcset ar DAYS_OF_WEEK_FULL [list \. "\u0627\u0644\u0623\u062d\u062f"\. "\u0627\u0644\u0627\u062b\u0646\u064a\u0646"\. "\u0627\u0644\u062b\u0644\u0627\u062b\u0627\u0621"\. "\u0627\u0644\u0623\u0631\u0628\u0639\u0627\u0621"\. "\u0627\u0644\u062e\u0645\u064a\u0633"\. "\u0627\u0644\u062c\u0645\u0639\u0629"\. "\u0627\u0644\u0633\u0628\u062a"]. ::msgcat::mcset ar MONTHS_ABBREV [list \. "\u064a\u0646\u0627"\. "\u0641\u0628\u0631"\. "\u0645\u0627\u0631"\. "\u0623\u0628\u0631"\. "\u0645\u0627\u064a"\. "\u064a\u0648\u0646"\. "\u064a\u0648\u0644"\. "\u0623\u063a\u0633"\. "\u0633\u0628\u062a"\. "\u0623\u0643\u062a"\
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\ar_in.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):259
          Entropy (8bit):4.825452591398057
          Encrypted:false
          SSDEEP:6:SlSyEtJLlpuoo6dmoKNvf/NLoKU3v6xH5oKNo+3vfXM6PYv:4EnLzu8yvf/Nq3v6vF3vfc6q
          MD5:EEB42BA91CC7EF4F89A8C1831ABE7B03
          SHA1:74D12B4CBCDF63FDF00E589D8A604A5C52C393EF
          SHA-256:29A70EAC43B1F3AA189D8AE4D92658E07783965BAE417FB66EE5F69CFCB564F3
          SHA-512:6CCB2F62986CE1CF3CE78538041A0E4AAF717496F965D73014A13E9B05093EB43185C3C14212DC052562F3F369AB6985485C8C93D1DFC60CF9B8DABEA7CDF434
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset ar_IN DATE_FORMAT "%A %d %B %Y". ::msgcat::mcset ar_IN TIME_FORMAT_12 "%I:%M:%S %z". ::msgcat::mcset ar_IN DATE_TIME_FORMAT "%A %d %B %Y %I:%M:%S %z %z".}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\ar_jo.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1812
          Entropy (8bit):4.023830561129656
          Encrypted:false
          SSDEEP:24:4azu8J5Fe6k+wR+9Gb+Oa+UcP+wR+9Gb+Oa+UD:46I6CNbtdNbQ
          MD5:4338BD4F064A6CDC5BFED2D90B55D4E8
          SHA1:709717BB1F62A71E94D61056A70660C6A03B48AE
          SHA-256:78116E7E706C7D1E3E7446094709819FB39A50C2A2302F92D6A498E06ED4A31B
          SHA-512:C63A535AD19CBEF5EFC33AC5A453B1C503A59C6CE71A4CABF8083BC516DF0F3F14D3D4F309D33EDF2EC5E79DB00ED1F7D56FD21068F09F178BB2B191603BAC25
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset ar_JO DAYS_OF_WEEK_ABBREV [list \. "\u0627\u0644\u0623\u062d\u062f"\. "\u0627\u0644\u0627\u062b\u0646\u064a\u0646"\. "\u0627\u0644\u062b\u0644\u0627\u062b\u0627\u0621"\. "\u0627\u0644\u0623\u0631\u0628\u0639\u0627\u0621"\. "\u0627\u0644\u062e\u0645\u064a\u0633"\. "\u0627\u0644\u062c\u0645\u0639\u0629"\. "\u0627\u0644\u0633\u0628\u062a"]. ::msgcat::mcset ar_JO MONTHS_ABBREV [list \. "\u0643\u0627\u0646\u0648\u0646 \u0627\u0644\u062b\u0627\u0646\u064a"\. "\u0634\u0628\u0627\u0637"\. "\u0622\u0630\u0627\u0631"\. "\u0646\u064a\u0633\u0627\u0646"\. "\u0646\u0648\u0627\u0631"\. "\u062d\u0632\u064a\u0631\u0627\u0646"\. "\u062a\u0645\u0648\u0632"\. "\u0622\u0628"\. "\u0623\u064a\u0644\u0648\u0644"\. "\u062a\u0634\u0631\u064a\u0646 \u0627\u0644\u0623\u0648\u0644"\. "\u062a\
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\ar_lb.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1812
          Entropy (8bit):4.020656526954981
          Encrypted:false
          SSDEEP:24:4azu865Fehk+wR+9Gb+Oa+UXP+wR+9Gb+Oa+UD:46nhCNbadNbQ
          MD5:3789E03CF926D4F12AFD30FC7229B78D
          SHA1:AEF38AAB736E5434295C72C14F38033AAFE6EF15
          SHA-256:7C970EFEB55C53758143DF42CC452A3632F805487CA69DB57E37C1F478A7571B
          SHA-512:C9172600703337EDB2E36D7470A3AED96CCC763D7163067CB19E7B097BB7877522758C3109E31D5D72F486DD50BF510DDBA50EDD248B899FA0A2EEF09FCBF903
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset ar_LB DAYS_OF_WEEK_ABBREV [list \. "\u0627\u0644\u0623\u062d\u062f"\. "\u0627\u0644\u0627\u062b\u0646\u064a\u0646"\. "\u0627\u0644\u062b\u0644\u0627\u062b\u0627\u0621"\. "\u0627\u0644\u0623\u0631\u0628\u0639\u0627\u0621"\. "\u0627\u0644\u062e\u0645\u064a\u0633"\. "\u0627\u0644\u062c\u0645\u0639\u0629"\. "\u0627\u0644\u0633\u0628\u062a"]. ::msgcat::mcset ar_LB MONTHS_ABBREV [list \. "\u0643\u0627\u0646\u0648\u0646 \u0627\u0644\u062b\u0627\u0646\u064a"\. "\u0634\u0628\u0627\u0637"\. "\u0622\u0630\u0627\u0631"\. "\u0646\u064a\u0633\u0627\u0646"\. "\u0646\u0648\u0627\u0631"\. "\u062d\u0632\u064a\u0631\u0627\u0646"\. "\u062a\u0645\u0648\u0632"\. "\u0622\u0628"\. "\u0623\u064a\u0644\u0648\u0644"\. "\u062a\u0634\u0631\u064a\u0646 \u0627\u0644\u0623\u0648\u0644"\. "\u062a\
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\ar_sy.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1812
          Entropy (8bit):4.02203966019266
          Encrypted:false
          SSDEEP:24:4azu8k5Fezk+wR+9Gb+Oa+U5P+wRa9Gb+Oa+UD:46ZzCNb0d5bQ
          MD5:EC736BFD4355D842E5BE217A7183D950
          SHA1:C6B83C02F5D4B14064D937AFD8C6A92BA9AE9EFB
          SHA-256:AEF17B94A0DB878E2F0FB49D982057C5B663289E3A8E0E2B195DCEC37E8555B1
          SHA-512:68BB7851469C24003A9D74FC7FE3599A2E95EE3803014016DDEBF4C5785F49EDBADA69CD4103F2D3B6CE91E9A32CC432DBDFEC2AED0557E5B6B13AED489A1EDA
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset ar_SY DAYS_OF_WEEK_ABBREV [list \. "\u0627\u0644\u0623\u062d\u062f"\. "\u0627\u0644\u0627\u062b\u0646\u064a\u0646"\. "\u0627\u0644\u062b\u0644\u0627\u062b\u0627\u0621"\. "\u0627\u0644\u0623\u0631\u0628\u0639\u0627\u0621"\. "\u0627\u0644\u062e\u0645\u064a\u0633"\. "\u0627\u0644\u062c\u0645\u0639\u0629"\. "\u0627\u0644\u0633\u0628\u062a"]. ::msgcat::mcset ar_SY MONTHS_ABBREV [list \. "\u0643\u0627\u0646\u0648\u0646 \u0627\u0644\u062b\u0627\u0646\u064a"\. "\u0634\u0628\u0627\u0637"\. "\u0622\u0630\u0627\u0631"\. "\u0646\u064a\u0633\u0627\u0646"\. "\u0646\u0648\u0627\u0631"\. "\u062d\u0632\u064a\u0631\u0627\u0646"\. "\u062a\u0645\u0648\u0632"\. "\u0622\u0628"\. "\u0623\u064a\u0644\u0648\u0644"\. "\u062a\u0634\u0631\u064a\u0646 \u0627\u0644\u0623\u0648\u0644"\. "\u062a\
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\be.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):2105
          Entropy (8bit):4.215818273236158
          Encrypted:false
          SSDEEP:48:46dJRQPQ86AK0xQuEQS3oQsDptuCrQICZmQ8ZVDtN1QFqQLtCSjZMpktvp:hdP6HIZoFnl1Rgx
          MD5:1A3ABFBC61EF757B45FF841C197BB6C3
          SHA1:74D623DAB6238D05C18DDE57FC956D84974FC2D4
          SHA-256:D790E54217A4BF9A7E1DCB4F3399B5861728918E93CD3F00B63F1349BDB71C57
          SHA-512:154D053410AA0F7817197B7EE1E8AE839BA525C7660620581F228477B1F5B972FE95A4E493BB50365D0B63B0115036DDE54A98450CA4E8048AF5D0AF092BADE5
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset be DAYS_OF_WEEK_ABBREV [list \. "\u043d\u0434"\. "\u043f\u043d"\. "\u0430\u0442"\. "\u0441\u0440"\. "\u0447\u0446"\. "\u043f\u0442"\. "\u0441\u0431"]. ::msgcat::mcset be DAYS_OF_WEEK_FULL [list \. "\u043d\u044f\u0434\u0437\u0435\u043b\u044f"\. "\u043f\u0430\u043d\u044f\u0434\u0437\u0435\u043b\u0430\u043a"\. "\u0430\u045e\u0442\u043e\u0440\u0430\u043a"\. "\u0441\u0435\u0440\u0430\u0434\u0430"\. "\u0447\u0430\u0446\u0432\u0435\u0440"\. "\u043f\u044f\u0442\u043d\u0456\u0446\u0430"\. "\u0441\u0443\u0431\u043e\u0442\u0430"]. ::msgcat::mcset be MONTHS_ABBREV [list \. "\u0441\u0442\u0434"\. "\u043b\u044e\u0442"\. "\u0441\u043a\u0432"\. "\u043a\u0440\u0441"\. "\u043c\u0430\u0439"\. "\u0447\u0440\u0432"\. "\u043b\u043f\u043d"\. "\u0436\u043d\u
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\bg.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1819
          Entropy (8bit):4.363233187157474
          Encrypted:false
          SSDEEP:48:46scAXuQfuQVoQAWN5EPIKfD8WQjQ3QgQaQLSqQsQGtQWCQMmt1f:hD/zQaPIKfTSiF3KVfVCqp
          MD5:11FA3BA30A0EE6A7B2B9D67B439C240D
          SHA1:EC5557A16A0293ABF4AA8E5FD50940B60A8A36A6
          SHA-256:E737D8DC724AA3B9EC07165C13E8628C6A8AC1E80345E10DC77E1FC62A6D86F1
          SHA-512:B776E7C98FB819436C61665206EE0A2644AA4952D739FF7CC58EAFBD549BD1D26028DE8E11B8533814102B31FC3884F95890971F547804BCAA4530E35BDD5CFD
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset bg DAYS_OF_WEEK_ABBREV [list \. "\u041d\u0434"\. "\u041f\u043d"\. "\u0412\u0442"\. "\u0421\u0440"\. "\u0427\u0442"\. "\u041f\u0442"\. "\u0421\u0431"]. ::msgcat::mcset bg DAYS_OF_WEEK_FULL [list \. "\u041d\u0435\u0434\u0435\u043b\u044f"\. "\u041f\u043e\u043d\u0435\u0434\u0435\u043b\u043d\u0438\u043a"\. "\u0412\u0442\u043e\u0440\u043d\u0438\u043a"\. "\u0421\u0440\u044f\u0434\u0430"\. "\u0427\u0435\u0442\u0432\u044a\u0440\u0442\u044a\u043a"\. "\u041f\u0435\u0442\u044a\u043a"\. "\u0421\u044a\u0431\u043e\u0442\u0430"]. ::msgcat::mcset bg MONTHS_ABBREV [list \. "I"\. "II"\. "III"\. "IV"\. "V"\. "VI"\. "VII"\. "VIII"\. "IX"\. "X"\. "XI"\. "XII"\. ""]. ::msgcat::mcset bg MONTHS_FULL [list \. "\u042
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\bn.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):2286
          Entropy (8bit):4.04505151160981
          Encrypted:false
          SSDEEP:24:4azu8adWa9tUEVcqVc5VcaUTVcHVEVc+7VclEVcNGVcn0VcMG/0VcMjVcMK7YXs+:46C07LetHigetH1YES
          MD5:B387D4A2AB661112F2ABF57CEDAA24A5
          SHA1:80DB233687A9314600317AD39C01466C642F3C4C
          SHA-256:297D4D7CAE6E99DB3CA6EE793519512BFF65013CF261CF90DED4D28D3D4F826F
          SHA-512:450BB56198AAAB2EEFCD4E24C29DD79D71D2EF7E8D066F3B58F9C5D831F960AFB78C46ECE2DB32EF81454BCCC80C730E36A610DC9BAF06757E0757B421BACB19
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset bn DAYS_OF_WEEK_ABBREV [list \. "\u09b0\u09ac\u09bf"\. "\u09b8\u09cb\u09ae"\. "\u09ae\u0999\u0997\u09b2"\. "\u09ac\u09c1\u09a7"\. "\u09ac\u09c3\u09b9\u09b8\u09cd\u09aa\u09a4\u09bf"\. "\u09b6\u09c1\u0995\u09cd\u09b0"\. "\u09b6\u09a8\u09bf"]. ::msgcat::mcset bn DAYS_OF_WEEK_FULL [list \. "\u09b0\u09ac\u09bf\u09ac\u09be\u09b0"\. "\u09b8\u09cb\u09ae\u09ac\u09be\u09b0"\. "\u09ae\u0999\u0997\u09b2\u09ac\u09be\u09b0"\. "\u09ac\u09c1\u09a7\u09ac\u09be\u09b0"\. "\u09ac\u09c3\u09b9\u09b8\u09cd\u09aa\u09a4\u09bf\u09ac\u09be\u09b0"\. "\u09b6\u09c1\u0995\u09cd\u09b0\u09ac\u09be\u09b0"\. "\u09b6\u09a8\u09bf\u09ac\u09be\u09b0"]. ::msgcat::mcset bn MONTHS_ABBREV [list \. "\u099c\u09be\u09a8\u09c1\u09df\u09be\u09b0\u09c0"\. "\u09ab\u09c7\u09ac\u09cd\u09b0\u09c1\u09df\u09be\u09b0\u09c0"\.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\bn_in.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):259
          Entropy (8bit):4.821338044395148
          Encrypted:false
          SSDEEP:6:SlSyEtJLlpuoo6dmovtvflD/Lo/E3v6xH5ovto+3vflm6PYv:4EnLzu81tvflD/SE3v6etF3vflm6q
          MD5:764E70363A437ECA938DEC17E615608B
          SHA1:2296073AE8CC421780E8A3BCD58312D6FB2F5BFC
          SHA-256:7D3A956663C529D07C8A9610414356DE717F3A2A2CE9B331B052367270ACEA94
          SHA-512:4C7B9082DA9DDF07C2BE16C359A1A42834B8E730AD4DD5B987866C2CC735402DDE513588A89C8DFA25A1AC6F66AF9FDDBEA8FD500F8526C4641BBA7011CD0D28
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset bn_IN DATE_FORMAT "%A %d %b %Y". ::msgcat::mcset bn_IN TIME_FORMAT_12 "%I:%M:%S %z". ::msgcat::mcset bn_IN DATE_TIME_FORMAT "%A %d %b %Y %I:%M:%S %z %z".}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\ca.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1102
          Entropy (8bit):4.213250101046006
          Encrypted:false
          SSDEEP:24:4azu8WBVUUQ48wsF0nuLsCtJeUFqwv1v3:46BwoL5ScfR3
          MD5:9378A5AD135137759D46A7CC4E4270E0
          SHA1:8D2D53DA208BB670A335C752DFC4B4FF4509A799
          SHA-256:14FF564FAB584571E954BE20D61C2FACB096FE2B3EF369CC5ECB7C25C2D92D5A
          SHA-512:EF784D0D982BA0B0CB37F1DA15F8AF3BE5321F59E586DBED1EDD0B3A38213D3CEA1CDFC983A025418403400CCE6039B786EE35694A5DFCE1F22CB2D315F5FCF8
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset ca DAYS_OF_WEEK_ABBREV [list \. "dg."\. "dl."\. "dt."\. "dc."\. "dj."\. "dv."\. "ds."]. ::msgcat::mcset ca DAYS_OF_WEEK_FULL [list \. "diumenge"\. "dilluns"\. "dimarts"\. "dimecres"\. "dijous"\. "divendres"\. "dissabte"]. ::msgcat::mcset ca MONTHS_ABBREV [list \. "gen."\. "feb."\. "mar\u00e7"\. "abr."\. "maig"\. "juny"\. "jul."\. "ag."\. "set."\. "oct."\. "nov."\. "des."\. ""]. ::msgcat::mcset ca MONTHS_FULL [list \. "gener"\. "febrer"\. "mar\u00e7"\. "abril"\. "maig"\. "juny"\. "juliol"\. "agost"\. "setembre"\. "octubre"\. "novembre"\. "desembre"\. ""]. ::msgcat::mcset ca DATE_FORMAT "%d/%m/%Y". ::msg
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\cs.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1300
          Entropy (8bit):4.400184537938628
          Encrypted:false
          SSDEEP:24:4azu8f4sO4fETEtd3N5EPIK+kJQz3R3VJ2PYYITCF3eYGCvt2/v3eG:46/ETKN5EPIKfsxV+pBtMJ
          MD5:4C5679B0880394397022A70932F02442
          SHA1:CA5C47A76CD4506D8E11AECE1EA0B4A657176019
          SHA-256:49CF452EEF0B8970BC56A7B8E040BA088215508228A77032CBA0035522412F86
          SHA-512:39FA0D3235FFD3CE2BCCFFFA6A4A8EFE2668768757DAFDE901917731E20AD15FCAC4E48CF4ACF0ADFAA38CC72768FD8F1B826464B0F71A1C784E334AE72F857C
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset cs DAYS_OF_WEEK_ABBREV [list \. "Ne"\. "Po"\. "\u00dat"\. "St"\. "\u010ct"\. "P\u00e1"\. "So"]. ::msgcat::mcset cs DAYS_OF_WEEK_FULL [list \. "Ned\u011ble"\. "Pond\u011bl\u00ed"\. "\u00dater\u00fd"\. "St\u0159eda"\. "\u010ctvrtek"\. "P\u00e1tek"\. "Sobota"]. ::msgcat::mcset cs MONTHS_ABBREV [list \. "I"\. "II"\. "III"\. "IV"\. "V"\. "VI"\. "VII"\. "VIII"\. "IX"\. "X"\. "XI"\. "XII"\. ""]. ::msgcat::mcset cs MONTHS_FULL [list \. "leden"\. "\u00fanor"\. "b\u0159ezen"\. "duben"\. "kv\u011bten"\. "\u010derven"\. "\u010dervenec"\. "srpen"\. "z\u00e1\u0159\u00ed"\. "\u0159\u00edjen"\. "listopad"\. "prosinec"\. ""]
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\da.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1156
          Entropy (8bit):4.242018456508518
          Encrypted:false
          SSDEEP:24:4azu8xVKE6V4/xPsS9CfXTBfijQT1GqAPwvsvT:461H6y/RsJXTNGqAuKT
          MD5:F012F45523AA0F8CFEACC44187FF1243
          SHA1:B171D1554244D2A6ED8DE17AC8000AA09D2FADE9
          SHA-256:CA58FF5BAA9681D9162E094E833470077B7555BB09EEE8E8DD41881B108008A0
          SHA-512:5BBC44471AB1B1622FABC7A12A8B8727087BE64BEAF72D2C3C9AAC1246A41D9B7CAFC5C451F24A3ACC681C310BF47BBC3384CF80EB0B4375E12646CB7BB8FFD5
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset da DAYS_OF_WEEK_ABBREV [list \. "s\u00f8"\. "ma"\. "ti"\. "on"\. "to"\. "fr"\. "l\u00f8"]. ::msgcat::mcset da DAYS_OF_WEEK_FULL [list \. "s\u00f8ndag"\. "mandag"\. "tirsdag"\. "onsdag"\. "torsdag"\. "fredag"\. "l\u00f8rdag"]. ::msgcat::mcset da MONTHS_ABBREV [list \. "jan"\. "feb"\. "mar"\. "apr"\. "maj"\. "jun"\. "jul"\. "aug"\. "sep"\. "okt"\. "nov"\. "dec"\. ""]. ::msgcat::mcset da MONTHS_FULL [list \. "januar"\. "februar"\. "marts"\. "april"\. "maj"\. "juni"\. "juli"\. "august"\. "september"\. "oktober"\. "november"\. "december"\. ""]. ::msgcat::mcset da BCE "f.Kr.". ::msgcat::mcset da CE "e.Kr.".
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\de.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1222
          Entropy (8bit):4.277486792653572
          Encrypted:false
          SSDEEP:24:4azu8byFouxpZzWsu0biMe5pF9g1tT9egQTqrS8QWmWFUvIvWI3:46CFB/ZzWsu0vpHlrS8QLWFSeWI3
          MD5:68882CCA0886535A613ECFE528BB81FC
          SHA1:6ABF519F6E4845E6F13F272D628DE97F2D2CD481
          SHA-256:CC3672969C1DD223EADD9A226E00CAC731D8245532408B75AB9A70E9EDD28673
          SHA-512:ACD5F811A0494E04A18035D2B9171FAF3AB8C856AAB0C09AEBE755590261066ADCD2750565F1CB840B2D0111D95C98970294550A4FBD00E4346D2EDBA3A5C957
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset de DAYS_OF_WEEK_ABBREV [list \. "So"\. "Mo"\. "Di"\. "Mi"\. "Do"\. "Fr"\. "Sa"]. ::msgcat::mcset de DAYS_OF_WEEK_FULL [list \. "Sonntag"\. "Montag"\. "Dienstag"\. "Mittwoch"\. "Donnerstag"\. "Freitag"\. "Samstag"]. ::msgcat::mcset de MONTHS_ABBREV [list \. "Jan"\. "Feb"\. "Mrz"\. "Apr"\. "Mai"\. "Jun"\. "Jul"\. "Aug"\. "Sep"\. "Okt"\. "Nov"\. "Dez"\. ""]. ::msgcat::mcset de MONTHS_FULL [list \. "Januar"\. "Februar"\. "M\u00e4rz"\. "April"\. "Mai"\. "Juni"\. "Juli"\. "August"\. "September"\. "Oktober"\. "November"\. "Dezember"\. ""]. ::msgcat::mcset de BCE "v. Chr.". ::msgcat::mcset de CE "n. Chr.".
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\de_at.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):812
          Entropy (8bit):4.344116560816791
          Encrypted:false
          SSDEEP:12:4EnLzu8U3S5dkTo7eqepFHvFgt1BAI+5zS17eM5Qz3q6owjI9I3vd3v6B3v9dy:4azu8UlMe5pF9gXDT9egQTqr+rv1vivi
          MD5:63B8EBBA990D1DE3D83D09375E19F6AC
          SHA1:B7714AF372B4662A0C15DDBC0F80D1249CB1EEBD
          SHA-256:80513A9969A12A8FB01802D6FC3015712A4EFDDA64552911A1BB3EA7A098D02C
          SHA-512:638307C9B97C74BAF38905AC88E73B57F24282E40929DA43ADB74978040B818EFCC2EE2A377DFEB3AC9050800536F2BE1C7C2A7AB9E7B8BCF8D15E5F293F24D9
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset de_AT MONTHS_ABBREV [list \. "J\u00e4n"\. "Feb"\. "M\u00e4r"\. "Apr"\. "Mai"\. "Jun"\. "Jul"\. "Aug"\. "Sep"\. "Okt"\. "Nov"\. "Dez"\. ""]. ::msgcat::mcset de_AT MONTHS_FULL [list \. "J\u00e4nner"\. "Februar"\. "M\u00e4rz"\. "April"\. "Mai"\. "Juni"\. "Juli"\. "August"\. "September"\. "Oktober"\. "November"\. "Dezember"\. ""]. ::msgcat::mcset de_AT DATE_FORMAT "%Y-%m-%d". ::msgcat::mcset de_AT TIME_FORMAT "%T". ::msgcat::mcset de_AT TIME_FORMAT_12 "%T". ::msgcat::mcset de_AT DATE_TIME_FORMAT "%a %d %b %Y %T %z".}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\de_be.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1223
          Entropy (8bit):4.319193323810203
          Encrypted:false
          SSDEEP:24:4azu8I8VWRFFAVa8VpZzWsuEbkMe5pF9grtT9egQTqr9u5sevOevmDvi:46kR6VaIZzWsuEJnHlrg5soOomzi
          MD5:A741CF1A27C77CFF2913076AC9EE9DDC
          SHA1:DE519D3A86DCF1E8F469490967AFE350BAEAFE01
          SHA-256:7573581DEC27E90B0C7D34057D9F4EF89727317D55F2C4E0428A47740FB1EB7A
          SHA-512:C9272793BAA1D33C32576B48756063F4A9BB97E8FFA276809CF4C3956CC457E48C577BDF359C1ECF5CF665A68135CAED17E972DC053A6AFBAAC3BA0ECBAFEB05
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset de_BE DAYS_OF_WEEK_ABBREV [list \. "Son"\. "Mon"\. "Die"\. "Mit"\. "Don"\. "Fre"\. "Sam"]. ::msgcat::mcset de_BE DAYS_OF_WEEK_FULL [list \. "Sonntag"\. "Montag"\. "Dienstag"\. "Mittwoch"\. "Donnerstag"\. "Freitag"\. "Samstag"]. ::msgcat::mcset de_BE MONTHS_ABBREV [list \. "Jan"\. "Feb"\. "M\u00e4r"\. "Apr"\. "Mai"\. "Jun"\. "Jul"\. "Aug"\. "Sep"\. "Okt"\. "Nov"\. "Dez"\. ""]. ::msgcat::mcset de_BE MONTHS_FULL [list \. "Januar"\. "Februar"\. "M\u00e4rz"\. "April"\. "Mai"\. "Juni"\. "Juli"\. "August"\. "September"\. "Oktober"\. "November"\. "Dezember"\. ""]. ::msgcat::mcset de_BE AM "vorm". ::msgcat::mcs
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\el.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):2252
          Entropy (8bit):4.313031807335687
          Encrypted:false
          SSDEEP:24:4azu8+v+39bYW4v+0Wn4Obg+EKkJQg9UWWY+YcYGV97Wu9TJGJABRF6RrJFdsvjt:468XxCSpAWL8jdL
          MD5:E152787B40C5E30699AD5E9B0C60DC07
          SHA1:4FB9DB6E784E1D28E632B55ED31FBBB4997BF575
          SHA-256:9B2F91BE34024FBCF645F6EF92460E5F944CA6A16268B79478AB904B2934D357
          SHA-512:DE59E17CAB924A35C4CC74FE8FCA4776BD49E30C224E476741A273A74BBE40CDAAEDBF6BBB5E30011CD0FEED6B2840F607FD0F1BD3E136E7FE39BAE81C7ED4DB
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset el DAYS_OF_WEEK_ABBREV [list \. "\u039a\u03c5\u03c1"\. "\u0394\u03b5\u03c5"\. "\u03a4\u03c1\u03b9"\. "\u03a4\u03b5\u03c4"\. "\u03a0\u03b5\u03bc"\. "\u03a0\u03b1\u03c1"\. "\u03a3\u03b1\u03b2"]. ::msgcat::mcset el DAYS_OF_WEEK_FULL [list \. "\u039a\u03c5\u03c1\u03b9\u03b1\u03ba\u03ae"\. "\u0394\u03b5\u03c5\u03c4\u03ad\u03c1\u03b1"\. "\u03a4\u03c1\u03af\u03c4\u03b7"\. "\u03a4\u03b5\u03c4\u03ac\u03c1\u03c4\u03b7"\. "\u03a0\u03ad\u03bc\u03c0\u03c4\u03b7"\. "\u03a0\u03b1\u03c1\u03b1\u03c3\u03ba\u03b5\u03c5\u03ae"\. "\u03a3\u03ac\u03b2\u03b2\u03b1\u03c4\u03bf"]. ::msgcat::mcset el MONTHS_ABBREV [list \. "\u0399\u03b1\u03bd"\. "\u03a6\u03b5\u03b2"\. "\u039c\u03b1\u03c1"\. "\u0391\u03c0\u03c1"\. "\u039c\u03b1\u03ca"\. "\u0399\u03bf\u03c5\u03bd"\. "\u
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\en_au.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):300
          Entropy (8bit):4.849761581276844
          Encrypted:false
          SSDEEP:6:SlSyEtJLlpuoo6dmoCwmGjbJFLoCws6W3vULoCws6W3v6p6HH5oCwmT+3vjb0y6:4EnLzu8brJFqs6W3v3s6W3v6QQJ3vK
          MD5:F8AE50E60590CC1FF7CCC43F55B5B8A8
          SHA1:52892EDDFA74DD4C8040F9CDD19A9536BFF72B6E
          SHA-256:B85C9A373FF0F036151432652DD55C182B0704BD0625EA84BED1727EC0DE3DD8
          SHA-512:8E15C9CA9A7D2862FDBA330F59BB177B06E5E3154CF3EA948B8E4C0282D66E75E18C225F28F6A203B4643E8BCAA0B5BDB59578A4C20D094F8B923650796E2E72
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset en_AU DATE_FORMAT "%e/%m/%Y". ::msgcat::mcset en_AU TIME_FORMAT "%H:%M:%S". ::msgcat::mcset en_AU TIME_FORMAT_12 "%I:%M:%S %P %z". ::msgcat::mcset en_AU DATE_TIME_FORMAT "%e/%m/%Y %H:%M:%S %z".}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\en_be.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):305
          Entropy (8bit):4.823881517188826
          Encrypted:false
          SSDEEP:6:SlSyEtJLlpuoo6dmoCr3FD/LoCsX3vtfNrFLoCsX3v6YNn5oCs+3v3FnN9:4EnLzu863FD/U3vtNm3v6yt3v3FnN9
          MD5:A0BB5A5CC6C37C12CB24523198B82F1C
          SHA1:B7A6B4BFB6533CC33A0A0F5037E55A55958C4DFC
          SHA-256:596AC02204C845AA74451FC527645549F2A3318CB63051FCACB2BF948FD77351
          SHA-512:9859D8680E326C2EB39390F3B96AC0383372433000A4E828CF803323AB2AB681B2BAE87766CB6FB23F6D46DBA38D3344BC4A941AFB0027C737784063194F9AE4
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset en_BE DATE_FORMAT "%d %b %Y". ::msgcat::mcset en_BE TIME_FORMAT "%k:%M:%S". ::msgcat::mcset en_BE TIME_FORMAT_12 "%k h %M min %S s %z". ::msgcat::mcset en_BE DATE_TIME_FORMAT "%d %b %Y %k:%M:%S %z".}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\en_bw.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):251
          Entropy (8bit):4.869619023232552
          Encrypted:false
          SSDEEP:6:SlSyEtJLlpuoo6dmosmGvNLoss6W3v6aZosmT+3vR6HK:4EnLzu8WrvNbs6W3v6aBJ3voq
          MD5:ECC735522806B18738512DC678D01A09
          SHA1:EEEC3A5A3780DBA7170149C779180748EB861B86
          SHA-256:340804F73B620686AB698B2202191D69227E736B1652271C99F2CFEF03D72296
          SHA-512:F46915BD68249B5B1988503E50EBC48C13D9C0DDBDCBA9F520386E41A0BAAE640FD97A5085698AB1DF65640CE70AC63ED21FAD49AF54511A5543D1F36247C22D
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset en_BW DATE_FORMAT "%d %B %Y". ::msgcat::mcset en_BW TIME_FORMAT_12 "%l:%M:%S %P". ::msgcat::mcset en_BW DATE_TIME_FORMAT "%d %B %Y %l:%M:%S %P %z".}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\en_ca.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):288
          Entropy (8bit):4.828989678102087
          Encrypted:false
          SSDEEP:6:SlSyEtJLlpuoo6dmoAhgqH5oAZF3vGoAZF3v6loAh9+3vnFDLq:4EnLzu8mhgqHFZF3vGZF3v65hI3v9G
          MD5:F9A9EE00A4A2A899EDCCA6D82B3FA02A
          SHA1:BFDBAD5C0A323A37D5F91C37EC899B923DA5B0F5
          SHA-256:C9FE2223C4949AC0A193F321FC0FD7C344A9E49A54B00F8A4C30404798658631
          SHA-512:4E5471ADE75E0B91A02A30D8A042791D63565487CBCA1825EA68DD54A3AE6F1E386D9F3B016D233406D4B0B499B05DF6295BC0FFE85E8AA9DA4B4B7CC0128AD9
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset en_CA DATE_FORMAT "%d/%m/%y". ::msgcat::mcset en_CA TIME_FORMAT "%r". ::msgcat::mcset en_CA TIME_FORMAT_12 "%I:%M:%S %p". ::msgcat::mcset en_CA DATE_TIME_FORMAT "%a %d %b %Y %r %z".}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\en_gb.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):279
          Entropy (8bit):4.84511182583436
          Encrypted:false
          SSDEEP:6:SlSyEtJLlpuoo6dmoEbtvqH5oELE3vG5oELE3v6X5oEbto+3vnFDoAov:4EnLzu8ibtvqHBLE3v4LE3v6RbtF3v98
          MD5:07C16C81F1B59444508D0F475C2DB175
          SHA1:DEDBDB2C9ACA932C373C315FB6C5691DBEDEB346
          SHA-256:AE38AD5452314B0946C5CB9D3C89CDFC2AD214E146EB683B8D0CE3FE84070FE1
          SHA-512:F13333C975E6A0AD06E57C5C1908ED23C4A96008A895848D1E2FE7985001B2E5B9B05C4824C74EDA94E0CC70EC7CABCB103B97E54E957F986D8F277EEC3325B7
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset en_GB DATE_FORMAT "%d/%m/%y". ::msgcat::mcset en_GB TIME_FORMAT "%T". ::msgcat::mcset en_GB TIME_FORMAT_12 "%T". ::msgcat::mcset en_GB DATE_TIME_FORMAT "%a %d %b %Y %T %z".}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\en_hk.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):321
          Entropy (8bit):4.803235346516854
          Encrypted:false
          SSDEEP:6:SlSyEtJLlpuoo6dmoa/5oaQ9woaAx/G4FLoaYYW3v6aZoaAx/T+3v4x6HK:4EnLzu8cpZF4F7xW3v6ah/3v4Iq
          MD5:27B4185EB5B4CAAD8F38AE554231B49A
          SHA1:67122CAA8ECA829EC0759A0147C6851A6E91E867
          SHA-256:C9BE2C9AD31D516B508D01E85BCCA375AAF807D6D8CD7C658085D5007069FFFD
          SHA-512:003E5C1E2ECCCC48D14F3159DE71A5B0F1471275D4051C7AC42A3CFB80CAF651A5D04C4D8B868158211E8BC4E08554AF771993B0710E6625AA3AE912A33F5487
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset en_HK AM "AM". ::msgcat::mcset en_HK PM "PM". ::msgcat::mcset en_HK DATE_FORMAT "%B %e, %Y". ::msgcat::mcset en_HK TIME_FORMAT_12 "%l:%M:%S %P". ::msgcat::mcset en_HK DATE_TIME_FORMAT "%B %e, %Y %l:%M:%S %P %z".}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\en_ie.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):279
          Entropy (8bit):4.78446779523026
          Encrypted:false
          SSDEEP:6:SlSyEtJLlpuoo6dmoK6qH5oKi+3vG5oKi+3v6X5oKv+3vnFDoAov:4EnLzu8vqHr3vQ3v6O3v9dy
          MD5:30E351D26DC3D514BC4BF4E4C1C34D6F
          SHA1:FA87650F840E691643F36D78F7326E925683D0A8
          SHA-256:E7868C80FD59D18BB15345D29F5292856F639559CFFD42EE649C16C7938BF58D
          SHA-512:5AAC8A55239A909207E73EFB4123692D027F7728157D07FAFB629AF5C6DB84B35CF11411E561851F7CDB6F25AEC174E85A1982C4B79C7586644E74512F5FBDDA
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset en_IE DATE_FORMAT "%d/%m/%y". ::msgcat::mcset en_IE TIME_FORMAT "%T". ::msgcat::mcset en_IE TIME_FORMAT_12 "%T". ::msgcat::mcset en_IE DATE_TIME_FORMAT "%a %d %b %Y %T %z".}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\en_in.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):310
          Entropy (8bit):4.756550208645364
          Encrypted:false
          SSDEEP:6:SlSyEtJLlpuoo6dmoKr3v5oKrGaoKr5vvNLoKrw3vULoKr5o+3voA6:4EnLzu8si2vvNa3vuF3vo3
          MD5:1423A9CF5507A198580D84660D829133
          SHA1:70362593A2B04CF965213F318B10E92E280F338D
          SHA-256:71E5367FE839AFC4338C50D450F111728E097538ECACCC1B17B10238001B0BB1
          SHA-512:C4F1AD41D44A2473531247036BEEF8402F7C77A21A33690480F169F35E78030942FD31C9331A82B8377D094E22D506C785D0311DBB9F1C2B4AD3575B3F0E76E3
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset en_IN AM "AM". ::msgcat::mcset en_IN PM "PM". ::msgcat::mcset en_IN DATE_FORMAT "%d %B %Y". ::msgcat::mcset en_IN TIME_FORMAT "%H:%M:%S". ::msgcat::mcset en_IN DATE_TIME_FORMAT "%d %B %Y %H:%M:%S %z".}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\en_nz.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):300
          Entropy (8bit):4.89415873600679
          Encrypted:false
          SSDEEP:6:SlSyEtJLlpuoo6dmoyejbJFLo63vULo63v6p6HH5oy7+3vjb0y6:4EnLzu8YeJFL3vI3v6QtS3vK
          MD5:DB734349F7A1A83E1CB18814DB6572E8
          SHA1:3386B2599C7C170A03E4EED68C39EAC7ADD01708
          SHA-256:812DB204E4CB8266207A4E948FBA3DD1EFE4D071BBB793F9743A4320A1CEEBE3
          SHA-512:EF09006552C624A2F1C62155251A18BDA9EE85C9FC81ABBEDE8416179B1F82AD0D88E42AB0A10B4871EF4B7DB670E4A824392339976C3C95FB31F588CDE5840D
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset en_NZ DATE_FORMAT "%e/%m/%Y". ::msgcat::mcset en_NZ TIME_FORMAT "%H:%M:%S". ::msgcat::mcset en_NZ TIME_FORMAT_12 "%I:%M:%S %P %z". ::msgcat::mcset en_NZ DATE_TIME_FORMAT "%e/%m/%Y %H:%M:%S %z".}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\en_ph.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):321
          Entropy (8bit):4.775448167269054
          Encrypted:false
          SSDEEP:6:SlSyEtJLlpuoo6dmoJ5oXo2e4FLoe3v6aZo27+3v4x6HK:4EnLzu8l4Fj3v6aE3v4Iq
          MD5:787C83099B6E4E80AC81DD63BA519CBE
          SHA1:1971ACFAA5753D2914577DCC9EBDF43CF89C1D00
          SHA-256:BE107F5FAE1E303EA766075C52EF2146EF149EDA37662776E18E93685B176CDC
          SHA-512:527A36D64B4B5C909F69AA8609CFFEBBA19A378CEA618E1BB07EC2AED89E456E2292080C43917DF51B08534A1D0B35F2069008324C99A7688BBEDE49049CD8A2
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset en_PH AM "AM". ::msgcat::mcset en_PH PM "PM". ::msgcat::mcset en_PH DATE_FORMAT "%B %e, %Y". ::msgcat::mcset en_PH TIME_FORMAT_12 "%l:%M:%S %P". ::msgcat::mcset en_PH DATE_TIME_FORMAT "%B %e, %Y %l:%M:%S %P %z".}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\en_sg.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):251
          Entropy (8bit):4.865159200607995
          Encrypted:false
          SSDEEP:6:SlSyEtJLlpuoo6dmoQW53FD/LoQGuX3v6ZhLoQWa+3v3F0fJ:4EnLzu8283FD/LJ3v6Xc3v3F4
          MD5:3045036D8F0663E26796E4E8AFF144E2
          SHA1:6C9066396C107049D861CD0A9C98DE8753782571
          SHA-256:B8D354519BD4EB1004EB7B25F4E23FD3EE7F533A5F491A46D19FD520ED34C930
          SHA-512:EBA6CD05BD596D0E8C96BBCA86379F003AD31E564D9CB90C906AF4B3A776AA797FC18EC405781F83493BBB33510DEDC0E78504AD1E6977BE0F83B2959AD25B8A
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset en_SG DATE_FORMAT "%d %b %Y". ::msgcat::mcset en_SG TIME_FORMAT_12 "%P %I:%M:%S". ::msgcat::mcset en_SG DATE_TIME_FORMAT "%d %b %Y %P %I:%M:%S %z".}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\en_za.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):245
          Entropy (8bit):4.89152584889677
          Encrypted:false
          SSDEEP:6:SlSyEtJLlpuoo6dmoOr0l5oOK3v6wLoOs+3v0l6C:4EnLzu8WL3v663vlC
          MD5:F285A8BA3216DA69B764991124F2F75A
          SHA1:A5B853A39D944DB9BB1A4C0B9D55AFDEF0515548
          SHA-256:98CE9CA4BB590BA5F922D6A196E5381E19C64E7682CDBEF914F2DCE6745A7332
          SHA-512:05695E29BA10072954BC91885A07D74EFBCB81B0DE3961261381210A51968F99CE1801339A05B810A54295E53B0A7E1D75CA5350485A8DEBFFFCBD4945234382
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset en_ZA DATE_FORMAT "%Y/%m/%d". ::msgcat::mcset en_ZA TIME_FORMAT_12 "%I:%M:%S". ::msgcat::mcset en_ZA DATE_TIME_FORMAT "%Y/%m/%d %I:%M:%S %z".}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\en_zw.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):251
          Entropy (8bit):4.888960668540414
          Encrypted:false
          SSDEEP:6:SlSyEtJLlpuoo6dmoEmGvNLoEs6W3v6aZoEmT+3vR6HK:4EnLzu8urvNDs6W3v6a5J3voq
          MD5:D8878533B11C21445CAEFA324C638C7E
          SHA1:EFF82B28741FA16D2DFC93B5421F856D6F902509
          SHA-256:91088BBBF58A704185DEC13DBD421296BBD271A1AEBBCB3EF85A99CECD848FF8
          SHA-512:CBFD4FC093B3479AE9E90A5CA05EA1894F62DA9E0559ACC2BD37BBED1F0750ECFF13E6DF2078D68268192CA51A832E1BEED379E11380ADF3C91C1A01A352B20C
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset en_ZW DATE_FORMAT "%d %B %Y". ::msgcat::mcset en_ZW TIME_FORMAT_12 "%l:%M:%S %P". ::msgcat::mcset en_ZW DATE_TIME_FORMAT "%d %B %Y %l:%M:%S %P %z".}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\eo.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1231
          Entropy (8bit):4.282246801138565
          Encrypted:false
          SSDEEP:24:4azu8CouOZBQpsS9C58mTXv8/s5pkPXvRvm:46nZ6psX8mT/cYpmfFm
          MD5:FE2F92E5C0AB19CDC7119E70187479F6
          SHA1:A14B9AA999C0BBD9B21E6A2B44A934D685897430
          SHA-256:50DF3E0E669502ED08DD778D0AFEDF0F71993BE388B0FCAA1065D1C91BD22D83
          SHA-512:72B4975DC2CAB725BD6557CAED41B9C9146E0DE167EE0A0723C3C90D7CF49FB1D749977042FFECBCD7D8F21509307AAB3CE80E3C51023D22072FB5B415801EA9
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset eo DAYS_OF_WEEK_ABBREV [list \. "di"\. "lu"\. "ma"\. "me"\. "\u0135a"\. "ve"\. "sa"]. ::msgcat::mcset eo DAYS_OF_WEEK_FULL [list \. "diman\u0109o"\. "lundo"\. "mardo"\. "merkredo"\. "\u0135a\u016ddo"\. "vendredo"\. "sabato"]. ::msgcat::mcset eo MONTHS_ABBREV [list \. "jan"\. "feb"\. "mar"\. "apr"\. "maj"\. "jun"\. "jul"\. "a\u016dg"\. "sep"\. "okt"\. "nov"\. "dec"\. ""]. ::msgcat::mcset eo MONTHS_FULL [list \. "januaro"\. "februaro"\. "marto"\. "aprilo"\. "majo"\. "junio"\. "julio"\. "a\u016dgusto"\. "septembro"\. "oktobro"\. "novembro"\. "decembro"\. ""]. ::msgcat::mcset eo BCE "aK". ::msgcat::mcset e
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\es.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1180
          Entropy (8bit):4.216657382642579
          Encrypted:false
          SSDEEP:24:4azu8OJccwdQSBJr/S3tFA7C28/sF9AaD5rYrvtAvrG:46w3wdJB1/6FA22c49XrY7tWrG
          MD5:022CBA4FF73CF18D63D1B0C11D058B5D
          SHA1:8B2D0BE1BE354D639EC3373FE20A0F255E312EF6
          SHA-256:FFF2F08A5BE202C81E469E16D4DE1F8A0C1CFE556CDA063DA071279F29314837
          SHA-512:5142AD14C614E6BA5067B371102F7E81B14EB7AF3E40D05C674CFF1052DA4D172768636D34FF1DEE2499E43B2FEB4771CB1B67EDA10B887DE50E15DCD58A5283
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset es DAYS_OF_WEEK_ABBREV [list \. "dom"\. "lun"\. "mar"\. "mi\u00e9"\. "jue"\. "vie"\. "s\u00e1b"]. ::msgcat::mcset es DAYS_OF_WEEK_FULL [list \. "domingo"\. "lunes"\. "martes"\. "mi\u00e9rcoles"\. "jueves"\. "viernes"\. "s\u00e1bado"]. ::msgcat::mcset es MONTHS_ABBREV [list \. "ene"\. "feb"\. "mar"\. "abr"\. "may"\. "jun"\. "jul"\. "ago"\. "sep"\. "oct"\. "nov"\. "dic"\. ""]. ::msgcat::mcset es MONTHS_FULL [list \. "enero"\. "febrero"\. "marzo"\. "abril"\. "mayo"\. "junio"\. "julio"\. "agosto"\. "septiembre"\. "octubre"\. "noviembre"\. "diciembre"\. ""]. ::msgcat::mcset es BCE "a.C.". ::msgcat::mcset es
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\es_ar.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):242
          Entropy (8bit):4.830874390627383
          Encrypted:false
          SSDEEP:6:SlSyEtJLlpuoo6dmo8GUFLot/W3vULo8T+3v9y6:4EnLzu8KGUFN3v+K3v3
          MD5:C806EF01079E6B6B7EAE5D717DA2AAB3
          SHA1:3C553536241A5D2E95A3BA9024AAB46BB87FBAD9
          SHA-256:AF530ACD69676678C95B803A29A44642ED2D2F2D077CF0F47B53FF24BAC03B2E
          SHA-512:619905C2FB5F8D2BC2CBB9F8F0EA117C0AEFBDDE5E4F826FF962D7DC069D16D5DE12E27E898471DC6C039866FB64BBF62ED54DBC031E03C7D24FC2EA38DE5699
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset es_AR DATE_FORMAT "%d/%m/%Y". ::msgcat::mcset es_AR TIME_FORMAT "%H:%M:%S". ::msgcat::mcset es_AR DATE_TIME_FORMAT "%d/%m/%Y %H:%M:%S %z".}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\es_bo.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):251
          Entropy (8bit):4.878640071219599
          Encrypted:false
          SSDEEP:6:SlSyEtJLlpuoo6dmoYePWHFLoU3v6rZoY7+3vPUe6HK:4EnLzu8OegFp3v6rHS3vs3q
          MD5:4C2B2A6FBC6B514EA09AA9EF98834F17
          SHA1:853FFCBB9A2253B7DC2B82C2BFC3B132500F7A9D
          SHA-256:24B58DE38CD4CB2ABD08D1EDA6C9454FFDE7ED1A33367B457D7702434A0A55EE
          SHA-512:3347F9C13896AF19F6BAFBEF225AF2A1F84F20F117E7F0CE3E5CAA783FDD88ABDFAF7C1286AE421BC609A39605E16627013945E4ACA1F7001B066E14CAB90BE7
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset es_BO DATE_FORMAT "%d-%m-%Y". ::msgcat::mcset es_BO TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset es_BO DATE_TIME_FORMAT "%d-%m-%Y %I:%M:%S %P %z".}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\es_cl.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):251
          Entropy (8bit):4.889615718638578
          Encrypted:false
          SSDEEP:6:SlSyEtJLlpuoo6dmodvPWHFLok3v6rZodo+3vPUe6HK:4EnLzu8DgF93v6rC3vs3q
          MD5:B7E7BE63F24FC1D07F28C5F97637BA1C
          SHA1:8FE1D17696C910CF59467598233D55268BFE0D94
          SHA-256:12AD1546EB391989105D80B41A87686D3B30626D0C42A73705F33B2D711950CC
          SHA-512:FD8B83EF06B1E1111AFF186F5693B17526024CAD8CC99102818BE74FD885344D2F628A0541ABB485F38DB8DE7E29EA4EE4B28D8E5F6ECEF826BABE1013ABDFB8
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset es_CL DATE_FORMAT "%d-%m-%Y". ::msgcat::mcset es_CL TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset es_CL DATE_TIME_FORMAT "%d-%m-%Y %I:%M:%S %P %z".}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\es_co.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):251
          Entropy (8bit):4.862231219172699
          Encrypted:false
          SSDEEP:6:SlSyEtJLlpuoo6dmo4FjbJFLo4F+3v6rZo4++3vjb0f6HK:4EnLzu8QJFL+3v6rv3vbq
          MD5:FD946BE4D44995911E79135E5B7BD3BB
          SHA1:3BA38CB03258CA834E37DBB4E3149D4CDA9B353B
          SHA-256:1B4979874C3F025317DFCF0B06FC8CEE080A28FF3E8EFE1DE9E899F6D4F4D21E
          SHA-512:FBD8087891BA0AE58D71A6D07482EED5E0EA5C658F0C82A9EC67DFC0D826059F1FC6FF404D6A6DC9619BD9249D4E4EC30D828B177E0939302196C51FA9B2FC4B
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset es_CO DATE_FORMAT "%e/%m/%Y". ::msgcat::mcset es_CO TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset es_CO DATE_TIME_FORMAT "%e/%m/%Y %I:%M:%S %P %z".}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\es_cr.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):251
          Entropy (8bit):4.873281593259653
          Encrypted:false
          SSDEEP:6:SlSyEtJLlpuoo6dmo76GUFLoTW3v6rZo76T+3v9f6HK:4EnLzu8d6GUF73v6rq6K3vMq
          MD5:F08EF3582AF2F88B71C599FBEA38BFD9
          SHA1:456C90C09C2A8919DC948E86170F523062F135DB
          SHA-256:7AC5FC35BC422A5445603E0430236E62CCA3558787811DE22305F72D439EB4BB
          SHA-512:7187FC4CE0533F14BBA073039A0B86D610618573BA9A936CBE7682ED2939384C6BB9E0A407C016A42702E83627CCE394618ACB58419EA36908AA37F59165E371
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset es_CR DATE_FORMAT "%d/%m/%Y". ::msgcat::mcset es_CR TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset es_CR DATE_TIME_FORMAT "%d/%m/%Y %I:%M:%S %P %z".}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\es_do.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):251
          Entropy (8bit):4.8668686830029335
          Encrypted:false
          SSDEEP:6:SlSyEtJLlpuoo6dmomerQZnFLou3v6rZom7+3vrQZg6HK:4EnLzu8xkZFH3v6rM3vkrq
          MD5:44F2EE567A3E9A021A3C16062CEAE220
          SHA1:180E938584F0A57AC0C3F85E6574BC48291D820E
          SHA-256:847C14C297DBE4D8517DEBAA8ED555F3DAEDF843D6BAD1F411598631A0BD3507
          SHA-512:BEB005D006E432963F9C1EF474A1E3669C8B7AF0681681E74DDA8FE9C8EE04D307EF85CF0257DA72663026138D38807A6ABA1255337CF8CC724ED1993039B40C
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset es_DO DATE_FORMAT "%m/%d/%Y". ::msgcat::mcset es_DO TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset es_DO DATE_TIME_FORMAT "%m/%d/%Y %I:%M:%S %P %z".}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\es_ec.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):251
          Entropy (8bit):4.86970949384834
          Encrypted:false
          SSDEEP:6:SlSyEtJLlpuoo6dmozgUFLoro+3v6rZoz9+3v9f6HK:4EnLzu8ZgUFcF3v6ruI3vMq
          MD5:CCB036C33BA7C8E488D37E754075C6CF
          SHA1:336548C8D361B1CAA8BDF698E148A88E47FB27A6
          SHA-256:2086EE8D7398D5E60E5C3048843B388437BD6F2507D2293CA218936E3BF61E59
          SHA-512:05058262E222653CF3A4C105319B74E07322AEE726CC11AEB2B562F01FF2476E3169EA829BF8B66E1B76617CB58E45423480E5A6CB3B3D4B33AA4DDDFA52D111
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset es_EC DATE_FORMAT "%d/%m/%Y". ::msgcat::mcset es_EC TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset es_EC DATE_TIME_FORMAT "%d/%m/%Y %I:%M:%S %P %z".}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\es_gt.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):251
          Entropy (8bit):4.86395314548955
          Encrypted:false
          SSDEEP:6:SlSyEtJLlpuoo6dmohvjbJFLoI3v6rZoho+3vjb0f6HK:4EnLzu8PJFB3v6r23vbq
          MD5:1E6062716A094CC3CE1F2C97853CD3CD
          SHA1:499F69E661B3B5747227B31DE4539CAF355CCAAC
          SHA-256:1BC22AF98267D635E3F07615A264A716940A2B1FAA5CAA3AFF54D4C5A4A34370
          SHA-512:7C3FB65EC76A2F35354E93A47C3A59848170AAF504998CEF66AEBAAD39D303EC67BE212C6FACC98305E35FFEBF23CCB7E34396F11987E81D76B3685E6B5E89B3
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset es_GT DATE_FORMAT "%e/%m/%Y". ::msgcat::mcset es_GT TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset es_GT DATE_TIME_FORMAT "%e/%m/%Y %I:%M:%S %P %z".}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\es_hn.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):251
          Entropy (8bit):4.902544453689719
          Encrypted:false
          SSDEEP:6:SlSyEtJLlpuoo6dmoIvriP/FLoP3v6rZoIo+3vrig6HK:4EnLzu8w+nF+3v6rP3v+lq
          MD5:AAE4A89F6AB01044D6BA3511CBE6FE66
          SHA1:639A94279453B0028995448FD2E221C1BDE23CEE
          SHA-256:A2D25880C64309552AACED082DEED1EE006482A14CAB97DB524E9983EE84ACFC
          SHA-512:E2BE94973C931B04C730129E9B9746BB76E7AC7F5AAA8D7899903B8C86B4E3D4A955E9580CF2C64DE48AFD6A2A9386337C2F8A8128A511AFBFBBA09CC032A76E
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset es_HN DATE_FORMAT "%m-%d-%Y". ::msgcat::mcset es_HN TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset es_HN DATE_TIME_FORMAT "%m-%d-%Y %I:%M:%S %P %z".}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\es_mx.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):251
          Entropy (8bit):4.863953145489551
          Encrypted:false
          SSDEEP:6:SlSyEtJLlpuoo6dmoPjbJFLoH+3v6rZoI+3vjb0f6HK:4EnLzu8NJF73v6rE3vbq
          MD5:F60290CF48AA4EDCA938E496F43135FD
          SHA1:0EE5A36277EA4E7A1F4C6D1D9EE32D90918DA25C
          SHA-256:D0FAA9D7997D5696BFF92384144E0B9DFB2E4C38375817613F81A89C06EC6383
          SHA-512:380DFCD951D15E53FCB1DEF4B892C8FD65CEFBF0857D5A7347FF3ED34F69ADD53AEEF895EDCFC6D2F24A65AB8F67CF813AEA2045EDBF3BF182BD0635B5ACB1A4
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset es_MX DATE_FORMAT "%e/%m/%Y". ::msgcat::mcset es_MX TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset es_MX DATE_TIME_FORMAT "%e/%m/%Y %I:%M:%S %P %z".}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\es_ni.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):251
          Entropy (8bit):4.872124246425178
          Encrypted:false
          SSDEEP:6:SlSyEtJLlpuoo6dmoe/GriP/FLo3W3v6rZoe/T+3vrig6HK:4EnLzu8Ae+nFmW3v6rxS3v+lq
          MD5:2C4C45C450FEA6BA0421281F1CF55A2A
          SHA1:5249E31611A670EAEEF105AB4AD2E5F14B355CAE
          SHA-256:4B28B46981BBB78CBD2B22060E2DD018C66FCFF1CEE52755425AD4900A90D6C3
          SHA-512:969A4566C7B5FAF36204865D5BC22C849FBB44F0D16B04B9A9473B05DBABF22AEB9B77F282A44BB85D7E2A56C4E5BCE59E4E4CDEB3F6DD52AF47C65C709A3690
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset es_NI DATE_FORMAT "%m-%d-%Y". ::msgcat::mcset es_NI TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset es_NI DATE_TIME_FORMAT "%m-%d-%Y %I:%M:%S %P %z".}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\es_pa.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):251
          Entropy (8bit):4.860352858208512
          Encrypted:false
          SSDEEP:6:SlSyEtJLlpuoo6dmoX5rQZnFLoHE3v6rZoXa+3vrQZg6HK:4EnLzu8vkZF93v6rm3vkrq
          MD5:148626186A258E58851CC0A714B4CFD6
          SHA1:7F14D46F66D8A94A493702DCDE7A50C1D71774B2
          SHA-256:6832DC5AB9F610883784CF702691FCF16850651BC1C6A77A0EFA81F43BC509AC
          SHA-512:2B452D878728BFAFEA9A60030A26E1E1E44CE0BB26C7D9B8DB1D7C4F1AD3217770374BD4EDE784D0A341AB5427B08980FF4A62141FAF7024AB17296FE98427AC
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset es_PA DATE_FORMAT "%m/%d/%Y". ::msgcat::mcset es_PA TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset es_PA DATE_TIME_FORMAT "%m/%d/%Y %I:%M:%S %P %z".}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\es_pe.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):251
          Entropy (8bit):4.8632965835916195
          Encrypted:false
          SSDEEP:6:SlSyEtJLlpuoo6dmoIgUFLoQ9X3v6rZoI9+3v9f6HK:4EnLzu8jUFZ3v6rS3vMq
          MD5:74F014096C233B4D1D38A9DFB15B01BB
          SHA1:75C28321AFED3D9CDA3EBF3FD059CDEA597BB13A
          SHA-256:CC826C93682EF19D29AB6304657E07802C70CF18B1E5EA99C3480DF6D2383983
          SHA-512:24E7C3914BF095B55DE7F01CB537E20112E10CF741333FD0185FEF0B0E3A1CD9651C2B2EDC470BCF18F51ADB352CA7550CFBF4F79342DCA33F7E0841AEDEBA8D
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset es_PE DATE_FORMAT "%d/%m/%Y". ::msgcat::mcset es_PE TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset es_PE DATE_TIME_FORMAT "%d/%m/%Y %I:%M:%S %P %z".}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\es_pr.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):251
          Entropy (8bit):4.859298425911738
          Encrypted:false
          SSDEEP:6:SlSyEtJLlpuoo6dmo06GriP/FLoeW3v6rZo06T+3vrig6HK:4EnLzu8ZG+nFy3v6rAK3v+lq
          MD5:AEB569C12A50B8C4A57C8034F666C1B3
          SHA1:24D8B096DD8F1CFA101D6F36606D003D4FCC7B4D
          SHA-256:19563225CE7875696C6AA2C156E6438292DE436B58F8D7C23253E3132069F9A2
          SHA-512:B5432D7A80028C3AD3A7819A5766B07EDB56CEE493C0903EDFA72ACEE0C2FFAA955A8850AA48393782471905FFF72469F508B19BE83CC626478072FFF6B60B5D
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset es_PR DATE_FORMAT "%m-%d-%Y". ::msgcat::mcset es_PR TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset es_PR DATE_TIME_FORMAT "%m-%d-%Y %I:%M:%S %P %z".}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\es_py.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):251
          Entropy (8bit):4.871431420165191
          Encrypted:false
          SSDEEP:6:SlSyEtJLlpuoo6dmo/5UFLovE3v6rZo/a+3v9f6HK:4EnLzu8XUF13v6re3vMq
          MD5:D24FF8FAEE658DD516AC298B887D508A
          SHA1:61990E6F3E399B87060E522ABCDE77A832019167
          SHA-256:94FF64201C27AB04F362617DD56B7D85B223BCCA0735124196E7669270C591F0
          SHA-512:1409E1338988BC70C19DA2F6C12A39E311CF91F6BB759575C95E125EA67949F17BBE450B2CD29E3F6FDA1421C742859CB990921949C6940B34D7A8B8545FF8F0
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset es_PY DATE_FORMAT "%d/%m/%Y". ::msgcat::mcset es_PY TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset es_PY DATE_TIME_FORMAT "%d/%m/%Y %I:%M:%S %P %z".}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\es_sv.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):251
          Entropy (8bit):4.883202808381857
          Encrypted:false
          SSDEEP:6:SlSyEtJLlpuoo6dmofriP/FLo3+3v6rZoY+3vrig6HK:4EnLzu89+nFO+3v6rw3v+lq
          MD5:6A013D20A3C983639EAF89B93AB2037C
          SHA1:9ABEC22E82C1638B9C8E197760C66E370299BB93
          SHA-256:E3268C95E9B7D471F5FD2436C17318D5A796220BA39CEBEBCD39FBB0141A49CE
          SHA-512:C4FE0493A2C45DA792D0EE300EC1D30E25179209FE39ACCD74B23ACDFF0A72DEEEED1A1D12842101E0A4E57E8FEADF54F926347B6E9B987B70A52E0557919FC2
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset es_SV DATE_FORMAT "%m-%d-%Y". ::msgcat::mcset es_SV TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset es_SV DATE_TIME_FORMAT "%m-%d-%Y %I:%M:%S %P %z".}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\es_uy.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):251
          Entropy (8bit):4.877844330421912
          Encrypted:false
          SSDEEP:6:SlSyEtJLlpuoo6dmooygUFLooq9X3v6rZooy9+3v9f6HK:4EnLzu8SrUFzsX3v6rZJ3vMq
          MD5:40250432AD0DC4FF168619719F91DBCA
          SHA1:D38532CA84E80FE70C69108711E3F9A7DFD5230F
          SHA-256:BA557A3C656275A0C870FB8466F2237850F5A7CF2D001919896725BB3D3EAA4B
          SHA-512:26FB4B3332E2C06628869D4C63B7BAB4F42FF73D1D4FD8603323A93067F60D9505C70D1A14D7E34A9880E2993183FC09D43013F3BEB8BC48732F08181643D05D
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset es_UY DATE_FORMAT "%d/%m/%Y". ::msgcat::mcset es_UY TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset es_UY DATE_TIME_FORMAT "%d/%m/%Y %I:%M:%S %P %z".}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\es_ve.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):251
          Entropy (8bit):4.882638228899482
          Encrypted:false
          SSDEEP:6:SlSyEtJLlpuoo6dmoXrUFLoXK3v6rZoXs+3v9f6HK:4EnLzu8VUFH3v6r83vMq
          MD5:F3A789CBC6B9DD4F5BA5182C421A9F78
          SHA1:7C2AF280C90B0104AB49B2A527602374254274CE
          SHA-256:64F796C5E3E300448A1F309A0DA7D43548CC40511036FF3A3E0C917E32147D62
          SHA-512:822C0D27D2A72C9D5336C1BCEDC13B564F0FB12146CF8D30FBE77B9C4728C4B3BF456AC62DACD2962A6B5B84761354B31CD505105EDB060BF202BA0B0A830772
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset es_VE DATE_FORMAT "%d/%m/%Y". ::msgcat::mcset es_VE TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset es_VE DATE_TIME_FORMAT "%d/%m/%Y %I:%M:%S %P %z".}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\et.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1206
          Entropy (8bit):4.321464868793769
          Encrypted:false
          SSDEEP:24:4azu8W1Yn1YZ1waUuvVTGiMiLpBgoVTJ01iLTh/w2SJmG5F1svtFmsv5d:46K1y1Mv9GrM9oc/FSJmG5F1KtFmK5d
          MD5:3B4BEE5DD7441A63A31F89D6DFA059BA
          SHA1:BEE39E45FA3A76B631B4C2D0F937FF6041E09332
          SHA-256:CCC2B4738DB16FAFB48BFC77C9E2F8BE17BC19E4140E48B61F3EF1CE7C9F3A8C
          SHA-512:AEC24C75CB00A506A46CC631A2A804C59FBE4F8EBCB86CBA0F4EE5DF7B7C12ED7D25845150599837B364E40BBFDB68244991ED5AF59C9F7792F8362A1E728883
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset et DAYS_OF_WEEK_ABBREV [list \. "P"\. "E"\. "T"\. "K"\. "N"\. "R"\. "L"]. ::msgcat::mcset et DAYS_OF_WEEK_FULL [list \. "p\u00fchap\u00e4ev"\. "esmasp\u00e4ev"\. "teisip\u00e4ev"\. "kolmap\u00e4ev"\. "neljap\u00e4ev"\. "reede"\. "laup\u00e4ev"]. ::msgcat::mcset et MONTHS_ABBREV [list \. "Jaan"\. "Veebr"\. "M\u00e4rts"\. "Apr"\. "Mai"\. "Juuni"\. "Juuli"\. "Aug"\. "Sept"\. "Okt"\. "Nov"\. "Dets"\. ""]. ::msgcat::mcset et MONTHS_FULL [list \. "Jaanuar"\. "Veebruar"\. "M\u00e4rts"\. "Aprill"\. "Mai"\. "Juuni"\. "Juuli"\. "August"\. "September"\. "Oktoober"\. "November"\. "Detsember"\. ""]. ::msgcat::mcset et
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\eu.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):985
          Entropy (8bit):3.9137059580146376
          Encrypted:false
          SSDEEP:24:4azu80P6/XTPi6/XTotXSSzTGsy+trjz4HsKI:46qWKWoX75Bb4Mv
          MD5:E27FEB15A6C300753506FC706955AC90
          SHA1:FDFAC22CC0839B29799001838765EB4A232FD279
          SHA-256:7DCC4966A5C13A52B6D1DB62BE200B9B5A1DECBACCFCAF15045DD03A2C3E3FAA
          SHA-512:C54A0F72BC0DAF6A411466565467A2783690EA19F4D401A5448908944A0A6F3F74A7976FA0F851F15B6A97C6D6A3C41FB8BBC8EA42B5D5E3C17A5C8A37436FC5
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset eu DAYS_OF_WEEK_ABBREV [list \. "igandea"\. "astelehena"\. "asteartea"\. "asteazkena"\. "osteguna"\. "ostirala"\. "larunbata"]. ::msgcat::mcset eu DAYS_OF_WEEK_FULL [list \. "igandea"\. "astelehena"\. "asteartea"\. "asteazkena"\. "osteguna"\. "ostirala"\. "larunbata"]. ::msgcat::mcset eu MONTHS_ABBREV [list \. "urt"\. "ots"\. "mar"\. "api"\. "mai"\. "eka"\. "uzt"\. "abu"\. "ira"\. "urr"\. "aza"\. "abe"\. ""]. ::msgcat::mcset eu MONTHS_FULL [list \. "urtarrila"\. "otsaila"\. "martxoa"\. "apirila"\. "maiatza"\. "ekaina"\. "uztaila"\. "abuztua"\. "iraila"\. "urria"\. "azaroa"\. "abendua"\. ""].}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\eu_es.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):287
          Entropy (8bit):4.8689948586471825
          Encrypted:false
          SSDEEP:6:SlSyEtJLlpuoo6dmoszFnJF+l6VALoszw3vG5oszw3v6X5osz++3v/R3v:4EnLzu8gL+l6Vt3vf3v6P3vZf
          MD5:D20788793E6CC1CD07B3AFD2AA135CB6
          SHA1:3503FCB9490261BA947E89D5494998CEBB157223
          SHA-256:935164A2D2D14815906B438562889B31139519B3A8E8DB3D2AC152A77EC591DC
          SHA-512:F65E7D27BD0A99918D6F21C425238000563C2E3A4162D6806EEAC7C9DCB9798987AFFB8BE01899D577078F6297AF468DBAEBEB6375C09ABF332EB44E328F0E8B
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset eu_ES DATE_FORMAT "%a, %Yeko %bren %da". ::msgcat::mcset eu_ES TIME_FORMAT "%T". ::msgcat::mcset eu_ES TIME_FORMAT_12 "%T". ::msgcat::mcset eu_ES DATE_TIME_FORMAT "%y-%m-%d %T %z".}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\fa.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1664
          Entropy (8bit):4.1508548760580295
          Encrypted:false
          SSDEEP:24:4azu8BMnqZEjgYDT0/y3xg2LSREyqyxDfsycNp/Tpn29Ey5ykDDzi:46cGTYDT0/ya4KIySNnCz2
          MD5:7E74DE42FBDA63663B58B2E58CF30549
          SHA1:CB210740F56208E8E621A45D545D7DEFCAE8BCAF
          SHA-256:F9CA4819E8C8B044D7D68C97FC67E0F4CCD6245E30024161DAB24D0F7C3A9683
          SHA-512:A03688894BD44B6AB87DC6CAB0A5EC348C9117697A2F9D00E27E850F23EFDC2ADBD53CAC6B9ED33756D3A87C9211B6EE8DF06020F6DA477B9948F52E96071F76
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset fa DAYS_OF_WEEK_ABBREV [list \. "\u06cc\u2214"\. "\u062f\u2214"\. "\u0633\u2214"\. "\u0686\u2214"\. "\u067e\u2214"\. "\u062c\u2214"\. "\u0634\u2214"]. ::msgcat::mcset fa DAYS_OF_WEEK_FULL [list \. "\u06cc\u06cc\u200c\u0634\u0646\u0628\u0647"\. "\u062f\u0648\u0634\u0646\u0628\u0647"\. "\u0633\u0647\u200c\u0634\u0646\u0628\u0647"\. "\u0686\u0647\u0627\u0631\u0634\u0646\u0628\u0647"\. "\u067e\u0646\u062c\u200c\u0634\u0646\u0628\u0647"\. "\u062c\u0645\u0639\u0647"\. "\u0634\u0646\u0628\u0647"]. ::msgcat::mcset fa MONTHS_ABBREV [list \. "\u0698\u0627\u0646"\. "\u0641\u0648\u0631"\. "\u0645\u0627\u0631"\. "\u0622\u0648\u0631"\. "\u0645\u0640\u0647"\. "\u0698\u0648\u0646"\. "\u0698\u0648\u06cc"\. "\u0627\u0648\u062a"\. "\u0633\u067e\u
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\fa_in.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1957
          Entropy (8bit):4.433104256056609
          Encrypted:false
          SSDEEP:24:4azu8XMnSZEjgYDT0g3xg2LSREyqyxDf5cNp/Tpn29Ey5ykDDzJ6v3Nev0Nv0f:46OeTYDT0ga4K9SNnCz0v9o0JI
          MD5:E6DBD1544A69BFC653865B723395E79C
          SHA1:5E4178E7282807476BD0D6E1F2E320E42FA0DE77
          SHA-256:6360CE0F31EE593E311B275F3C1F1ED427E237F31010A4280EF2C58AA6F2633A
          SHA-512:8D77DCB4333F043502CED7277AEEB0453A2C019E1A46826A0FE90F0C480A530F5646A4F76ECC1C15825601FC8B646ED7C78E53996E2908B341BA4ED1392B95F0
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset fa_IN DAYS_OF_WEEK_ABBREV [list \. "\u06cc\u2214"\. "\u062f\u2214"\. "\u0633\u2214"\. "\u0686\u2214"\. "\u067e\u2214"\. "\u062c\u2214"\. "\u0634\u2214"]. ::msgcat::mcset fa_IN DAYS_OF_WEEK_FULL [list \. "\u06cc\u06cc\u200c\u0634\u0646\u0628\u0647"\. "\u062f\u0648\u0634\u0646\u0628\u0647"\. "\u0633\u0647\u200c\u0634\u0646\u0628\u0647"\. "\u0686\u0647\u0627\u0631\u0634\u0646\u0628\u0647"\. "\u067e\u0646\u062c\u200c\u0634\u0646\u0628\u0647"\. "\u062c\u0645\u0639\u0647"\. "\u0634\u0646\u0628\u0647"]. ::msgcat::mcset fa_IN MONTHS_ABBREV [list \. "\u0698\u0627\u0646"\. "\u0641\u0648\u0631"\. "\u0645\u0627\u0631"\. "\u0622\u0648\u0631"\. "\u0645\u0640\u0647"\. "\u0698\u0648\u0646"\. "\u0698\u0648\u06cc"\. "\u0627\u0648\u062a"\. "\u063
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\fa_ir.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):417
          Entropy (8bit):5.087144086729547
          Encrypted:false
          SSDEEP:12:4EnLzu82vGz7AhF/Q3vf3v6TANv+K3vz7AA7:4azu8vPm/ivfvF9xvP9
          MD5:044BAAA627AD3C3585D229865A678357
          SHA1:9D64038C00253A7EEDA4921B9C5E34690E185061
          SHA-256:CF492CBD73A6C230725225D70566B6E46D5730BD3F63879781DE4433965620BE
          SHA-512:DA138F242B44111FAFE9EFE986EB987C26A64D9316EA5644AC4D3D4FEC6DF9F5D55F342FC194BC487A1B7C740F931D883A574863B48396D837D1E270B733F735
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset fa_IR AM "\u0635\u0628\u062d". ::msgcat::mcset fa_IR PM "\u0639\u0635\u0631". ::msgcat::mcset fa_IR DATE_FORMAT "%d\u2044%m\u2044%Y". ::msgcat::mcset fa_IR TIME_FORMAT "%S:%M:%H". ::msgcat::mcset fa_IR TIME_FORMAT_12 "%S:%M:%l %P". ::msgcat::mcset fa_IR DATE_TIME_FORMAT "%d\u2044%m\u2044%Y %S:%M:%H %z".}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\fi.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1145
          Entropy (8bit):4.249302428029841
          Encrypted:false
          SSDEEP:24:4azu8ZeTWSS/DatuUSlWCBTtotL8W183eYKvt3v3eG:46sWp/DatBSPtoNmpMt/J
          MD5:34FE8E2D987FE534BD88291046F6820B
          SHA1:B173700C176336BD1B123C2A055A685F73B60C07
          SHA-256:BE0D2DCE08E6CD786BC3B07A1FB1ADC5B2CF12053C99EACDDAACDDB8802DFB9C
          SHA-512:4AC513F092D2405FEF6E30C828AE94EDBB4B0B0E1C68C1168EB2498C186DB054EBF697D6B55B49F865A2284F75B7D5490AFE7A80F887AE8312E6F9A5EFE16390
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset fi DAYS_OF_WEEK_ABBREV [list \. "su"\. "ma"\. "ti"\. "ke"\. "to"\. "pe"\. "la"]. ::msgcat::mcset fi DAYS_OF_WEEK_FULL [list \. "sunnuntai"\. "maanantai"\. "tiistai"\. "keskiviikko"\. "torstai"\. "perjantai"\. "lauantai"]. ::msgcat::mcset fi MONTHS_ABBREV [list \. "tammi"\. "helmi"\. "maalis"\. "huhti"\. "touko"\. "kes\u00e4"\. "hein\u00e4"\. "elo"\. "syys"\. "loka"\. "marras"\. "joulu"\. ""]. ::msgcat::mcset fi MONTHS_FULL [list \. "tammikuu"\. "helmikuu"\. "maaliskuu"\. "huhtikuu"\. "toukokuu"\. "kes\u00e4kuu"\. "hein\u00e4kuu"\. "elokuu"\. "syyskuu"\. "lokakuu"\. "marraskuu"\. "joulukuu"\. ""]. ::msgcat
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\fo.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):986
          Entropy (8bit):4.07740021579371
          Encrypted:false
          SSDEEP:12:4EnLzu87mY5mvAqO6RxmtV5qHbMj6aywE1ZD4ScMfRDc6VZTEpSecbLwJQT1Y4:4azu874/RqEXsSpffTBtbQQT1t
          MD5:996B699F6821A055B826415446A11C8E
          SHA1:C382039ED7D2AE8D96CF2EA55FA328AE9CFD2F7D
          SHA-256:F249DD1698ED1687E13654C04D08B829193027A2FECC24222EC854B59350466A
          SHA-512:AB6F5ABC9823C7F7A67BA1E821680ACD37761F83CD1F46EC731AB2B72AA34C2E523ACE288E9DE70DB3D58E11F5CB42ECB5A5E4E39BFD7DFD284F1FF6B637E11D
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset fo DAYS_OF_WEEK_ABBREV [list \. "sun"\. "m\u00e1n"\. "t\u00fds"\. "mik"\. "h\u00f3s"\. "fr\u00ed"\. "ley"]. ::msgcat::mcset fo DAYS_OF_WEEK_FULL [list \. "sunnudagur"\. "m\u00e1nadagur"\. "t\u00fdsdagur"\. "mikudagur"\. "h\u00f3sdagur"\. "fr\u00edggjadagur"\. "leygardagur"]. ::msgcat::mcset fo MONTHS_ABBREV [list \. "jan"\. "feb"\. "mar"\. "apr"\. "mai"\. "jun"\. "jul"\. "aug"\. "sep"\. "okt"\. "nov"\. "des"\. ""]. ::msgcat::mcset fo MONTHS_FULL [list \. "januar"\. "februar"\. "mars"\. "apr\u00edl"\. "mai"\. "juni"\. "juli"\. "august"\. "september"\. "oktober"\. "november"\. "desember"\. ""].}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\fo_fo.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):279
          Entropy (8bit):4.816022066048386
          Encrypted:false
          SSDEEP:6:SlSyEtJLlpuoo6dmoZA4HFLoZd3vG5oZd3v6X5oZd+3vnFDoAov:4EnLzu8kyFO3vf3v6f3v9dy
          MD5:A76D09A4FA15A2C985CA6BDD22989D6A
          SHA1:E6105EBCDC547FE2E2FE9EDDC9C573BBDAD85AD0
          SHA-256:7145B57AC5C074BCA968580B337C04A71BBD6EFB93AFAF291C1361FD700DC791
          SHA-512:D16542A1CCDC3F5C2A20300B7E38F43F94F7753E0E99F08EB7240D4F286B263815AD481B29F4E96F268E24BA17C5E135E356448685E1BF65B2B63CE6146AA54C
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset fo_FO DATE_FORMAT "%d/%m-%Y". ::msgcat::mcset fo_FO TIME_FORMAT "%T". ::msgcat::mcset fo_FO TIME_FORMAT_12 "%T". ::msgcat::mcset fo_FO DATE_TIME_FORMAT "%a %d %b %Y %T %z".}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\fr.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1205
          Entropy (8bit):4.313638548211754
          Encrypted:false
          SSDEEP:24:4azu8qW09HSZ2p60wTyVz5bGzJzzTK+VUuG4CNnvxvB:46JYY5moleiUb42vlB
          MD5:B475F8E7D7065A67E73B1E5CDBF9EB1F
          SHA1:1B689EDC29F8BC4517936E5D77A084083F12AE31
          SHA-256:7A87E418B6D8D14D8C11D63708B38D607D28F7DDBF39606C7D8FBA22BE7892CA
          SHA-512:EA77EFF9B23A02F59526499615C08F1314A91AB41561856ED7DF45930FDD8EC11A105218890FD012045C4CC40621C226F94BDC3BEB62B83EA8FAA7AEC20516E7
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset fr DAYS_OF_WEEK_ABBREV [list \. "dim."\. "lun."\. "mar."\. "mer."\. "jeu."\. "ven."\. "sam."]. ::msgcat::mcset fr DAYS_OF_WEEK_FULL [list \. "dimanche"\. "lundi"\. "mardi"\. "mercredi"\. "jeudi"\. "vendredi"\. "samedi"]. ::msgcat::mcset fr MONTHS_ABBREV [list \. "janv."\. "f\u00e9vr."\. "mars"\. "avr."\. "mai"\. "juin"\. "juil."\. "ao\u00fbt"\. "sept."\. "oct."\. "nov."\. "d\u00e9c."\. ""]. ::msgcat::mcset fr MONTHS_FULL [list \. "janvier"\. "f\u00e9vrier"\. "mars"\. "avril"\. "mai"\. "juin"\. "juillet"\. "ao\u00fbt"\. "septembre"\. "octobre"\. "novembre"\. "d\u00e9cembre"\. ""]. ::msgcat::mcset fr BCE "a
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\fr_be.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):279
          Entropy (8bit):4.863262857917797
          Encrypted:false
          SSDEEP:6:SlSyEtJLlpuoo6dmoXqH5oIX3vG5oIX3v6X5og+3vnFDoAov:4EnLzu81qHd3v63v6Y3v9dy
          MD5:483652B6A3D8010C3CDB6CAD0AD95E72
          SHA1:8FCDB01D0729E9F1A0CAC56F79EDB79A37734AF5
          SHA-256:980E703DFB1EEDE7DE48C958F6B501ED4251F69CB0FBCE0FCA85555F5ACF134A
          SHA-512:0282B8F3884BB4406F69AF2D2F44E431FB8077FEA86D09ED5607BC0932A049853D0C5CAF0B57EF0289F42A8265F76CC4B10111A28B1E0E9BD54E9319B25D8DB6
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset fr_BE DATE_FORMAT "%d/%m/%y". ::msgcat::mcset fr_BE TIME_FORMAT "%T". ::msgcat::mcset fr_BE TIME_FORMAT_12 "%T". ::msgcat::mcset fr_BE DATE_TIME_FORMAT "%a %d %b %Y %T %z".}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\fr_ca.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):279
          Entropy (8bit):4.843031408533295
          Encrypted:false
          SSDEEP:6:SlSyEtJLlpuoo6dmooI9jo13vG5o13v6X5o1+3vnFDoAov:4EnLzu8eI9Q3vB3v613v9dy
          MD5:017D816D73DAB852546169F3EC2D16F2
          SHA1:3145BB54D9E1E4D9166186D5B43F411CE0250594
          SHA-256:F16E212D5D1F6E83A9FC4E56874E4C7B8F1947EE882610A73199480319EFA529
          SHA-512:4D4EF395B15F750F16EC64162BE8AB4B082C6CD1877CA63D5EA4A5E940A7F98E46D792115FD105B293DC43714E8662BC4411E14E93F09769A064622E52EDE258
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset fr_CA DATE_FORMAT "%Y-%m-%d". ::msgcat::mcset fr_CA TIME_FORMAT "%T". ::msgcat::mcset fr_CA TIME_FORMAT_12 "%T". ::msgcat::mcset fr_CA DATE_TIME_FORMAT "%a %d %b %Y %T %z".}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\fr_ch.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):281
          Entropy (8bit):4.866549204705568
          Encrypted:false
          SSDEEP:6:SlSyEtJLlpuoo6dmoFt2poF+3vG5oF+3v6X5o++3vnFDoAov:4EnLzu8btn+3vB+3v6+3v9dy
          MD5:8B27EFF0D45F536852E7A819500B7F93
          SHA1:CAED7D4334BAD8BE586A1AEEE270FB6913A03512
          SHA-256:AB160BFDEB5C3ADF071E01C78312A81EE4223BBF5470AB880972BBF5965291F3
          SHA-512:52DD94F524C1D9AB13F5933265691E8C44B2946F507DE30D789FDCFEA7839A4076CB55A01CEB49194134D7BC84E4F490341AAB9DFB75BB960B03829D6550872B
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset fr_CH DATE_FORMAT "%d. %m. %y". ::msgcat::mcset fr_CH TIME_FORMAT "%T". ::msgcat::mcset fr_CH TIME_FORMAT_12 "%T". ::msgcat::mcset fr_CH DATE_TIME_FORMAT "%a %d %b %Y %T %z".}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\ga.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1141
          Entropy (8bit):4.24180563443443
          Encrypted:false
          SSDEEP:24:4azu8qppr5xqPs5Jpwe3zESbs5JpbxK+dfJ:46ct5XGe3zwXu4fJ
          MD5:88D5CB026EBC3605E8693D9A82C2D050
          SHA1:C2A613DC7C367A841D99DE15876F5E7A8027BBF8
          SHA-256:057C75C1AD70653733DCE43EA5BF151500F39314E8B0236EE80F8D5DB623627F
          SHA-512:253575BFB722CF06937BBE4E9867704B95EFE7B112B370E1430A2027A1818BD2560562A43AD2D067386787899093B25AE84ABFE813672A15A649FEF487E31F7A
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset ga DAYS_OF_WEEK_ABBREV [list \. "Domh"\. "Luan"\. "M\u00e1irt"\. "C\u00e9ad"\. "D\u00e9ar"\. "Aoine"\. "Sath"]. ::msgcat::mcset ga DAYS_OF_WEEK_FULL [list \. "D\u00e9 Domhnaigh"\. "D\u00e9 Luain"\. "D\u00e9 M\u00e1irt"\. "D\u00e9 C\u00e9adaoin"\. "D\u00e9ardaoin"\. "D\u00e9 hAoine"\. "D\u00e9 Sathairn"]. ::msgcat::mcset ga MONTHS_ABBREV [list \. "Ean"\. "Feabh"\. "M\u00e1rta"\. "Aib"\. "Beal"\. "Meith"\. "I\u00fail"\. "L\u00fan"\. "MF\u00f3mh"\. "DF\u00f3mh"\. "Samh"\. "Noll"\. ""]. ::msgcat::mcset ga MONTHS_FULL [list \. "Ean\u00e1ir"\. "Feabhra"\. "M\u00e1rta"\. "Aibre\u00e1n"\. "M\u00ed na Bealtaine"\. "Meith"\. "I\u00fail"\. "L\u00fanasa"
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\ga_ie.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):279
          Entropy (8bit):4.7755422576113595
          Encrypted:false
          SSDEEP:6:SlSyEtJLlpuoo6dmobHAyg0obHAqo+3vG5obHAqo+3v6X5obHAy9+3vnFDoAov:4EnLzu8s33vj3v6r3v9dy
          MD5:04452D43DA05A94414973F45CDD12869
          SHA1:AEEDCC2177B592A0025A1DBCFFC0EF3634DBF562
          SHA-256:2072E48C98B480DB5677188836485B4605D5A9D99870AC73B5BFE9DCC6DB46F4
          SHA-512:5A01156FD5AB662EE9D626518B4398A161BAF934E3A618B3A18839A944AEEAEE6FE1A5279D7750511B126DB3AD2CC992CDA067573205ACBC211C34C8A099305F
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset ga_IE DATE_FORMAT "%d.%m.%y". ::msgcat::mcset ga_IE TIME_FORMAT "%T". ::msgcat::mcset ga_IE TIME_FORMAT_12 "%T". ::msgcat::mcset ga_IE DATE_TIME_FORMAT "%a %d %b %Y %T %z".}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\gl.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):950
          Entropy (8bit):4.037076523160125
          Encrypted:false
          SSDEEP:24:4azu8LpP8ihyz/ptFOBViNef9kekIsnyFo0:46J0i0zRtUB0c9dkVneo0
          MD5:B940E67011DDBAD6192E9182C5F0CCC0
          SHA1:83A284899785956ECB015BBB871E7E04A7C36585
          SHA-256:C71A07169CDBE9962616D28F38C32D641DA277E53E67F8E3A69EB320C1E2B88C
          SHA-512:28570CB14452CA5285D97550EA77C9D8F71C57DE6C1D144ADB00B93712F588AF900DA32C10C3A81C7A2DEE11A3DC843780D24218F53920AB72E90321677CC9E8
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset gl DAYS_OF_WEEK_ABBREV [list \. "Dom"\. "Lun"\. "Mar"\. "M\u00e9r"\. "Xov"\. "Ven"\. "S\u00e1b"]. ::msgcat::mcset gl DAYS_OF_WEEK_FULL [list \. "Domingo"\. "Luns"\. "Martes"\. "M\u00e9rcores"\. "Xoves"\. "Venres"\. "S\u00e1bado"]. ::msgcat::mcset gl MONTHS_ABBREV [list \. "Xan"\. "Feb"\. "Mar"\. "Abr"\. "Mai"\. "Xu\u00f1"\. "Xul"\. "Ago"\. "Set"\. "Out"\. "Nov"\. "Dec"\. ""]. ::msgcat::mcset gl MONTHS_FULL [list \. "Xaneiro"\. "Febreiro"\. "Marzo"\. "Abril"\. "Maio"\. "Xu\u00f1o"\. "Xullo"\. "Agosto"\. "Setembro"\. "Outubro"\. "Novembro"\. "Decembro"\. ""].}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\gl_es.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):251
          Entropy (8bit):4.839318757139709
          Encrypted:false
          SSDEEP:6:SlSyEtJLlpuoo6dmoPhkgvNLoPxsF3v6aZoPhk9+3vR6HK:4EnLzu8NrvNEK3v6a2J3voq
          MD5:3FCDF0FC39C8E34F6270A646A996F663
          SHA1:6999E82148E1D1799C389BCC6C6952D5514F4A4B
          SHA-256:BC2B0424CF27BEF67F309E2B6DFFEF4D39C46F15D91C15E83E070C7FD4E20C9C
          SHA-512:CDB9ED694A7E555EB321F559E9B0CC0998FD526ADEF33AD08C56943033351D70900CD6EC62D380E23AB9F65CCFB85F4EEEB4E17FA8CC05E56C2AC57FBEDE721E
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset gl_ES DATE_FORMAT "%d %B %Y". ::msgcat::mcset gl_ES TIME_FORMAT_12 "%l:%M:%S %P". ::msgcat::mcset gl_ES DATE_TIME_FORMAT "%d %B %Y %l:%M:%S %P %z".}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\gv.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1037
          Entropy (8bit):4.13549698574103
          Encrypted:false
          SSDEEP:24:4azu81WjLHkFQSMnKIeCPHy3CAVfbku5SJ:460jwyLTySI4J
          MD5:3350E1228CF7157ECE68762F967F2F32
          SHA1:2D0411DA2F6E0441B1A8683687178E9EB552B835
          SHA-256:75AA686FF901C9E66E51D36E8E78E5154B57EE9045784568F6A8798EA9689207
          SHA-512:1D0B44F00A5E6D7B8CECB67EAF060C6053045610CF7246208C8E63E7271C7780587A184D38ECFDFDCFB976F9433FEFDA0BAF8981FCD197554D0874ED1E6B6428
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset gv DAYS_OF_WEEK_ABBREV [list \. "Jed"\. "Jel"\. "Jem"\. "Jerc"\. "Jerd"\. "Jeh"\. "Jes"]. ::msgcat::mcset gv DAYS_OF_WEEK_FULL [list \. "Jedoonee"\. "Jelhein"\. "Jemayrt"\. "Jercean"\. "Jerdein"\. "Jeheiney"\. "Jesarn"]. ::msgcat::mcset gv MONTHS_ABBREV [list \. "J-guer"\. "T-arree"\. "Mayrnt"\. "Avrril"\. "Boaldyn"\. "M-souree"\. "J-souree"\. "Luanistyn"\. "M-fouyir"\. "J-fouyir"\. "M.Houney"\. "M.Nollick"\. ""]. ::msgcat::mcset gv MONTHS_FULL [list \. "Jerrey-geuree"\. "Toshiaght-arree"\. "Mayrnt"\. "Averil"\. "Boaldyn"\. "Mean-souree"\. "Jerrey-souree"\. "Luanistyn"\. "Mean-fouyir"\. "Jerrey-fouyir"\. "Mee Houney"\.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\gv_gb.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):251
          Entropy (8bit):4.890913756172577
          Encrypted:false
          SSDEEP:6:SlSyEtJLlpuoo6dmoQbtvvNLoQLE3v6aZoQbto+3vR6HK:4EnLzu8CbtvvNBLE3v6avbtF3voq
          MD5:A65040748621B18B1F88072883891280
          SHA1:4D0ED6668A99BAC9B273B0FA8BC74EB6BB9DDFC8
          SHA-256:823AF00F4E44613E929D32770EDB214132B6E210E872751624824DA5F0B78448
          SHA-512:16FFD4107C3B85619629B2CD8A48AB9BC3763FA6E4FE4AE910EDF3B42209CEEB8358D4E7E531C2417875D05E5F801BB19B10130FA8BF70E44CFD8F1BA06F6B6E
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset gv_GB DATE_FORMAT "%d %B %Y". ::msgcat::mcset gv_GB TIME_FORMAT_12 "%l:%M:%S %P". ::msgcat::mcset gv_GB DATE_TIME_FORMAT "%d %B %Y %l:%M:%S %P %z".}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\he.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1938
          Entropy (8bit):4.234997703698801
          Encrypted:false
          SSDEEP:24:4azu8Hdd4CLxLtmCLoCLHCL3CLXLICLP1ptzLzCJCLt5LL53h5Lq+p5LcL3pLzCt:4655ftB9hMcGlhO8/n/0ecOfC3
          MD5:FFD5D8007D78770EA0E7E5643F1BD20A
          SHA1:40854EB81EE670086D0D0C0C2F0F9D8406DF6B47
          SHA-256:D27ADAF74EBB18D6964882CF931260331B93AE4B283427F9A0DB147A83DE1D55
          SHA-512:EFBDADE1157C7E1CB8458CBA89913FB44DC2399AD860FCAEDA588B99230B0934EDAAF8BAB1742E03F06FA8047D3605E8D63BB23EC4B32155C256D07C46ABBFEE
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset he DAYS_OF_WEEK_ABBREV [list \. "\u05d0"\. "\u05d1"\. "\u05d2"\. "\u05d3"\. "\u05d4"\. "\u05d5"\. "\u05e9"]. ::msgcat::mcset he DAYS_OF_WEEK_FULL [list \. "\u05d9\u05d5\u05dd \u05e8\u05d0\u05e9\u05d5\u05df"\. "\u05d9\u05d5\u05dd \u05e9\u05e0\u05d9"\. "\u05d9\u05d5\u05dd \u05e9\u05dc\u05d9\u05e9\u05d9"\. "\u05d9\u05d5\u05dd \u05e8\u05d1\u05d9\u05e2\u05d9"\. "\u05d9\u05d5\u05dd \u05d7\u05de\u05d9\u05e9\u05d9"\. "\u05d9\u05d5\u05dd \u05e9\u05d9\u05e9\u05d9"\. "\u05e9\u05d1\u05ea"]. ::msgcat::mcset he MONTHS_ABBREV [list \. "\u05d9\u05e0\u05d5"\. "\u05e4\u05d1\u05e8"\. "\u05de\u05e8\u05e5"\. "\u05d0\u05e4\u05e8"\. "\u05de\u05d0\u05d9"\. "\u05d9\u05d5\u05e0"\. "\u05d9\u05d5\u05dc"\. "\u05d0\u05d5\u05d2"\. "\u05e1\u05e4\u05d8"\.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\hi.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1738
          Entropy (8bit):4.1505681803025185
          Encrypted:false
          SSDEEP:24:4azu8dVYe48VcOVcz1HtDVcqiVca4mGE18VcRBkEVcRfVcRMsVcqiVca4mGE18VI:465v4bNVO7GQbBkDuM4O7GQbBkDuh3x
          MD5:349823390798DF68270E4DB46C3CA863
          SHA1:814F9506FCD8B592C22A47023E73457C469B2F53
          SHA-256:FAFE65DB09BDCB863742FDA8705BCD1C31B59E0DD8A3B347EA6DEC2596CEE0E9
          SHA-512:4D12213EA9A3EAD6828E21D3B5B73931DC922EBE8FD2373E3A3E106DF1784E0BCE2C9D1FBEAE0D433449BE6D28A0F2F50F49AB8C208E69D413C6787ADF52915E
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset hi DAYS_OF_WEEK_FULL [list \. "\u0930\u0935\u093f\u0935\u093e\u0930"\. "\u0938\u094b\u092e\u0935\u093e\u0930"\. "\u092e\u0902\u0917\u0932\u0935\u093e\u0930"\. "\u092c\u0941\u0927\u0935\u093e\u0930"\. "\u0917\u0941\u0930\u0941\u0935\u093e\u0930"\. "\u0936\u0941\u0915\u094d\u0930\u0935\u093e\u0930"\. "\u0936\u0928\u093f\u0935\u093e\u0930"]. ::msgcat::mcset hi MONTHS_ABBREV [list \. "\u091c\u0928\u0935\u0930\u0940"\. "\u092b\u093c\u0930\u0935\u0930\u0940"\. "\u092e\u093e\u0930\u094d\u091a"\. "\u0905\u092a\u094d\u0930\u0947\u0932"\. "\u092e\u0908"\. "\u091c\u0942\u0928"\. "\u091c\u0941\u0932\u093e\u0908"\. "\u0905\u0917\u0938\u094d\u0924"\. "\u0938\u093f\u0924\u092e\u094d\u092c\u0930"\. "\u0905\u0915\u094d\u091f\u0942\u092c\u0930"\. "\u0928\u0935\u092e\u094d\u092c\u093
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\hi_in.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):251
          Entropy (8bit):4.882853646266983
          Encrypted:false
          SSDEEP:6:SlSyEtJLlpuoo6dmocv+9/Loz3v6rZoco+3v+6f6HK:4EnLzu8+vWq3v6rpF3vmq
          MD5:BC86C58492BCB8828489B871D2A727F0
          SHA1:22EEC74FC011063071A40C3860AE8EF38D898582
          SHA-256:29C7CA358FFFCAF94753C7CC2F63B58386234B75552FA3272C2E36F253770C3F
          SHA-512:ABFE093952144A285F7A86800F5933F7242CB224D917B4BAA4FD2CA48792BEFCBEE9AB7073472510B53D31083719EC68A77DD896410B3DC3C6E2CCD60C2E92F9
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset hi_IN DATE_FORMAT "%d %M %Y". ::msgcat::mcset hi_IN TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset hi_IN DATE_TIME_FORMAT "%d %M %Y %I:%M:%S %P %z".}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\hr.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1121
          Entropy (8bit):4.291836444825864
          Encrypted:false
          SSDEEP:24:4azu84VBVgqoLpYDThoLZDT25KNWg1gqNvEKvOAl:46nNYPSLZP2ZVqJTO+
          MD5:46FD3DF765F366C60B91FA0C4DE147DE
          SHA1:5E006D1ACA7BBDAC9B8A65EFB26FAFC03C6E9FDE
          SHA-256:9E14D8F7F54BE953983F198C8D59F38842C5F73419A5E81BE6460B3623E7307A
          SHA-512:3AC26C55FB514D9EA46EF57582A2E0B64822E90C889F4B83A62EE255744FEBE0A012079DD764E0F6C7338B3580421C5B6C8575E0B85632015E3689CF58D9EB77
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset hr DAYS_OF_WEEK_ABBREV [list \. "ned"\. "pon"\. "uto"\. "sri"\. "\u010det"\. "pet"\. "sub"]. ::msgcat::mcset hr DAYS_OF_WEEK_FULL [list \. "nedjelja"\. "ponedjeljak"\. "utorak"\. "srijeda"\. "\u010detvrtak"\. "petak"\. "subota"]. ::msgcat::mcset hr MONTHS_ABBREV [list \. "sij"\. "vel"\. "o\u017eu"\. "tra"\. "svi"\. "lip"\. "srp"\. "kol"\. "ruj"\. "lis"\. "stu"\. "pro"\. ""]. ::msgcat::mcset hr MONTHS_FULL [list \. "sije\u010danj"\. "velja\u010da"\. "o\u017eujak"\. "travanj"\. "svibanj"\. "lipanj"\. "srpanj"\. "kolovoz"\. "rujan"\. "listopad"\. "studeni"\. "prosinac"\. ""]. ::msgcat::mcset hr DATE_FORMAT "
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\hu.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1327
          Entropy (8bit):4.447184847972284
          Encrypted:false
          SSDEEP:24:4azu8Xjv5ZemNruwcVNtZHTE9wocxPvt9vq:46fBZemNqwIZHTEE3t5q
          MD5:0561E62941F6ED8965DFC4E2B424E028
          SHA1:C622B21C0DBA83F943FBD10C746E5FABE20235B2
          SHA-256:314F4180C05DE4A4860F65AF6460900FFF77F12C08EDD728F68CA0065126B9AE
          SHA-512:CAD01C963145463612BBAE4B9F5C80B83B228C0181C2500CE8CE1394E1A32CCA3587221F1406F6343029059F5AD47E8FD5514535DCEA45BBA6B2AE76993DFFBD
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset hu DAYS_OF_WEEK_ABBREV [list \. "V"\. "H"\. "K"\. "Sze"\. "Cs"\. "P"\. "Szo"]. ::msgcat::mcset hu DAYS_OF_WEEK_FULL [list \. "vas\u00e1rnap"\. "h\u00e9tf\u0151"\. "kedd"\. "szerda"\. "cs\u00fct\u00f6rt\u00f6k"\. "p\u00e9ntek"\. "szombat"]. ::msgcat::mcset hu MONTHS_ABBREV [list \. "jan."\. "febr."\. "m\u00e1rc."\. "\u00e1pr."\. "m\u00e1j."\. "j\u00fan."\. "j\u00fal."\. "aug."\. "szept."\. "okt."\. "nov."\. "dec."\. ""]. ::msgcat::mcset hu MONTHS_FULL [list \. "janu\u00e1r"\. "febru\u00e1r"\. "m\u00e1rcius"\. "\u00e1prilis"\. "m\u00e1jus"\. "j\u00fanius"\. "j\u00falius"\. "augusztus"\. "szeptember"\. "okt\u00f3ber"\. "nove
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\id.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):914
          Entropy (8bit):3.9322448438499125
          Encrypted:false
          SSDEEP:24:4azu8acGEXctI9tdb/7579g6tdhUgQbVg:46GBEXKI9tdHtdwg
          MD5:CE834C7E0C3170B733122FF8BF38C28D
          SHA1:693ACC2A0972156B984106AFD07911AF14C4F19C
          SHA-256:1F1B0F5DEDE0263BD81773A78E98AF551F36361ACCB315B618C8AE70A5FE781E
          SHA-512:23BFC6E2CDB7BA75AAC3AA75869DF4A235E4526E8E83D73551B3BC2CE89F3675EBFA75BC94177F2C2BD6AC58C1B125BE65F8489BC4F85FA701415DB9768F7A80
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset id DAYS_OF_WEEK_ABBREV [list \. "Min"\. "Sen"\. "Sel"\. "Rab"\. "Kam"\. "Jum"\. "Sab"]. ::msgcat::mcset id DAYS_OF_WEEK_FULL [list \. "Minggu"\. "Senin"\. "Selasa"\. "Rabu"\. "Kamis"\. "Jumat"\. "Sabtu"]. ::msgcat::mcset id MONTHS_ABBREV [list \. "Jan"\. "Peb"\. "Mar"\. "Apr"\. "Mei"\. "Jun"\. "Jul"\. "Agu"\. "Sep"\. "Okt"\. "Nov"\. "Des"\. ""]. ::msgcat::mcset id MONTHS_FULL [list \. "Januari"\. "Pebruari"\. "Maret"\. "April"\. "Mei"\. "Juni"\. "Juli"\. "Agustus"\. "September"\. "Oktober"\. "November"\. "Desember"\. ""].}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\id_id.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):251
          Entropy (8bit):4.857986813915644
          Encrypted:false
          SSDEEP:6:SlSyEtJLlpuoo6dmo0kGvNLo0F/W3v6aZo0kT+3vR6HK:4EnLzu8NGvNS3v6aQK3voq
          MD5:A285817AAABD5203706D5F2A34158C03
          SHA1:18FD0178051581C9F019604499BF91B16712CC91
          SHA-256:DB81643BA1FD115E9D547943A889A56DFC0C81B63F21B1EDC1955C6884C1B2F5
          SHA-512:0B6C684F2E5122681309A6212980C95C14172723F12D4864AF8A8A913DC7081BC42AC39CF087D29770B4A1F0B3B1F712856CBF05D1975FFFC008C16A91081A00
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset id_ID DATE_FORMAT "%d %B %Y". ::msgcat::mcset id_ID TIME_FORMAT_12 "%l:%M:%S %P". ::msgcat::mcset id_ID DATE_TIME_FORMAT "%d %B %Y %l:%M:%S %P %z".}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\is.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1255
          Entropy (8bit):4.391152464169964
          Encrypted:false
          SSDEEP:24:4azu8qVXVDWpXMVmDz1ZVcWVzbQ1/xZ9b3eYXvhv3eT3:462hVW5JDz1ZVUbpfV83
          MD5:6695839F1C4D2A92552CB1647FD14DA5
          SHA1:04CB1976846A78EA9593CB3706C9D61173CE030C
          SHA-256:6767115FFF2DA05F49A28BAD78853FAC6FC716186B985474D6D30764E1727C40
          SHA-512:208766038A6A1D748F4CB2660F059AD355A5439EA6D8326F4F410B2DFBBDEECB55D4CE230C01C519B08CAB1CF5E5B3AC61E7BA86020A7BDA1AFEA624F3828521
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset is DAYS_OF_WEEK_ABBREV [list \. "sun."\. "m\u00e1n."\. "\u00feri."\. "mi\u00f0."\. "fim."\. "f\u00f6s."\. "lau."]. ::msgcat::mcset is DAYS_OF_WEEK_FULL [list \. "sunnudagur"\. "m\u00e1nudagur"\. "\u00feri\u00f0judagur"\. "mi\u00f0vikudagur"\. "fimmtudagur"\. "f\u00f6studagur"\. "laugardagur"]. ::msgcat::mcset is MONTHS_ABBREV [list \. "jan."\. "feb."\. "mar."\. "apr."\. "ma\u00ed"\. "j\u00fan."\. "j\u00fal."\. "\u00e1g\u00fa."\. "sep."\. "okt."\. "n\u00f3v."\. "des."\. ""]. ::msgcat::mcset is MONTHS_FULL [list \. "jan\u00faar"\. "febr\u00faar"\. "mars"\. "apr\u00edl"\. "ma\u00ed"\. "j\u00fan\u00ed"\. "j\u00fal\u00ed"\. "\u00e1g\u00fast"\.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\it.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1240
          Entropy (8bit):4.207511774275323
          Encrypted:false
          SSDEEP:24:4azu8iYJcc8jYShjLhQ6I3S68gvNvlNUhsFNlVGvNmv5svc:46Wi38jBJLhQ6I3EgFtNo4NlVGlw5Kc
          MD5:8E205D032206D794A681E2A994532FA6
          SHA1:47098672D339624474E8854EB0512D54A0CA49E7
          SHA-256:C7D84001855586A0BAB236A6A5878922D9C4A2EA1799BF18544869359750C0DF
          SHA-512:139219DBD014CCA15922C45C7A0468F62E864F18CC16C7B8506258D1ECD766E1EFF6EAE4DFDAF72898B9AF1A5E6CE8D7BB0F1A93A6604D2539F2645C9ED8D146
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset it DAYS_OF_WEEK_ABBREV [list \. "dom"\. "lun"\. "mar"\. "mer"\. "gio"\. "ven"\. "sab"]. ::msgcat::mcset it DAYS_OF_WEEK_FULL [list \. "domenica"\. "luned\u00ec"\. "marted\u00ec"\. "mercoled\u00ec"\. "gioved\u00ec"\. "venerd\u00ec"\. "sabato"]. ::msgcat::mcset it MONTHS_ABBREV [list \. "gen"\. "feb"\. "mar"\. "apr"\. "mag"\. "giu"\. "lug"\. "ago"\. "set"\. "ott"\. "nov"\. "dic"\. ""]. ::msgcat::mcset it MONTHS_FULL [list \. "gennaio"\. "febbraio"\. "marzo"\. "aprile"\. "maggio"\. "giugno"\. "luglio"\. "agosto"\. "settembre"\. "ottobre"\. "novembre"\. "dicembre"\. ""]. ::msgcat::mcset it BCE "aC". ::msgc
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\it_ch.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):244
          Entropy (8bit):4.851375233848049
          Encrypted:false
          SSDEEP:6:SlSyEtJLlpuoo6dmoi5jLWNLoyJ+3vULoia+3vjLtA6:4EnLzu8m3WNJ+3v23v3t3
          MD5:8666E24230AED4DC76DB93BE1EA07FF6
          SHA1:7C688C8693C76AEE07FB32637CD58E47A85760F3
          SHA-256:2EE356FFA2491A5A60BDF7D7FEBFAC426824904738615A0C1D07AEF6BDA3B76F
          SHA-512:BCCE87FB94B28B369B9EE48D792A399DB8250D0D3D73FC05D053276A7475229EF1555D5E516D780092496F0E5F229A9912A45FB5A88C024FCEBF08E654D37B07
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset it_CH DATE_FORMAT "%e. %B %Y". ::msgcat::mcset it_CH TIME_FORMAT "%H:%M:%S". ::msgcat::mcset it_CH DATE_TIME_FORMAT "%e. %B %Y %H:%M:%S %z".}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\ja.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1664
          Entropy (8bit):4.88149888596689
          Encrypted:false
          SSDEEP:24:4azu8VcQHxbtVLKMwvtFwvQv4fTweLvDvTwS0Zu+jqgv:46RbItt4mCEebzES0njqq
          MD5:430DEB41034402906156D7E23971CD2C
          SHA1:0952FFBD241B5111714275F5CD8FB5545067FFEC
          SHA-256:38DCA9B656241884923C451A369B90A9F1D76F9029B2E98E04784323169C3251
          SHA-512:AE5DF1B79AE34DF4CC1EB00406FFF49541A95E2C732E3041CCE321F2F3FA6461BB45C6524A5FEB77E18577206CBD88A83FBF20B4B058BAE9B889179C93221557
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset ja DAYS_OF_WEEK_ABBREV [list \. "\u65e5"\. "\u6708"\. "\u706b"\. "\u6c34"\. "\u6728"\. "\u91d1"\. "\u571f"]. ::msgcat::mcset ja DAYS_OF_WEEK_FULL [list \. "\u65e5\u66dc\u65e5"\. "\u6708\u66dc\u65e5"\. "\u706b\u66dc\u65e5"\. "\u6c34\u66dc\u65e5"\. "\u6728\u66dc\u65e5"\. "\u91d1\u66dc\u65e5"\. "\u571f\u66dc\u65e5"]. ::msgcat::mcset ja MONTHS_FULL [list \. "1\u6708"\. "2\u6708"\. "3\u6708"\. "4\u6708"\. "5\u6708"\. "6\u6708"\. "7\u6708"\. "8\u6708"\. "9\u6708"\. "10\u6708"\. "11\u6708"\. "12\u6708"]. ::msgcat::mcset ja BCE "\u7d00\u5143\u524d". ::msgcat::mcset ja CE "\u897f\u66a6". ::msgcat::mcset ja AM "\u5348\u524d". ::msgcat::mcset ja PM "\u5348\u5f8c". ::msgcat::mcset ja DATE_FORMAT "%Y/%m/%
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\kl.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):978
          Entropy (8bit):4.013253613061898
          Encrypted:false
          SSDEEP:24:4azu83jGeo9sbjCjS3jCwjLj+zSsS9CfzTA2Qcl:46OOsJzTvl
          MD5:AE55E001BBE3272CE13369C836139EF3
          SHA1:D912A0AEBA08BC97D80E9B7A55CE146956C90BCC
          SHA-256:1B00229DF5A979A040339BBC72D448F39968FEE5CC24F07241C9F6129A9B53DD
          SHA-512:E53E8DB56AD367E832A121D637CA4755E6C8768C063E4BE43E6193C5F71ED7AA10F7223AC85750C0CAD543CF4A0BFE578CBA2877F176A5E58DCA2BAA2F7177FB
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset kl DAYS_OF_WEEK_ABBREV [list \. "sab"\. "ata"\. "mar"\. "pin"\. "sis"\. "tal"\. "arf"]. ::msgcat::mcset kl DAYS_OF_WEEK_FULL [list \. "sabaat"\. "ataasinngorneq"\. "marlunngorneq"\. "pingasunngorneq"\. "sisamanngorneq"\. "tallimanngorneq"\. "arfininngorneq"]. ::msgcat::mcset kl MONTHS_ABBREV [list \. "jan"\. "feb"\. "mar"\. "apr"\. "maj"\. "jun"\. "jul"\. "aug"\. "sep"\. "okt"\. "nov"\. "dec"\. ""]. ::msgcat::mcset kl MONTHS_FULL [list \. "januari"\. "februari"\. "martsi"\. "aprili"\. "maji"\. "juni"\. "juli"\. "augustusi"\. "septemberi"\. "oktoberi"\. "novemberi"\. "decemberi"\. ""].}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\kl_gl.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):279
          Entropy (8bit):4.83493357349932
          Encrypted:false
          SSDEEP:6:SlSyEtJLlpuoo6dmoEpb53FD/LoEpLE3vG5oEpLE3v6X5oEpba+3vnFDoAov:4EnLzu8KF3FD/1w3vMw3v6T/3v9dy
          MD5:4B8E5B6EB7C27A02DBC0C766479B068D
          SHA1:E97A948FFE6C8DE99F91987155DF0A81A630950E
          SHA-256:F99DA45138A8AEBFD92747FC28992F0C315C6C4AD97710EAF9427263BFFA139C
          SHA-512:D726494A6F4E1FB8C71B8B56E9B735C1837D8D22828D006EF386E41AD15CD1E4CF14DAC01966B9AFE41F7B6A44916EFC730CF038B4EC393043AE9021D11DACF2
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset kl_GL DATE_FORMAT "%d %b %Y". ::msgcat::mcset kl_GL TIME_FORMAT "%T". ::msgcat::mcset kl_GL TIME_FORMAT_12 "%T". ::msgcat::mcset kl_GL DATE_TIME_FORMAT "%a %d %b %Y %T %z".}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\ko.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1566
          Entropy (8bit):4.552910804130986
          Encrypted:false
          SSDEEP:24:4azu8cVBfHVnYgY+YGkYeY02Y7YkMXjDHMXjqKKyvtuvFd8vUPvwEq:46ojlmpYEY7XjDsXj+0t4zaU3wt
          MD5:A4C37AF81FC4AA6003226A95539546C1
          SHA1:A18A7361783896C691BD5BE8B3A1FCCCCB015F43
          SHA-256:F6E2B0D116D2C9AC90DDA430B6892371D87A4ECFB6955318978ED6F6E9D546A6
          SHA-512:FBE6BA258C250BD90FADCC42AC18A17CC4E7B040F160B94075AF1F42ECD43EEA6FE49DA52CF9B5BBB5D965D6AB7C4CC4053A78E865241F891E13F94EB20F0472
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset ko DAYS_OF_WEEK_ABBREV [list \. "\uc77c"\. "\uc6d4"\. "\ud654"\. "\uc218"\. "\ubaa9"\. "\uae08"\. "\ud1a0"]. ::msgcat::mcset ko DAYS_OF_WEEK_FULL [list \. "\uc77c\uc694\uc77c"\. "\uc6d4\uc694\uc77c"\. "\ud654\uc694\uc77c"\. "\uc218\uc694\uc77c"\. "\ubaa9\uc694\uc77c"\. "\uae08\uc694\uc77c"\. "\ud1a0\uc694\uc77c"]. ::msgcat::mcset ko MONTHS_ABBREV [list \. "1\uc6d4"\. "2\uc6d4"\. "3\uc6d4"\. "4\uc6d4"\. "5\uc6d4"\. "6\uc6d4"\. "7\uc6d4"\. "8\uc6d4"\. "9\uc6d4"\. "10\uc6d4"\. "11\uc6d4"\. "12\uc6d4"\. ""]. ::msgcat::mcset ko MONTHS_FULL [list \. "1\uc6d4"\. "2\uc6d4"\. "3\uc6d4"\. "4\uc6d4"\. "5\uc6d4"\. "6\uc6d4"\. "7\uc6d4"\. "8\uc6d4"\.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\ko_kr.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):346
          Entropy (8bit):5.015790750376121
          Encrypted:false
          SSDEEP:6:SlSyEtJLlpuoo6dmo56SFZhjNo56m5Ybo56TGMZo56a/W3v6mfvLo56TT+3vOAEP:4EnLzu8r62vjs6m5YS6TGN6a+3v6o66J
          MD5:9C7E97A55A957AB1D1B5E988AA514724
          SHA1:592F8FF9FABBC7BF48539AF748DCFC9241AED82D
          SHA-256:31A4B74F51C584354907251C55FE5CE894D2C9618156A1DC6F5A979BC350DB17
          SHA-512:9D04DF2A87AFE24C339E1A0F6358FE995CBCAF8C7B08A1A7953675E2C2C1EDBCAF297B23C2B9BEC398DFEE6D1D75CE32E31389A7199466A38BC83C8DBBA67C77
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset ko_KR BCE "\uae30\uc6d0\uc804". ::msgcat::mcset ko_KR CE "\uc11c\uae30". ::msgcat::mcset ko_KR DATE_FORMAT "%Y.%m.%d". ::msgcat::mcset ko_KR TIME_FORMAT_12 "%P %l:%M:%S". ::msgcat::mcset ko_KR DATE_TIME_FORMAT "%Y.%m.%d %P %l:%M:%S %z".}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\kok.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1958
          Entropy (8bit):4.1451019501109965
          Encrypted:false
          SSDEEP:24:4azu8Z448VcOVczWdSVcqVcR0q4vTqBBiXCVcqVcR0q4vTqBBiaMv:46u48h0qpBBaR0qpBBVu
          MD5:E7938CB3AF53D42B4142CB104AB04B3B
          SHA1:6205BD2336857F368CABF89647F54D94E093A77B
          SHA-256:D236D5B27184B1E813E686D901418117F22D67024E6944018FC4B633DF9FF744
          SHA-512:CE77CE2EC773F3A1A3CD68589C26F7089E8133ADE601CE899EEB0B13648051344A94E69AEC2C8C58349456E52B11EB7545C8926E3F08DB643EE551C641FF38DB
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset kok DAYS_OF_WEEK_FULL [list \. "\u0906\u0926\u093f\u0924\u094d\u092f\u0935\u093e\u0930"\. "\u0938\u094b\u092e\u0935\u093e\u0930"\. "\u092e\u0902\u0917\u0933\u093e\u0930"\. "\u092c\u0941\u0927\u0935\u093e\u0930"\. "\u0917\u0941\u0930\u0941\u0935\u093e\u0930"\. "\u0936\u0941\u0915\u094d\u0930\u0935\u093e\u0930"\. "\u0936\u0928\u093f\u0935\u093e\u0930"]. ::msgcat::mcset kok MONTHS_ABBREV [list \. "\u091c\u093e\u0928\u0947\u0935\u093e\u0930\u0940"\. "\u092b\u0947\u092c\u0943\u0935\u093e\u0930\u0940"\. "\u092e\u093e\u0930\u094d\u091a"\. "\u090f\u092a\u094d\u0930\u093f\u0932"\. "\u092e\u0947"\. "\u091c\u0942\u0928"\. "\u091c\u0941\u0932\u0948"\. "\u0913\u0917\u0938\u094d\u091f"\. "\u0938\u0947\u092a\u094d\u091f\u0947\u0902\u092c\u0930"\. "\u0913\u0915\u094d\u091f\u094b\u092c\u0
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\kok_in.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):254
          Entropy (8bit):4.8580653411441155
          Encrypted:false
          SSDEEP:6:SlSyEtJLlpuoo6dmo5VsNv+9/Lo5VsU3v6rZo5VsNo+3v+6f6HK:4EnLzu8rVsNvWiVsU3v6rAVsNF3vmq
          MD5:A3B27D44ED430AEC7DF2A47C19659CC4
          SHA1:700E4B9C395B540BFCE9ABDC81E6B9B758893DC9
          SHA-256:BEE07F14C7F4FC93B62AC318F89D2ED0DD6FF30D2BF21C2874654FF0292A6C4B
          SHA-512:79E9D8B817BDB6594A7C95991B2F6D7571D1C2976E74520D28223CF9F05EAA2128A44BC83A94089F09011FFCA9DB5E2D4DD74B59DE2BADC022E1571C595FE36C
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset kok_IN DATE_FORMAT "%d %M %Y". ::msgcat::mcset kok_IN TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset kok_IN DATE_TIME_FORMAT "%d %M %Y %I:%M:%S %P %z".}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\kw.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):966
          Entropy (8bit):3.9734955453120504
          Encrypted:false
          SSDEEP:12:4EnLzu8z4md0eKwCW44mtls79cp32AqghoPx9ab43gWgw3SeWOdSyECYf5AQZ0eD:4azu806vCmgs7aB2seFkhq+9
          MD5:413A264B40EEBEB28605481A3405D27D
          SHA1:9C2EFA6326C62962DCD83BA8D16D89616D2C5B77
          SHA-256:F49F4E1C7142BF7A82FC2B9FC075171AE45903FE69131478C15219D72BBAAD33
          SHA-512:CF0559DB130B8070FEC93A64F5317A2C9CDE7D5EAFD1E92E76EAAE0740C6429B7AB7A60BD833CCA4ABCC0AADEBC6A68F854FF654E0707091023D275404172427
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset kw DAYS_OF_WEEK_ABBREV [list \. "Sul"\. "Lun"\. "Mth"\. "Mhr"\. "Yow"\. "Gwe"\. "Sad"]. ::msgcat::mcset kw DAYS_OF_WEEK_FULL [list \. "De Sul"\. "De Lun"\. "De Merth"\. "De Merher"\. "De Yow"\. "De Gwener"\. "De Sadorn"]. ::msgcat::mcset kw MONTHS_ABBREV [list \. "Gen"\. "Whe"\. "Mer"\. "Ebr"\. "Me"\. "Evn"\. "Gor"\. "Est"\. "Gwn"\. "Hed"\. "Du"\. "Kev"\. ""]. ::msgcat::mcset kw MONTHS_FULL [list \. "Mys Genver"\. "Mys Whevrel"\. "Mys Merth"\. "Mys Ebrel"\. "Mys Me"\. "Mys Evan"\. "Mys Gortheren"\. "Mye Est"\. "Mys Gwyngala"\. "Mys Hedra"\. "Mys Du"\. "Mys Kevardhu"\. ""].}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\kw_gb.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):251
          Entropy (8bit):4.914818138642697
          Encrypted:false
          SSDEEP:6:SlSyEtJLlpuoo6dmoh6AvvNLoh633v6aZoh6Ao+3vR6HK:4EnLzu8z6AvvN6633v6aY6AF3voq
          MD5:D325ADCF1F81F40D7B5D9754AE0542F3
          SHA1:7A6BCD6BE5F41F84B600DF355CB00ECB9B4AE8C0
          SHA-256:7A8A539C8B990AEFFEA06188B98DC437FD2A6E89FF66483EF334994E73FD0EC9
          SHA-512:A05BBB3F80784B9C8BBA3FE618FEE154EE40D240ED4CFF7CD6EEE3D97BC4F065EFF585583123F1FFD8ABA1A194EB353229E15ED5CD43759D4D356EC5BE8DCD73
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset kw_GB DATE_FORMAT "%d %B %Y". ::msgcat::mcset kw_GB TIME_FORMAT_12 "%l:%M:%S %P". ::msgcat::mcset kw_GB DATE_TIME_FORMAT "%d %B %Y %l:%M:%S %P %z".}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\lt.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1255
          Entropy (8bit):4.4416408590245
          Encrypted:false
          SSDEEP:24:4azu8FHYI4/+HYZoNPW43VvJZb3lSuRnixx/x5JfbiMQeTVYkG2CvRksvQ:46hHNHhu43VxZb3lSuRwxZ5VbiMQeTVL
          MD5:73F0A9C360A90CB75C6DA7EF87EF512F
          SHA1:582EB224C9715C8336B4D1FCE7DDEC0D89F5AD71
          SHA-256:510D8EED3040B50AFAF6A3C85BC98847F1B4D5D8A685C5EC06ACC2491B890101
          SHA-512:B5482C7448BFC44B05FCF7EB0642B0C7393F4438082A507A94C13F56F12A115A5CE7F0744518BB0B2FAF759D1AD7744B0BEDB98F563C2A4AB11BC4619D7CEA22
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset lt DAYS_OF_WEEK_ABBREV [list \. "Sk"\. "Pr"\. "An"\. "Tr"\. "Kt"\. "Pn"\. "\u0160t"]. ::msgcat::mcset lt DAYS_OF_WEEK_FULL [list \. "Sekmadienis"\. "Pirmadienis"\. "Antradienis"\. "Tre\u010diadienis"\. "Ketvirtadienis"\. "Penktadienis"\. "\u0160e\u0161tadienis"]. ::msgcat::mcset lt MONTHS_ABBREV [list \. "Sau"\. "Vas"\. "Kov"\. "Bal"\. "Geg"\. "Bir"\. "Lie"\. "Rgp"\. "Rgs"\. "Spa"\. "Lap"\. "Grd"\. ""]. ::msgcat::mcset lt MONTHS_FULL [list \. "Sausio"\. "Vasario"\. "Kovo"\. "Baland\u017eio"\. "Gegu\u017e\u0117s"\. "Bir\u017eelio"\. "Liepos"\. "Rugpj\u016b\u010dio"\. "Rugs\u0117jo"\. "Spalio"\. "Lapkri\u010dio"\. "G
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\lv.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1219
          Entropy (8bit):4.39393801727056
          Encrypted:false
          SSDEEP:24:4azu8lmZG0me3AEcGo49bJcpF9gT9PCbF5uld0vVcASAr8svJ5vk3:46TGAE8Q/PG5dv//Lk3
          MD5:D5DEB8EFFE6298858F9D1B9FAD0EA525
          SHA1:973DF40D0464BCE10EB5991806D9990B65AB0F82
          SHA-256:FD95B38A3BEBD59468BDC2890BAC59DF31C352E17F2E77C82471E1CA89469802
          SHA-512:F024E3D6D30E8E5C3316364A905C8CCAC87427BFC2EC10E72065F1DD114A112A61FDECDF1C4EC9C3D8BB9A54D18ED4AE9D57B07DA4AFFE480DE12F3D54BED928
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset lv DAYS_OF_WEEK_ABBREV [list \. "Sv"\. "P"\. "O"\. "T"\. "C"\. "Pk"\. "S"]. ::msgcat::mcset lv DAYS_OF_WEEK_FULL [list \. "sv\u0113tdiena"\. "pirmdiena"\. "otrdiena"\. "tre\u0161diena"\. "ceturdien"\. "piektdiena"\. "sestdiena"]. ::msgcat::mcset lv MONTHS_ABBREV [list \. "Jan"\. "Feb"\. "Mar"\. "Apr"\. "Maijs"\. "J\u016bn"\. "J\u016bl"\. "Aug"\. "Sep"\. "Okt"\. "Nov"\. "Dec"\. ""]. ::msgcat::mcset lv MONTHS_FULL [list \. "janv\u0101ris"\. "febru\u0101ris"\. "marts"\. "apr\u012blis"\. "maijs"\. "j\u016bnijs"\. "j\u016blijs"\. "augusts"\. "septembris"\. "oktobris"\. "novembris"\. "decembris"\. ""]. ::msgcat
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\mk.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):2105
          Entropy (8bit):4.237536682442766
          Encrypted:false
          SSDEEP:48:46UcQdZnlcQfAQPWQEHKr9nGUeDjDpxpWQ1Q3QuQoQLX9TSQ2QIQPQHp7+8i:hNdR7cr9nMvXI0i7F89TSn1KX
          MD5:CD589758D4F4B522781A10003D3E1791
          SHA1:D953DD123D54B02BAF4B1AE0D36081CDFCA38444
          SHA-256:F384DD88523147CEF42AA871D323FC4CBEE338FF67CC5C95AEC7940C0E531AE3
          SHA-512:2EA1E71CD1E958F83277006343E85513D112CBB3C22CBFF29910CB1FC37F2389B3F1DCB2533EC59F9E642624869E5C61F289FDC010B55C6EECEF378F2D92DB0B
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset mk DAYS_OF_WEEK_ABBREV [list \. "\u043d\u0435\u0434."\. "\u043f\u043e\u043d."\. "\u0432\u0442."\. "\u0441\u0440\u0435."\. "\u0447\u0435\u0442."\. "\u043f\u0435\u0442."\. "\u0441\u0430\u0431."]. ::msgcat::mcset mk DAYS_OF_WEEK_FULL [list \. "\u043d\u0435\u0434\u0435\u043b\u0430"\. "\u043f\u043e\u043d\u0435\u0434\u0435\u043b\u043d\u0438\u043a"\. "\u0432\u0442\u043e\u0440\u043d\u0438\u043a"\. "\u0441\u0440\u0435\u0434\u0430"\. "\u0447\u0435\u0442\u0432\u0440\u0442\u043e\u043a"\. "\u043f\u0435\u0442\u043e\u043a"\. "\u0441\u0430\u0431\u043e\u0442\u0430"]. ::msgcat::mcset mk MONTHS_ABBREV [list \. "\u0458\u0430\u043d."\. "\u0444\u0435\u0432."\. "\u043c\u0430\u0440."\. "\u0430\u043f\u0440."\. "\u043c\u0430\u0458."\. "\u0458\u0443\u043d."\. "\u0458\
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\mr.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1807
          Entropy (8bit):4.160320823510059
          Encrypted:false
          SSDEEP:24:4azu8ocYe48VcOVczyVczoRSVcqVcR0q4vTqBBiPNVcqVcR0q4vTqBBil:46R48h0qpBBkI0qpBBe
          MD5:791408BAE710B77A27AD664EC3325E1C
          SHA1:E760B143A854838E18FFB66500F4D312DD80634E
          SHA-256:EB2E2B7A41854AF68CEF5881CF1FBF4D38E70D2FAB2C3F3CE5901AA5CC56FC15
          SHA-512:FE91EF67AB9313909FE0C29D5FBE2298EE35969A26A63D94A406BFDA7BCF932F2211F94C0E3C1D718DBC2D1145283C768C23487EEB253249ACFE76E8D1F1D1E5
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset mr DAYS_OF_WEEK_FULL [list \. "\u0930\u0935\u093f\u0935\u093e\u0930"\. "\u0938\u094b\u092e\u0935\u093e\u0930"\. "\u092e\u0902\u0917\u0933\u0935\u093e\u0930"\. "\u092e\u0902\u0917\u0933\u0935\u093e\u0930"\. "\u0917\u0941\u0930\u0941\u0935\u093e\u0930"\. "\u0936\u0941\u0915\u094d\u0930\u0935\u093e\u0930"\. "\u0936\u0928\u093f\u0935\u093e\u0930"]. ::msgcat::mcset mr MONTHS_ABBREV [list \. "\u091c\u093e\u0928\u0947\u0935\u093e\u0930\u0940"\. "\u092b\u0947\u092c\u0943\u0935\u093e\u0930\u0940"\. "\u092e\u093e\u0930\u094d\u091a"\. "\u090f\u092a\u094d\u0930\u093f\u0932"\. "\u092e\u0947"\. "\u091c\u0942\u0928"\. "\u091c\u0941\u0932\u0948"\. "\u0913\u0917\u0938\u094d\u091f"\. "\u0938\u0947\u092a\u094d\u091f\u0947\u0902\u092c\u0930"\. "\u0913\u0915\u094d\u091f\u094b\u092c\u0930"\.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\mr_in.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):251
          Entropy (8bit):4.847742455062573
          Encrypted:false
          SSDEEP:6:SlSyEtJLlpuoo6dmoGNv+9/LoGU3v6rZoGNo+3v+6f6HK:4EnLzu8GvWe3v6r5F3vmq
          MD5:899E845D33CAAFB6AD3B1F24B3F92843
          SHA1:FC17A6742BF87E81BBD4D5CB7B4DCED0D4DD657B
          SHA-256:F75A29BB323DB4354B0C759CB1C8C5A4FFC376DFFD74274CA60A36994816A75C
          SHA-512:99D05FCE8A9C9BE06FDA8B54D4DE5497141F6373F470B2AB24C2D00B9C56031350F5DCDA2283A0E6F5B09FF21218FC3C7E2A6AB8ECC5BB020546FD62BDC8FF99
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset mr_IN DATE_FORMAT "%d %M %Y". ::msgcat::mcset mr_IN TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset mr_IN DATE_TIME_FORMAT "%d %M %Y %I:%M:%S %P %z".}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\ms.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):910
          Entropy (8bit):3.9292866027924838
          Encrypted:false
          SSDEEP:12:4EnLzu82mCBuvFYcEfmt1qWjefjESRsToOqrlHvFguSixTRs1OAfC67:4azu82nBuHEfKxjeby7cl9gbZUAfCc
          MD5:441CC737D383D8213F64B62A5DBEEC3E
          SHA1:34FBE99FB25A0DCA2FDA2C008AC8127BA2BC273B
          SHA-256:831F611EE851A64BF1BA5F9A5441EC1D50722FA9F15B4227707FE1927F754DE4
          SHA-512:0474B2127890F63814CD9E77D156B5E4FC45EB3C17A57719B672AC9E3A6EEA9934F0BE158F76808B34A11DA844AB900652C18E512830278DFED2666CD005FBE5
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset ms DAYS_OF_WEEK_ABBREV [list \. "Aha"\. "Isn"\. "Sei"\. "Rab"\. "Kha"\. "Jum"\. "Sab"]. ::msgcat::mcset ms DAYS_OF_WEEK_FULL [list \. "Ahad"\. "Isnin"\. "Selasa"\. "Rahu"\. "Khamis"\. "Jumaat"\. "Sabtu"]. ::msgcat::mcset ms MONTHS_ABBREV [list \. "Jan"\. "Feb"\. "Mac"\. "Apr"\. "Mei"\. "Jun"\. "Jul"\. "Ogos"\. "Sep"\. "Okt"\. "Nov"\. "Dis"\. ""]. ::msgcat::mcset ms MONTHS_FULL [list \. "Januari"\. "Februari"\. "Mac"\. "April"\. "Mei"\. "Jun"\. "Julai"\. "Ogos"\. "September"\. "Oktober"\. "November"\. "Disember"\. ""].}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\ms_my.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):259
          Entropy (8bit):4.770028367699931
          Encrypted:false
          SSDEEP:6:SlSyEtJLlpuoo6dmoChFflD/LoChF+3v6xH5oCh++3vflm6PYv:4EnLzu8IPflD/ne3v6Tl3vflm6q
          MD5:8261689A45FB754158B10B044BDC4965
          SHA1:6FFC9B16A0600D9BC457322F1316BC175309C6CA
          SHA-256:D05948D75C06669ADDB9708BC5FB48E6B651D4E62EF1B327EF8A3F605FD5271C
          SHA-512:0321A5C17B3E33FDE9480AC6014B373D1663219D0069388920D277AA61341B8293883517C900030177FF82D65340E6C9E3ED051B27708DD093055E3BE64B2AF3
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset ms_MY DATE_FORMAT "%A %d %b %Y". ::msgcat::mcset ms_MY TIME_FORMAT_12 "%I:%M:%S %z". ::msgcat::mcset ms_MY DATE_TIME_FORMAT "%A %d %b %Y %I:%M:%S %z %z".}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\mt.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):690
          Entropy (8bit):4.48913642143724
          Encrypted:false
          SSDEEP:12:4EnLzu8+YmWjjRgWfjxBTo4erxy1IGZzNN+3v6amK3vZsq:4azu8+YZjjRXbfNedy1IG5N6vjmsvGq
          MD5:CE7E67A03ED8C3297C6A5B634B55D144
          SHA1:3DA5ACC0F52518541810E7F2FE57751955E12BDA
          SHA-256:D115718818E3E3367847CE35BB5FF0361D08993D9749D438C918F8EB87AD8814
          SHA-512:3754AA7B7D27A813C6113D2AA834A951FED1B81E4DACE22C81E0583F29BBC73C014697F39A2067DEC622D98EACD70D26FD40F80CF6D09E1C949F01FADED52C74
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset mt DAYS_OF_WEEK_ABBREV [list \. "\u0126ad"\. "Tne"\. "Tli"\. "Erb"\. "\u0126am"\. "\u0120im"]. ::msgcat::mcset mt MONTHS_ABBREV [list \. "Jan"\. "Fra"\. "Mar"\. "Apr"\. "Mej"\. "\u0120un"\. "Lul"\. "Awi"\. "Set"\. "Ott"\. "Nov"]. ::msgcat::mcset mt BCE "QK". ::msgcat::mcset mt CE "". ::msgcat::mcset mt DATE_FORMAT "%A, %e ta %B, %Y". ::msgcat::mcset mt TIME_FORMAT_12 "%l:%M:%S %P". ::msgcat::mcset mt DATE_TIME_FORMAT "%A, %e ta %B, %Y %l:%M:%S %P %z".}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\nb.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1157
          Entropy (8bit):4.24006506188001
          Encrypted:false
          SSDEEP:24:4azu8CKEj4/xasSpfiTBtHQT1V/W3WNfvZv3l:46KU/0s2iTeVOiHN1
          MD5:D5509ABF5CBFB485C20A26FCC6B1783E
          SHA1:53A298FBBF09AE2E223B041786443A3D8688C9EB
          SHA-256:BC401889DD934C49D10D99B471441BE2B536B1722739C7B0AB7DE7629680F602
          SHA-512:BDAFBA46EF44151CFD9EF7BC1909210F6DB2BAC20C31ED21AE3BE7EAC785CD4F545C4590CF551C0D066F982E2050F5844BDDC569F32C5804DBDE657F4511A6FE
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset nb DAYS_OF_WEEK_ABBREV [list \. "s\u00f8"\. "ma"\. "ti"\. "on"\. "to"\. "fr"\. "l\u00f8"]. ::msgcat::mcset nb DAYS_OF_WEEK_FULL [list \. "s\u00f8ndag"\. "mandag"\. "tirsdag"\. "onsdag"\. "torsdag"\. "fredag"\. "l\u00f8rdag"]. ::msgcat::mcset nb MONTHS_ABBREV [list \. "jan"\. "feb"\. "mar"\. "apr"\. "mai"\. "jun"\. "jul"\. "aug"\. "sep"\. "okt"\. "nov"\. "des"\. ""]. ::msgcat::mcset nb MONTHS_FULL [list \. "januar"\. "februar"\. "mars"\. "april"\. "mai"\. "juni"\. "juli"\. "august"\. "september"\. "oktober"\. "november"\. "desember"\. ""]. ::msgcat::mcset nb BCE "f.Kr.". ::msgcat::mcset nb CE "e.Kr.".
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\nl.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1079
          Entropy (8bit):4.158523842311663
          Encrypted:false
          SSDEEP:24:4azu84LFiS8LMKZoNfSZTNTQhFCNZvtWvg:46Oi5LMKZASZTEF2Ntgg
          MD5:98820DFF7E1C8A9EAB8C74B0B25DEB5D
          SHA1:5357063D5699188E544D244EC4AEFDDF7606B922
          SHA-256:49128B36B88E380188059C4B593C317382F32E29D1ADC18D58D14D142459A2BB
          SHA-512:26AB945B7BA00433BEC85ACC1D90D1D3B70CE505976CABE1D75A7134E00CD591AC27463987C515EEA079969DBCF200DA9C8538CAAF178A1EE17C9B0284260C45
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset nl DAYS_OF_WEEK_ABBREV [list \. "zo"\. "ma"\. "di"\. "wo"\. "do"\. "vr"\. "za"]. ::msgcat::mcset nl DAYS_OF_WEEK_FULL [list \. "zondag"\. "maandag"\. "dinsdag"\. "woensdag"\. "donderdag"\. "vrijdag"\. "zaterdag"]. ::msgcat::mcset nl MONTHS_ABBREV [list \. "jan"\. "feb"\. "mrt"\. "apr"\. "mei"\. "jun"\. "jul"\. "aug"\. "sep"\. "okt"\. "nov"\. "dec"\. ""]. ::msgcat::mcset nl MONTHS_FULL [list \. "januari"\. "februari"\. "maart"\. "april"\. "mei"\. "juni"\. "juli"\. "augustus"\. "september"\. "oktober"\. "november"\. "december"\. ""]. ::msgcat::mcset nl DATE_FORMAT "%e %B %Y". ::msgcat::mcset nl TIME_FORM
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\nl_be.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):279
          Entropy (8bit):4.817188474504631
          Encrypted:false
          SSDEEP:6:SlSyEtJLlpuoo6dmo4gPI5og9X3vG5og9X3v6X5o49+3vnFDoAov:4EnLzu8WgAhF3v8F3v6JI3v9dy
          MD5:B08E30850CA849068D06A99B4E216892
          SHA1:11B5E95FF4D822E76A1B9C28EEC2BC5E95E5E362
          SHA-256:9CD54EC24CBDBEC5E4FE543DDA8CA95390678D432D33201FA1C32B61F8FE225A
          SHA-512:9AF147C2F22B11115E32E0BFD0126FE7668328E7C67B349A781F42B0022A334E53DDF3FCCC2C34C91BFBB45602A002D0D7B569B5E1FE9F0EE6C4570400CB0B0C
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset nl_BE DATE_FORMAT "%d-%m-%y". ::msgcat::mcset nl_BE TIME_FORMAT "%T". ::msgcat::mcset nl_BE TIME_FORMAT_12 "%T". ::msgcat::mcset nl_BE DATE_TIME_FORMAT "%a %d %b %Y %T %z".}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\nn.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1148
          Entropy (8bit):4.207752506572597
          Encrypted:false
          SSDEEP:24:4azu8eNsP2/xhsSpf2TBtHQT15j63WN7v9v3l:46it/vs22Te5OiL51
          MD5:2266607EF358B632696C7164E61358B5
          SHA1:A380863A8320DAB1D5A2D60C22ED5F7DB5C7BAF7
          SHA-256:5EE93A8C245722DEB64B68EFF50C081F24DA5DE43D999C006A10C484E1D3B4ED
          SHA-512:2A8DEF754A25736D14B958D8B0CEA0DC41C402A9EFA25C9500BA861A7E8D74C79939C1969AC694245605C17D33AD3984F6B9ACCA4BE03EFC41A878772BB5FD86
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset nn DAYS_OF_WEEK_ABBREV [list \. "su"\. "m\u00e5"\. "ty"\. "on"\. "to"\. "fr"\. "lau"]. ::msgcat::mcset nn DAYS_OF_WEEK_FULL [list \. "sundag"\. "m\u00e5ndag"\. "tysdag"\. "onsdag"\. "torsdag"\. "fredag"\. "laurdag"]. ::msgcat::mcset nn MONTHS_ABBREV [list \. "jan"\. "feb"\. "mar"\. "apr"\. "mai"\. "jun"\. "jul"\. "aug"\. "sep"\. "okt"\. "nov"\. "des"\. ""]. ::msgcat::mcset nn MONTHS_FULL [list \. "januar"\. "februar"\. "mars"\. "april"\. "mai"\. "juni"\. "juli"\. "august"\. "september"\. "oktober"\. "november"\. "desember"\. ""]. ::msgcat::mcset nn BCE "f.Kr.". ::msgcat::mcset nn CE "e.Kr.". ::msgca
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\pl.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1211
          Entropy (8bit):4.392723231340452
          Encrypted:false
          SSDEEP:12:4EnLzu854moKR4mtPoTckd8EnO6z3K4jwxI1LRhtm3ni8FwxIBgdE4RsMZmB0CLs:4azu8yNgyJxPEyRhonO+AjTg0Okvpvn
          MD5:31A9133E9DCA7751B4C3451D60CCFFA0
          SHA1:FB97A5830965716E77563BE6B7EB1C6A0EA6BF40
          SHA-256:C39595DDC0095EB4AE9E66DB02EE175B31AC3DA1F649EB88FA61B911F838F753
          SHA-512:329EE7FE79783C83361A0C5FFFD7766B64B8544D1AD63C57AEAA2CC6A526E01D9C4D7765C73E88F86DAE57477459EA330A0C42F39E441B50DE9B0F429D01EAE8
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset pl DAYS_OF_WEEK_ABBREV [list \. "N"\. "Pn"\. "Wt"\. "\u015ar"\. "Cz"\. "Pt"\. "So"]. ::msgcat::mcset pl DAYS_OF_WEEK_FULL [list \. "niedziela"\. "poniedzia\u0142ek"\. "wtorek"\. "\u015broda"\. "czwartek"\. "pi\u0105tek"\. "sobota"]. ::msgcat::mcset pl MONTHS_ABBREV [list \. "sty"\. "lut"\. "mar"\. "kwi"\. "maj"\. "cze"\. "lip"\. "sie"\. "wrz"\. "pa\u017a"\. "lis"\. "gru"\. ""]. ::msgcat::mcset pl MONTHS_FULL [list \. "stycze\u0144"\. "luty"\. "marzec"\. "kwiecie\u0144"\. "maj"\. "czerwiec"\. "lipiec"\. "sierpie\u0144"\. "wrzesie\u0144"\. "pa\u017adziernik"\. "listopad"\. "grudzie\u0144"\. ""]. ::msgcat::m
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\pt.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1127
          Entropy (8bit):4.325163993882846
          Encrypted:false
          SSDEEP:24:4azu8pYpzzktTYyUgC0CIKjblie5f9kwAAs+CFsFoD6GADvtU6svO:46dCzWTh2AA9/2F4oD6GAztU6KO
          MD5:D827F76D1ED6CB89839CAC2B56FD7252
          SHA1:140D6BC1F6CEF5FD0A390B3842053BF54B54B4E2
          SHA-256:9F2BFFA3B4D8783B2CFB2CED9CC4319ACF06988F61829A1E5291D55B19854E88
          SHA-512:B662336699E23E371F0148EDD742F71874A7A28DFA81F0AFAE91C8C9494CEA1904FEA0C21264CF2A253E0FB1360AD35B28CFC4B74E4D7B2DBB0E453E96F7EB93
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset pt DAYS_OF_WEEK_ABBREV [list \. "Dom"\. "Seg"\. "Ter"\. "Qua"\. "Qui"\. "Sex"\. "S\u00e1b"]. ::msgcat::mcset pt DAYS_OF_WEEK_FULL [list \. "Domingo"\. "Segunda-feira"\. "Ter\u00e7a-feira"\. "Quarta-feira"\. "Quinta-feira"\. "Sexta-feira"\. "S\u00e1bado"]. ::msgcat::mcset pt MONTHS_ABBREV [list \. "Jan"\. "Fev"\. "Mar"\. "Abr"\. "Mai"\. "Jun"\. "Jul"\. "Ago"\. "Set"\. "Out"\. "Nov"\. "Dez"\. ""]. ::msgcat::mcset pt MONTHS_FULL [list \. "Janeiro"\. "Fevereiro"\. "Mar\u00e7o"\. "Abril"\. "Maio"\. "Junho"\. "Julho"\. "Agosto"\. "Setembro"\. "Outubro"\. "Novembro"\. "Dezembro"\. ""]. ::msgcat::mcset pt DATE_FO
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\pt_br.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):279
          Entropy (8bit):4.8127929329126085
          Encrypted:false
          SSDEEP:6:SlSyEtJLlpuoo6dmofm6GPWHFLofAW3vG5ofAW3v6X5ofm6T+3vnFDoAov:4EnLzu8hNGgF493vr93v6uNK3v9dy
          MD5:4EE34960147173A12020A583340E92F8
          SHA1:78D91A80E2426A84BC88EE97DA28EC0E4BE8DE45
          SHA-256:E383B20484EE90C00054D52DD5AF473B2AC9DC50C14D459A579EF5F44271D256
          SHA-512:EDFF8FB9A86731FFF005AFBBBB522F69B2C6033F59ECCD5E35A8B6A9E0F9AF23C52FFDCC22D893915AD1854E8104C81DA8C5BD8C794C7E645AFB82001B4BFC24
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset pt_BR DATE_FORMAT "%d-%m-%Y". ::msgcat::mcset pt_BR TIME_FORMAT "%T". ::msgcat::mcset pt_BR TIME_FORMAT_12 "%T". ::msgcat::mcset pt_BR DATE_TIME_FORMAT "%a %d %b %Y %T %z".}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\ro.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1172
          Entropy (8bit):4.279005910896047
          Encrypted:false
          SSDEEP:24:4azu8/0oFUBZNk1Mkp3pFukZEoVYfPcF+T1vWFMvUvWI3:46kNkKkpLEoSfPcFgvWFqSWI3
          MD5:0F5C8A7022DB1203442241ABEB5901FF
          SHA1:C54C8BF05E8E6C2C0901D3C88C89DDCF35A26924
          SHA-256:D2E14BE188350D343927D5380EB5672039FE9A37E9A9957921B40E4619B36027
          SHA-512:13ACF499FA803D4446D8EC67119BC8257B1F093084B83D854643CEA918049F96C8FA08DC5F896EECA80A5FD552D90E5079937B1A3894D89A589E468172856163
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset ro DAYS_OF_WEEK_ABBREV [list \. "D"\. "L"\. "Ma"\. "Mi"\. "J"\. "V"\. "S"]. ::msgcat::mcset ro DAYS_OF_WEEK_FULL [list \. "duminic\u0103"\. "luni"\. "mar\u0163i"\. "miercuri"\. "joi"\. "vineri"\. "s\u00eemb\u0103t\u0103"]. ::msgcat::mcset ro MONTHS_ABBREV [list \. "Ian"\. "Feb"\. "Mar"\. "Apr"\. "Mai"\. "Iun"\. "Iul"\. "Aug"\. "Sep"\. "Oct"\. "Nov"\. "Dec"\. ""]. ::msgcat::mcset ro MONTHS_FULL [list \. "ianuarie"\. "februarie"\. "martie"\. "aprilie"\. "mai"\. "iunie"\. "iulie"\. "august"\. "septembrie"\. "octombrie"\. "noiembrie"\. "decembrie"\. ""]. ::msgcat::mcset ro BCE "d.C.". ::msgcat::mcset ro CE
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\ru.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):2039
          Entropy (8bit):4.225775794669275
          Encrypted:false
          SSDEEP:48:46CpQ7kvicQfAQPlQoBBCZAitBmZ/QhQoQaQPTeQgQonQ4FQEWFkt3Wd:hCpgkvzRo6QBw53weFHXFgIGd
          MD5:3A7181CE08259FF19D2C27CF8C6752B3
          SHA1:97DFFB1E224CEDB5427841C3B59F85376CD4423B
          SHA-256:C2A3A0BE5BC5A46A6A63C4DE34E317B402BAD40C22FB2936E1A4F53C1E2F625F
          SHA-512:CC9620BA4601E53B22CCFC66A0B53C26224158379DF6BA2D4704A2FE11222DFBDAE3CA9CF51576B4084B8CCA8DB13FDE81396E38F94BCD0C8EA21C5D77680394
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset ru DAYS_OF_WEEK_ABBREV [list \. "\u0412\u0441"\. "\u041f\u043d"\. "\u0412\u0442"\. "\u0421\u0440"\. "\u0427\u0442"\. "\u041f\u0442"\. "\u0421\u0431"]. ::msgcat::mcset ru DAYS_OF_WEEK_FULL [list \. "\u0432\u043e\u0441\u043a\u0440\u0435\u0441\u0435\u043d\u044c\u0435"\. "\u043f\u043e\u043d\u0435\u0434\u0435\u043b\u044c\u043d\u0438\u043a"\. "\u0432\u0442\u043e\u0440\u043d\u0438\u043a"\. "\u0441\u0440\u0435\u0434\u0430"\. "\u0447\u0435\u0442\u0432\u0435\u0440\u0433"\. "\u043f\u044f\u0442\u043d\u0438\u0446\u0430"\. "\u0441\u0443\u0431\u0431\u043e\u0442\u0430"]. ::msgcat::mcset ru MONTHS_ABBREV [list \. "\u044f\u043d\u0432"\. "\u0444\u0435\u0432"\. "\u043c\u0430\u0440"\. "\u0430\u043f\u0440"\. "\u043c\u0430\u0439"\. "\u0438\u044e\u043d"\. "\u0438\u
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\ru_ua.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):242
          Entropy (8bit):4.8961185447535
          Encrypted:false
          SSDEEP:6:SlSyEtJLlpuoo6dmoVAgWFLoVY9X3vtfNrFLoVA9+3vW6Q9:4EnLzu8DFWFgaX3vtNS/3vWH9
          MD5:E719F47462123A8E7DABADD2D362B4D8
          SHA1:332E4CC96E7A01DA7FB399EA14770A5C5185B9F2
          SHA-256:AE5D3DF23F019455F3EDFC3262AAC2B00098881F09B9A934C0D26C0AB896700C
          SHA-512:93C19D51B633A118AB0D172C5A0991E5084BD54B2E61469D800F80B251A57BD1392BA66FD627586E75B1B075A7C9C2C667654F5783C423819FBDEA640A210BFA
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset ru_UA DATE_FORMAT "%d.%m.%Y". ::msgcat::mcset ru_UA TIME_FORMAT "%k:%M:%S". ::msgcat::mcset ru_UA DATE_TIME_FORMAT "%d.%m.%Y %k:%M:%S %z".}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\sh.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1160
          Entropy (8bit):4.287536872407747
          Encrypted:false
          SSDEEP:24:4azu8YYy/FY+Cnwj4EbJK5O9g+tQhgQmy/L6GWGvtlMsvWT9:46al4ETw/rWQtVWh
          MD5:C7BBD44BD3C30C6116A15C77B15F8E79
          SHA1:37CD1477A3318838E8D5C93D596A23F99C8409F2
          SHA-256:00F119701C9F3EBA273701A6A731ADAFD7B8902F6BCCF34E61308984456E193A
          SHA-512:DAFBDA53CF6AD57A4F6A078E9EF8ED3CACF2F8809DC2AEFB812A4C3ACCD51D954C52079FA26828D670BF696E14989D3FE3C249F1E612B7C759770378919D8BBC
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset sh DAYS_OF_WEEK_ABBREV [list \. "Ned"\. "Pon"\. "Uto"\. "Sre"\. "\u010cet"\. "Pet"\. "Sub"]. ::msgcat::mcset sh DAYS_OF_WEEK_FULL [list \. "Nedelja"\. "Ponedeljak"\. "Utorak"\. "Sreda"\. "\u010cetvrtak"\. "Petak"\. "Subota"]. ::msgcat::mcset sh MONTHS_ABBREV [list \. "Jan"\. "Feb"\. "Mar"\. "Apr"\. "Maj"\. "Jun"\. "Jul"\. "Avg"\. "Sep"\. "Okt"\. "Nov"\. "Dec"\. ""]. ::msgcat::mcset sh MONTHS_FULL [list \. "Januar"\. "Februar"\. "Mart"\. "April"\. "Maj"\. "Juni"\. "Juli"\. "Avgust"\. "Septembar"\. "Oktobar"\. "Novembar"\. "Decembar"\. ""]. ::msgcat::mcset sh BCE "p. n. e.". ::msgcat::mcset sh CE "n. e."
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\sk.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1203
          Entropy (8bit):4.335103779497533
          Encrypted:false
          SSDEEP:24:4azu834j4PV3sSAT3fk3TEJbAT3T1cPyF3eYuCvte/v3eG:46TUG3sPk3TEkcPyFpuEtenJ
          MD5:B2EF88014D274C8001B36739F5F566CE
          SHA1:1044145C1714FD44D008B13A31BC778DFBE47950
          SHA-256:043DECE6EA7C83956B3300B95F8A0E92BADAA8FC29D6C510706649D1D810679A
          SHA-512:820EB42D94BEE21FDB990FC27F7900CF676AFC59520F3EE78FB72D6D7243A17A234D4AE964E5D52AD7CBC7DD9A593F672BAD8A80EC48B25B344AA6950EF52ECF
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset sk DAYS_OF_WEEK_ABBREV [list \. "Ne"\. "Po"\. "Ut"\. "St"\. "\u0160t"\. "Pa"\. "So"]. ::msgcat::mcset sk DAYS_OF_WEEK_FULL [list \. "Nede\u013ee"\. "Pondelok"\. "Utorok"\. "Streda"\. "\u0160tvrtok"\. "Piatok"\. "Sobota"]. ::msgcat::mcset sk MONTHS_ABBREV [list \. "jan"\. "feb"\. "mar"\. "apr"\. "m\u00e1j"\. "j\u00fan"\. "j\u00fal"\. "aug"\. "sep"\. "okt"\. "nov"\. "dec"\. ""]. ::msgcat::mcset sk MONTHS_FULL [list \. "janu\u00e1r"\. "febru\u00e1r"\. "marec"\. "apr\u00edl"\. "m\u00e1j"\. "j\u00fan"\. "j\u00fal"\. "august"\. "september"\. "okt\u00f3ber"\. "november"\. "december"\. ""]. ::msgcat::mcset sk BCE
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\sl.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1164
          Entropy (8bit):4.26110325084843
          Encrypted:false
          SSDEEP:24:4azu8PyUpd4+RfscasS9CErTByism1KSCvt1vJo6:462U/ENsqrTtVEtRx
          MD5:2566BDE28B17C526227634F1B4FC7047
          SHA1:BE6940EC9F4C5E228F043F9D46A42234A02F4A03
          SHA-256:BD488C9D791ABEDF698B66B768E2BF24251FFEAF06F53FB3746CAB457710FF77
          SHA-512:CC684BFC82CA55240C5B542F3F63E0FF43AEF958469B3978E414261BC4FADB50A0AE3554CF2468AC88E4DDB70D2258296C0A2FBB69312223EED56C7C03FEC17C
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset sl DAYS_OF_WEEK_ABBREV [list \. "Ned"\. "Pon"\. "Tor"\. "Sre"\. "\u010cet"\. "Pet"\. "Sob"]. ::msgcat::mcset sl DAYS_OF_WEEK_FULL [list \. "Nedelja"\. "Ponedeljek"\. "Torek"\. "Sreda"\. "\u010cetrtek"\. "Petek"\. "Sobota"]. ::msgcat::mcset sl MONTHS_ABBREV [list \. "jan"\. "feb"\. "mar"\. "apr"\. "maj"\. "jun"\. "jul"\. "avg"\. "sep"\. "okt"\. "nov"\. "dec"\. ""]. ::msgcat::mcset sl MONTHS_FULL [list \. "januar"\. "februar"\. "marec"\. "april"\. "maj"\. "junij"\. "julij"\. "avgust"\. "september"\. "oktober"\. "november"\. "december"\. ""]. ::msgcat::mcset sl BCE "pr.n.\u0161.". ::msgcat::mcset sl CE "p
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\sq.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1267
          Entropy (8bit):4.339253133089184
          Encrypted:false
          SSDEEP:24:4azu82qJw7W5wO6jwbNU7FtHhoJCLov4v2:46iWrvGtBo6+O2
          MD5:931A009F7E8A376972DE22AD5670EC88
          SHA1:44AEF01F568250851099BAA8A536FBBACD3DEBBB
          SHA-256:CB27007E138315B064576C17931280CFE6E6929EFC3DAFD7171713D204CFC3BF
          SHA-512:47B230271CD362990C581CD6C06B0BCEA23E10E03D927C7C28415739DB3541D69D1B87DF554E9B4F00ECCAAB0F6AC0565F9EB0DEA8B75C54A90B2D53C928D379
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset sq DAYS_OF_WEEK_ABBREV [list \. "Die"\. "H\u00ebn"\. "Mar"\. "M\u00ebr"\. "Enj"\. "Pre"\. "Sht"]. ::msgcat::mcset sq DAYS_OF_WEEK_FULL [list \. "e diel"\. "e h\u00ebn\u00eb"\. "e mart\u00eb"\. "e m\u00ebrkur\u00eb"\. "e enjte"\. "e premte"\. "e shtun\u00eb"]. ::msgcat::mcset sq MONTHS_ABBREV [list \. "Jan"\. "Shk"\. "Mar"\. "Pri"\. "Maj"\. "Qer"\. "Kor"\. "Gsh"\. "Sht"\. "Tet"\. "N\u00ebn"\. "Dhj"\. ""]. ::msgcat::mcset sq MONTHS_FULL [list \. "janar"\. "shkurt"\. "mars"\. "prill"\. "maj"\. "qershor"\. "korrik"\. "gusht"\. "shtator"\. "tetor"\. "n\u00ebntor"\. "dhjetor"\. ""]. ::msgcat::mcset sq BCE "p.e.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\sr.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):2035
          Entropy (8bit):4.24530896413441
          Encrypted:false
          SSDEEP:48:46qoQCSdQqQP4QSsIVKP10NupiuQxQaQLlKnM28nGtfR:hjIX15VKP6NmBU3YKnFbp
          MD5:5CA16D93718AAA813ADE746440CF5CE6
          SHA1:A142733052B87CA510B8945256399CE9F873794C
          SHA-256:313E8CDBBC0288AED922B9927A7331D0FAA2E451D4174B1F5B76C5C9FAEC8F9B
          SHA-512:4D031F9BA75D45EC89B2C74A870CCDA41587650D7F9BC91395F68B70BA3CD7A7105E70C19D139D20096533E06F5787C00EA850E27C4ADCF5A28572480D39B639
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset sr DAYS_OF_WEEK_ABBREV [list \. "\u041d\u0435\u0434"\. "\u041f\u043e\u043d"\. "\u0423\u0442\u043e"\. "\u0421\u0440\u0435"\. "\u0427\u0435\u0442"\. "\u041f\u0435\u0442"\. "\u0421\u0443\u0431"]. ::msgcat::mcset sr DAYS_OF_WEEK_FULL [list \. "\u041d\u0435\u0434\u0435\u0459\u0430"\. "\u041f\u043e\u043d\u0435\u0434\u0435\u0459\u0430\u043a"\. "\u0423\u0442\u043e\u0440\u0430\u043a"\. "\u0421\u0440\u0435\u0434\u0430"\. "\u0427\u0435\u0442\u0432\u0440\u0442\u0430\u043a"\. "\u041f\u0435\u0442\u0430\u043a"\. "\u0421\u0443\u0431\u043e\u0442\u0430"]. ::msgcat::mcset sr MONTHS_ABBREV [list \. "\u0408\u0430\u043d"\. "\u0424\u0435\u0431"\. "\u041c\u0430\u0440"\. "\u0410\u043f\u0440"\. "\u041c\u0430\u0458"\. "\u0408\u0443\u043d"\. "\u0408\u0443\u043b"\.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\sv.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1167
          Entropy (8bit):4.2825791311526515
          Encrypted:false
          SSDEEP:24:4azu8JLmAQVm/xTsS9CfxTlijQkcjKxFvivn:46hVQc/psJxT8kyhkn
          MD5:496D9183E2907199056CA236438498E1
          SHA1:D9C3BB4AEBD9BFD942593694E796A8C2FB9217B8
          SHA-256:4F32E1518BE3270F4DB80136FAC0031C385DD3CE133FAA534F141CF459C6113A
          SHA-512:FA7FDEDDC42C36D0A60688CDBFE9A2060FE6B2644458D1EBFC817F1E5D5879EB3E3C78B5E53E9D3F42E2E4D84C93C4A7377170986A437EFF404F310D1D72F135
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset sv DAYS_OF_WEEK_ABBREV [list \. "s\u00f6"\. "m\u00e5"\. "ti"\. "on"\. "to"\. "fr"\. "l\u00f6"]. ::msgcat::mcset sv DAYS_OF_WEEK_FULL [list \. "s\u00f6ndag"\. "m\u00e5ndag"\. "tisdag"\. "onsdag"\. "torsdag"\. "fredag"\. "l\u00f6rdag"]. ::msgcat::mcset sv MONTHS_ABBREV [list \. "jan"\. "feb"\. "mar"\. "apr"\. "maj"\. "jun"\. "jul"\. "aug"\. "sep"\. "okt"\. "nov"\. "dec"\. ""]. ::msgcat::mcset sv MONTHS_FULL [list \. "januari"\. "februari"\. "mars"\. "april"\. "maj"\. "juni"\. "juli"\. "augusti"\. "september"\. "oktober"\. "november"\. "december"\. ""]. ::msgcat::mcset sv BCE "f.Kr.". ::msgcat::mcset sv C
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\sw.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):991
          Entropy (8bit):4.024338627988864
          Encrypted:false
          SSDEEP:12:4EnLzu8r4mc4Go/4mtVfqRvodJ3fjESBToOqe3lHvFgdF6A3ixTZ6OM5mSYoC6Vy:4azu88kGDiq1qhbJ75V9gZSpgmSm9
          MD5:4DB24BA796D86ADF0441D2E75DE0C07E
          SHA1:9935B36FF2B1C6DFDE3EC375BC471A0E93D1F7E3
          SHA-256:6B5AB8AE265DB436B15D32263A8870EC55C7C0C07415B3F9BAAC37F73BC704E5
          SHA-512:BE7ED0559A73D01537A1E51941ED19F0FEC3F14F9527715CB119E89C97BD31CC6102934B0349D8D0554F5EDD9E3A02978F7DE4919C000A77BD353F7033A4A95B
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset sw DAYS_OF_WEEK_ABBREV [list \. "Jpi"\. "Jtt"\. "Jnn"\. "Jtn"\. "Alh"\. "Iju"\. "Jmo"]. ::msgcat::mcset sw DAYS_OF_WEEK_FULL [list \. "Jumapili"\. "Jumatatu"\. "Jumanne"\. "Jumatano"\. "Alhamisi"\. "Ijumaa"\. "Jumamosi"]. ::msgcat::mcset sw MONTHS_ABBREV [list \. "Jan"\. "Feb"\. "Mar"\. "Apr"\. "Mei"\. "Jun"\. "Jul"\. "Ago"\. "Sep"\. "Okt"\. "Nov"\. "Des"\. ""]. ::msgcat::mcset sw MONTHS_FULL [list \. "Januari"\. "Februari"\. "Machi"\. "Aprili"\. "Mei"\. "Juni"\. "Julai"\. "Agosti"\. "Septemba"\. "Oktoba"\. "Novemba"\. "Desemba"\. ""]. ::msgcat::mcset sw BCE "KK". ::msgcat::mcset sw CE "BK".}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\ta.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1835
          Entropy (8bit):4.018233695396
          Encrypted:false
          SSDEEP:24:4azu83w0xn8dnzhmmlmYgtg+CKf6CO5ztFSLt8tCtGtv+CKf6CO5ztFSLt8tCtNu:46k0dgmmlmYgtE/t1H
          MD5:2D9C969318D1740049D28EBBD4F62C1D
          SHA1:121665081AFC33DDBCF679D7479BF0BC47FEF716
          SHA-256:30A142A48E57F194ECC3AA9243930F3E6E1B4E8B331A8CDD2705EC9C280DCCBB
          SHA-512:7C32907C39BFB89F558692535041B2A7FA18A64E072F5CF9AB95273F3AC5A7C480B4F953B13484A07AA4DA822613E27E78CC7B02ACE7A61E58FDB5507D7579C3
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset ta DAYS_OF_WEEK_FULL [list \. "\u0b9e\u0bbe\u0baf\u0bbf\u0bb1\u0bc1"\. "\u0ba4\u0bbf\u0b99\u0bcd\u0b95\u0bb3\u0bcd"\. "\u0b9a\u0bc6\u0bb5\u0bcd\u0bb5\u0bbe\u0baf\u0bcd"\. "\u0baa\u0bc1\u0ba4\u0ba9\u0bcd"\. "\u0bb5\u0bbf\u0baf\u0bbe\u0bb4\u0ba9\u0bcd"\. "\u0bb5\u0bc6\u0bb3\u0bcd\u0bb3\u0bbf"\. "\u0b9a\u0ba9\u0bbf"]. ::msgcat::mcset ta MONTHS_ABBREV [list \. "\u0b9c\u0ba9\u0bb5\u0bb0\u0bbf"\. "\u0baa\u0bc6\u0baa\u0bcd\u0bb0\u0bb5\u0bb0\u0bbf"\. "\u0bae\u0bbe\u0bb0\u0bcd\u0b9a\u0bcd"\. "\u0b8f\u0baa\u0bcd\u0bb0\u0bb2\u0bcd"\. "\u0bae\u0bc7"\. "\u0b9c\u0bc2\u0ba9\u0bcd"\. "\u0b9c\u0bc2\u0bb2\u0bc8"\. "\u0b86\u0b95\u0bb8\u0bcd\u0b9f\u0bcd"\. "\u0b9a\u0bc6\u0baa\u0bcd\u0b9f\u0bae\u0bcd\u0baa\u0bb0\u0bcd"\. "\u0b85\u0b95\u0bcd\u0b9f\u0bcb\u0baa\u0bb0\u0bcd"\. "\u0ba8\u0bb
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\ta_in.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):251
          Entropy (8bit):4.815592015875268
          Encrypted:false
          SSDEEP:6:SlSyEtJLlpuoo6dmosDv+9/LosK3v6rZosDo+3v+6f6HK:4EnLzu8eDvWbK3v6r5DF3vmq
          MD5:293456B39BE945C55536A5DD894787F0
          SHA1:94DEF0056C7E3082E58266BCE436A61C045EA394
          SHA-256:AA57D5FB5CC3F59EC6A3F99D7A5184403809AA3A3BC02ED0842507D4218B683D
          SHA-512:AB763F2932F2FF48AC18C8715F661F7405607E1818B53E0D0F32184ABE67714F03A39A9D0637D0D93CE43606C3E1D702D2A3F8660C288F61DFE852747B652B59
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset ta_IN DATE_FORMAT "%d %M %Y". ::msgcat::mcset ta_IN TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset ta_IN DATE_TIME_FORMAT "%d %M %Y %I:%M:%S %P %z".}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\te.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):2102
          Entropy (8bit):4.034298184367717
          Encrypted:false
          SSDEEP:48:46x9mcib30Rgu1je5YdnULEP8l1je5YdnULEPt:hnIb39ufbufV
          MD5:0B9B124076C52A503A906059F7446077
          SHA1:F43A0F6CCBDDBDD5EA140C7FA55E9A82AB910A03
          SHA-256:42C34D02A6079C4D0D683750B3809F345637BC6D814652C3FB0B344B66B70C79
          SHA-512:234B9ACA1823D1D6B82583727B4EA68C014D59916B410CB9B158FA1954B6FC3767A261BD0B9F592AF0663906ADF11C2C9A3CC0A325CB1FF58F42A884AF7CB015
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset te DAYS_OF_WEEK_ABBREV [list \. "\u0c06\u0c26\u0c3f"\. "\u0c38\u0c4b\u0c2e"\. "\u0c2e\u0c02\u0c17\u0c33"\. "\u0c2c\u0c41\u0c27"\. "\u0c17\u0c41\u0c30\u0c41"\. "\u0c36\u0c41\u0c15\u0c4d\u0c30"\. "\u0c36\u0c28\u0c3f"]. ::msgcat::mcset te DAYS_OF_WEEK_FULL [list \. "\u0c06\u0c26\u0c3f\u0c35\u0c3e\u0c30\u0c02"\. "\u0c38\u0c4b\u0c2e\u0c35\u0c3e\u0c30\u0c02"\. "\u0c2e\u0c02\u0c17\u0c33\u0c35\u0c3e\u0c30\u0c02"\. "\u0c2c\u0c41\u0c27\u0c35\u0c3e\u0c30\u0c02"\. "\u0c17\u0c41\u0c30\u0c41\u0c35\u0c3e\u0c30\u0c02"\. "\u0c36\u0c41\u0c15\u0c4d\u0c30\u0c35\u0c3e\u0c30\u0c02"\. "\u0c36\u0c28\u0c3f\u0c35\u0c3e\u0c30\u0c02"]. ::msgcat::mcset te MONTHS_ABBREV [list \. "\u0c1c\u0c28\u0c35\u0c30\u0c3f"\. "\u0c2b\u0c3f\u0c2c\u0c4d\u0c30\u0c35\u0c30\u0c3f"\. "\u0c2e\u0c3e\u0c30\u0c4d\u0c1a\u
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\te_in.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):411
          Entropy (8bit):5.01781242466238
          Encrypted:false
          SSDEEP:12:4EnLzu8CjZWsn0sEjoD0sLvUFS3v6r5F3vMq:4azu84Z1nnEjoDnLvUFEvS5NvMq
          MD5:443E34E2E2BC7CB64A8BA52D99D6B4B6
          SHA1:D323C03747FE68E9B73F7E5C1E10B168A40F2A2F
          SHA-256:88BDAF4B25B684B0320A2E11D3FE77DDDD25E3B17141BD7ED1D63698C480E4BA
          SHA-512:5D8B267530EC1480BF3D571AABC2DA7B4101EACD7FB03B49049709E39D665DD7ACB66FD785BA2B5203DDC54C520434219D2D9974A1E9EE74C659FFAEA6B694E0
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset te_IN AM "\u0c2a\u0c42\u0c30\u0c4d\u0c35\u0c3e\u0c39\u0c4d\u0c28". ::msgcat::mcset te_IN PM "\u0c05\u0c2a\u0c30\u0c3e\u0c39\u0c4d\u0c28". ::msgcat::mcset te_IN DATE_FORMAT "%d/%m/%Y". ::msgcat::mcset te_IN TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset te_IN DATE_TIME_FORMAT "%d/%m/%Y %I:%M:%S %P %z".}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\th.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):2305
          Entropy (8bit):4.324407451316591
          Encrypted:false
          SSDEEP:48:46P4QX/wQT0H/u3rPc8JD57XWWND8QM70xJi53Ljtef:hQ556rVDWZcLOO
          MD5:D145F9DF0E339A2538662BD752F02E16
          SHA1:AFD97F8E8CC14D306DEDD78F8F395738E38A8569
          SHA-256:F9641A6EBE3845CE5D36CED473749F5909C90C52E405F074A6DA817EF6F39867
          SHA-512:E17925057560462F730CF8288856E46FA1F1D2A10B5D4D343257B7687A3855014D5C65B6C85AC55A7C77B8B355DB19F053C74B91DFA7BE7E9F933D9D4DA117F7
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset th DAYS_OF_WEEK_ABBREV [list \. "\u0e2d\u0e32."\. "\u0e08."\. "\u0e2d."\. "\u0e1e."\. "\u0e1e\u0e24."\. "\u0e28."\. "\u0e2a."]. ::msgcat::mcset th DAYS_OF_WEEK_FULL [list \. "\u0e27\u0e31\u0e19\u0e2d\u0e32\u0e17\u0e34\u0e15\u0e22\u0e4c"\. "\u0e27\u0e31\u0e19\u0e08\u0e31\u0e19\u0e17\u0e23\u0e4c"\. "\u0e27\u0e31\u0e19\u0e2d\u0e31\u0e07\u0e04\u0e32\u0e23"\. "\u0e27\u0e31\u0e19\u0e1e\u0e38\u0e18"\. "\u0e27\u0e31\u0e19\u0e1e\u0e24\u0e2b\u0e31\u0e2a\u0e1a\u0e14\u0e35"\. "\u0e27\u0e31\u0e19\u0e28\u0e38\u0e01\u0e23\u0e4c"\. "\u0e27\u0e31\u0e19\u0e40\u0e2a\u0e32\u0e23\u0e4c"]. ::msgcat::mcset th MONTHS_ABBREV [list \. "\u0e21.\u0e04."\. "\u0e01.\u0e1e."\. "\u0e21\u0e35.\u0e04."\. "\u0e40\u0e21.\u0e22."\. "\u0e1e.\u0e04."\. "\u0e21\u0e34.\u0e22."\. "\
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\tr.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1133
          Entropy (8bit):4.32041719596907
          Encrypted:false
          SSDEEP:24:4azu80VAFVsNTib5vk5CfYTnGk65GmogWFLNvoKvWI3:46j8NTgwVTnlSJWFLJvWI3
          MD5:3AFAD9AD82A9C8B754E2FE8FC0094BAB
          SHA1:4EE3E2DF86612DB314F8D3E7214D7BE241AA1A32
          SHA-256:DF7C4BA67457CB47EEF0F5CA8E028FF466ACDD877A487697DC48ECAC7347AC47
          SHA-512:79A6738A97B7DB9CA4AE9A3BA1C3E56BE9AC67E71AE12154FD37A37D78892B6414A49E10E007DE2EB314942DC017B87FAB7C64B74EC9B889DAEBFF9B3B78E644
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset tr DAYS_OF_WEEK_ABBREV [list \. "Paz"\. "Pzt"\. "Sal"\. "\u00c7ar"\. "Per"\. "Cum"\. "Cmt"]. ::msgcat::mcset tr DAYS_OF_WEEK_FULL [list \. "Pazar"\. "Pazartesi"\. "Sal\u0131"\. "\u00c7ar\u015famba"\. "Per\u015fembe"\. "Cuma"\. "Cumartesi"]. ::msgcat::mcset tr MONTHS_ABBREV [list \. "Oca"\. "\u015eub"\. "Mar"\. "Nis"\. "May"\. "Haz"\. "Tem"\. "A\u011fu"\. "Eyl"\. "Eki"\. "Kas"\. "Ara"\. ""]. ::msgcat::mcset tr MONTHS_FULL [list \. "Ocak"\. "\u015eubat"\. "Mart"\. "Nisan"\. "May\u0131s"\. "Haziran"\. "Temmuz"\. "A\u011fustos"\. "Eyl\u00fcl"\. "Ekim"\. "Kas\u0131m"\. "Aral\u0131k"\. ""]. ::msgcat::mcset tr D
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\uk.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):2113
          Entropy (8bit):4.227105489438195
          Encrypted:false
          SSDEEP:48:46+ytFoQAQPHUKPo6eQ4QBuQ0WbQcJeyFQDWZlQD1QbS7XQn1Q7mDaSAJQ7GMLzM:hIpP5tzYhTUhAgEAE+
          MD5:458A38F894B296C83F85A53A92FF8520
          SHA1:CE26187875E334C712FDAB73E6B526247C6FE1CF
          SHA-256:CF2E78EF3322F0121E958098EF5F92DA008344657A73439EAC658CB6BF3D72BD
          SHA-512:3B8730C331CF29EF9DEDBC9D5A53C50D429931B8DA01EE0C20DAE25B995114966DB9BC576BE0696DEC088DB1D88B50DE2C376275AB5251F49F6544E546BBC531
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset uk DAYS_OF_WEEK_ABBREV [list \. "\u043d\u0434"\. "\u043f\u043d"\. "\u0432\u0442"\. "\u0441\u0440"\. "\u0447\u0442"\. "\u043f\u0442"\. "\u0441\u0431"]. ::msgcat::mcset uk DAYS_OF_WEEK_FULL [list \. "\u043d\u0435\u0434\u0456\u043b\u044f"\. "\u043f\u043e\u043d\u0435\u0434\u0456\u043b\u043e\u043a"\. "\u0432\u0456\u0432\u0442\u043e\u0440\u043e\u043a"\. "\u0441\u0435\u0440\u0435\u0434\u0430"\. "\u0447\u0435\u0442\u0432\u0435\u0440"\. "\u043f'\u044f\u0442\u043d\u0438\u0446\u044f"\. "\u0441\u0443\u0431\u043e\u0442\u0430"]. ::msgcat::mcset uk MONTHS_ABBREV [list \. "\u0441\u0456\u0447"\. "\u043b\u044e\u0442"\. "\u0431\u0435\u0440"\. "\u043a\u0432\u0456\u0442"\. "\u0442\u0440\u0430\u0432"\. "\u0447\u0435\u0440\u0432"\. "\u043b\u0438\u043f"\. "\
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\vi.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1421
          Entropy (8bit):4.382223858419589
          Encrypted:false
          SSDEEP:24:4azu8pNu9UT5xDHy2W82yGWnf/oxHFBSWWS1D/avSv16:46Oixzy2IyhwZ17cU16
          MD5:3BD0AB95976D1B80A30547E4B23FD595
          SHA1:B3E5DC095973E46D8808326B2A1FC45046B5267F
          SHA-256:9C69094C0BD52D5AE8448431574EAE8EE4BE31EC2E8602366DF6C6BF4BC89A58
          SHA-512:2A68A7ADC385EDEA02E4558884A24DCC6328CC9F7D459CC03CC9F2D2F58CF6FF2103AD5B45C6D05B7E13F28408C6B05CDDF1DF60E822E5095F86A49052E19E59
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset vi DAYS_OF_WEEK_ABBREV [list \. "Th 2"\. "Th 3"\. "Th 4"\. "Th 5"\. "Th 6"\. "Th 7"\. "CN"]. ::msgcat::mcset vi DAYS_OF_WEEK_FULL [list \. "Th\u01b0\u0301 hai"\. "Th\u01b0\u0301 ba"\. "Th\u01b0\u0301 t\u01b0"\. "Th\u01b0\u0301 n\u0103m"\. "Th\u01b0\u0301 s\u00e1u"\. "Th\u01b0\u0301 ba\u0309y"\. "Chu\u0309 nh\u00e2\u0323t"]. ::msgcat::mcset vi MONTHS_ABBREV [list \. "Thg 1"\. "Thg 2"\. "Thg 3"\. "Thg 4"\. "Thg 5"\. "Thg 6"\. "Thg 7"\. "Thg 8"\. "Thg 9"\. "Thg 10"\. "Thg 11"\. "Thg 12"\. ""]. ::msgcat::mcset vi MONTHS_FULL [list \. "Th\u00e1ng m\u00f4\u0323t"\. "Th\u00e1ng hai"\. "Th\u00e1ng ba"\. "Th\u00e1ng t\u01b0"\. "Th\u00e1ng n\u0103m"\. "Th\u00e1ng s\
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\zh.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text, with very long lines
          Category:dropped
          Size (bytes):3330
          Entropy (8bit):4.469203967086526
          Encrypted:false
          SSDEEP:48:468jDI/Tw71xDqwPqDa8c3FLbYmhyvMDKbW0YGLuoEyzag29dL:hn7wRdNL
          MD5:9C33FFDD4C13D2357AB595EC3BA70F04
          SHA1:A87F20F7A331DEFC33496ECDA50D855C8396E040
          SHA-256:EF81B41EC69F67A394ECE2B3983B67B3D0C8813624C2BFA1D8A8C15B21608AC9
          SHA-512:E31EEE90660236BCD958F3C540F56B2583290BAD6086AE78198A0819A92CF2394C62DE3800FDDD466A8068F4CABDFBCA46A648D419B1D0103381BF428D721B13
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset zh DAYS_OF_WEEK_ABBREV [list \. "\u661f\u671f\u65e5"\. "\u661f\u671f\u4e00"\. "\u661f\u671f\u4e8c"\. "\u661f\u671f\u4e09"\. "\u661f\u671f\u56db"\. "\u661f\u671f\u4e94"\. "\u661f\u671f\u516d"]. ::msgcat::mcset zh DAYS_OF_WEEK_FULL [list \. "\u661f\u671f\u65e5"\. "\u661f\u671f\u4e00"\. "\u661f\u671f\u4e8c"\. "\u661f\u671f\u4e09"\. "\u661f\u671f\u56db"\. "\u661f\u671f\u4e94"\. "\u661f\u671f\u516d"]. ::msgcat::mcset zh MONTHS_ABBREV [list \. "\u4e00\u6708"\. "\u4e8c\u6708"\. "\u4e09\u6708"\. "\u56db\u6708"\. "\u4e94\u6708"\. "\u516d\u6708"\. "\u4e03\u6708"\. "\u516b\u6708"\. "\u4e5d\u6708"\. "\u5341\u6708"\. "\u5341\u4e00\u6708"\. "\u5341\u4e8c\u6708"\. ""]. ::msgcat::mcset zh MONTHS_FULL [list \.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\zh_cn.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):312
          Entropy (8bit):5.1281364096481665
          Encrypted:false
          SSDEEP:6:SlSyEtJLlpuoo6dmoX5HoHJ+3vtfNrFLoHJ+3v6MY+oXa+3vYq9:4EnLzu8d5eJ+3vtNEJ+3v6L1L3vYq9
          MD5:EB94B41551EAAFFA5DF4F406C7ACA3A4
          SHA1:B0553108BDE43AA7ED362E2BFFAF1ABCA1567491
          SHA-256:85F91CF6E316774AA5D0C1ECA85C88E591FD537165BB79929C5E6A1CA99E56C8
          SHA-512:A0980A6F1AD9236647E4F18CC104999DB2C523153E8716FD0CFE57320E906DF80378A5C0CDE132F2C53F160F5304EAF34910D7D1BB5753987D74AFBC0B6F75F3
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset zh_CN DATE_FORMAT "%Y-%m-%e". ::msgcat::mcset zh_CN TIME_FORMAT "%k:%M:%S". ::msgcat::mcset zh_CN TIME_FORMAT_12 "%P%I\u65f6%M\u5206%S\u79d2". ::msgcat::mcset zh_CN DATE_TIME_FORMAT "%Y-%m-%e %k:%M:%S %z".}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\zh_hk.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):752
          Entropy (8bit):4.660158381384211
          Encrypted:false
          SSDEEP:12:4EnLzu8qmDBHZLX+TyW4OU5yPgM9Lz+SC3WwLNMW3v6G3v3Ww+:4azu8qyFOw3WwLrvTv3Ww+
          MD5:D8C6BFBFCE44B6A8A038BA44CB3DB550
          SHA1:FBD609576E65B56EDA67FD8A1801A27B43DB5486
          SHA-256:D123E0B4C2614F680808B58CCA0C140BA187494B2C8BCF8C604C7EB739C70882
          SHA-512:3455145CF5C77FC847909AB1A283452D0C877158616C8AA7BDFFC141B86B2E66F9FF45C3BB6A4A9D758D2F8FFCB1FE919477C4553EFE527C0EDC912EBBCAABCD
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset zh_HK DAYS_OF_WEEK_ABBREV [list \. "\u65e5"\. "\u4e00"\. "\u4e8c"\. "\u4e09"\. "\u56db"\. "\u4e94"\. "\u516d"]. ::msgcat::mcset zh_HK MONTHS_ABBREV [list \. "1\u6708"\. "2\u6708"\. "3\u6708"\. "4\u6708"\. "5\u6708"\. "6\u6708"\. "7\u6708"\. "8\u6708"\. "9\u6708"\. "10\u6708"\. "11\u6708"\. "12\u6708"\. ""]. ::msgcat::mcset zh_HK DATE_FORMAT "%Y\u5e74%m\u6708%e\u65e5". ::msgcat::mcset zh_HK TIME_FORMAT_12 "%P%I:%M:%S". ::msgcat::mcset zh_HK DATE_TIME_FORMAT "%Y\u5e74%m\u6708%e\u65e5 %P%I:%M:%S %z".}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\zh_sg.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):339
          Entropy (8bit):5.020358587042703
          Encrypted:false
          SSDEEP:6:SlSyEtJLlpuoo6dmoOpxoPpSocvNLohX3v6ZhLoh+3v6fJ:4EnLzu8WvNo3v6b3vu
          MD5:E0BC93B8F050D6D80B8173FF4FA4D7B7
          SHA1:231FF1B6F859D0261F15D2422DF09E756CE50CCB
          SHA-256:2683517766AF9DA0D87B7A862DE9ADEA82D9A1454FC773A9E3C1A6D92ABA947A
          SHA-512:8BA6EAC5F71167B83A58B47123ACF7939C348FE2A0CA2F092FE9F60C0CCFB901ADA0E8F2101C282C39BAE86C918390985731A8F66E481F8074732C37CD50727F
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset zh_SG AM "\u4e0a\u5348". ::msgcat::mcset zh_SG PM "\u4e2d\u5348". ::msgcat::mcset zh_SG DATE_FORMAT "%d %B %Y". ::msgcat::mcset zh_SG TIME_FORMAT_12 "%P %I:%M:%S". ::msgcat::mcset zh_SG DATE_TIME_FORMAT "%d %B %Y %P %I:%M:%S %z".}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\msgs\zh_tw.msg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):346
          Entropy (8bit):5.08314435797197
          Encrypted:false
          SSDEEP:6:SlSyEtJLlpuoo6dmoAykaRULH/XRxvBoAyjZRULH5oAyU/G0OZoAyxW3v6ZhLoAR:4EnLzu8I5xEOKRWW3v6w3v8AC
          MD5:9CD17E7F28186E0E71932CC241D1CBB1
          SHA1:AF1EE536AABB8198BA88D3474ED49F76A37E89FF
          SHA-256:D582406C51A3DB1EADF6507C50A1F85740FDA7DA8E27FC1438FEB6242900CB12
          SHA-512:4712DD6A27A09EA339615FC3D17BC8E4CD64FF12B2B8012E01FD4D3E7789263899FA05EDDB77044DC7B7D32B3DC55A52B8320D93499DF9A6799A8E4D07174525
          Malicious:false
          Preview: # created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset zh_TW BCE "\u6c11\u570b\u524d". ::msgcat::mcset zh_TW CE "\u6c11\u570b". ::msgcat::mcset zh_TW DATE_FORMAT "%Y/%m/%e". ::msgcat::mcset zh_TW TIME_FORMAT_12 "%P %I:%M:%S". ::msgcat::mcset zh_TW DATE_TIME_FORMAT "%Y/%m/%e %P %I:%M:%S %z".}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\opt0.4\optparse.tcl
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:Tcl script, ASCII text
          Category:dropped
          Size (bytes):32718
          Entropy (8bit):4.5415166585248645
          Encrypted:false
          SSDEEP:768:UczgW5gzrui4sKDt9C7sGbHMmjJbuQH8A2Q:VgTrrvf7sGbHDFSQH8/Q
          MD5:1A7DF33BC47D63F9CE1D4FF70A974FA3
          SHA1:513EC2215E2124D9A6F6DF2549C1442109E117C0
          SHA-256:C5D74E1C927540A3F524E6B929D0956EFBA0797FB8D55918EF69D27DF57DEDA3
          SHA-512:F671D5A46382EDFBDA49A6EDB9E6CF2D5CEBD83CE4ADD6B717A478D52748332D41DA3743182D4555B801B96A318D29DFC6AC36B32983ADB32D329C24F8A3D713
          Malicious:false
          Preview: # optparse.tcl --.#.# (private) Option parsing package.# Primarily used internally by the safe:: code..#.#.WARNING: This code will go away in a future release.#.of Tcl. It is NOT supported and you should not rely.#.on it. If your code does rely on this package you.#.may directly incorporate this code into your application...package require Tcl 8.2.# When this version number changes, update the pkgIndex.tcl file.# and the install directory in the Makefiles..package provide opt 0.4.6..namespace eval ::tcl {.. # Exported APIs. namespace export OptKeyRegister OptKeyDelete OptKeyError OptKeyParse \. OptProc OptProcArgGiven OptParse \.. Lempty Lget \. Lassign Lvarpop Lvarpop1 Lvarset Lvarincr \. SetMax SetMin...################# Example of use / 'user documentation' ###################.. proc OptCreateTestProc {} {...# Defines ::tcl::OptParseTest as a test proc with parsed arguments..# (can't be defined before the code below is
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\opt0.4\pkgIndex.tcl
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):607
          Entropy (8bit):4.652658850873767
          Encrypted:false
          SSDEEP:12:jHxJRuMopS42wyGlTajUA43KXks4L1GbyvX6VxQ+pBbX:bvRmS42wyGlTah9XkbL7X6VxBB
          MD5:92FF1E42CFC5FECCE95068FC38D995B3
          SHA1:B2E71842F14D5422A9093115D52F19BCCA1BF881
          SHA-256:EB9925A8F0FCC7C2A1113968AB0537180E10C9187B139C8371ADF821C7B56718
          SHA-512:608D436395D055C5449A53208F3869B8793DF267B8476AD31BCDD9659A222797814832720C495D938E34BF7D253FFC3F01A73CC0399C0DFB9C85D2789C7F11C0
          Malicious:false
          Preview: # Tcl package index file, version 1.1.# This file is generated by the "pkg_mkIndex -direct" command.# and sourced either when an application starts up or.# by a "package unknown" script. It invokes the.# "package ifneeded" command to set up package-related.# information so that packages will be loaded automatically.# in response to "package require" commands. When this.# script is sourced, the variable $dir must contain the.# full path name of this file's directory...if {![package vsatisfies [package provide Tcl] 8.2]} {return}.package ifneeded opt 0.4.6 [list source [file join $dir optparse.tcl]].
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\package.tcl
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):22959
          Entropy (8bit):4.836555290409911
          Encrypted:false
          SSDEEP:384:I72oQXm9jcLyBLWueSzvAXMiow90l3NhETrh4NLTluYhoNL3ZAqYi:I72oQXmgyBCqvAcFw2dhOrh4NZVhoN3F
          MD5:55E2DB5DCF8D49F8CD5B7D64FEA640C7
          SHA1:8FDC28822B0CC08FA3569A14A8C96EDCA03BFBBD
          SHA-256:47B6AF117199B1511F6103EC966A58E2FD41F0ABA775C44692B2069F6ED10BAD
          SHA-512:824C210106DE7EAE57A480E3F6E3A5C8FB8AC4BBF0A0A386D576D3EB2A3AC849BDFE638428184056DA9E81767E2B63EFF8E18068A1CF5149C9F8A018F817D3E5
          Malicious:false
          Preview: # package.tcl --.#.# utility procs formerly in init.tcl which can be loaded on demand.# for package management..#.# Copyright (c) 1991-1993 The Regents of the University of California..# Copyright (c) 1994-1998 Sun Microsystems, Inc..#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES..#..namespace eval tcl::Pkg {}..# ::tcl::Pkg::CompareExtension --.#.# Used internally by pkg_mkIndex to compare the extension of a file to a given.# extension. On Windows, it uses a case-insensitive comparison because the.# file system can be file insensitive..#.# Arguments:.# fileName.name of a file whose extension is compared.# ext..(optional) The extension to compare against; you must.#..provide the starting dot..#..Defaults to [info sharedlibextension].#.# Results:.# Returns 1 if the extension matches, 0 otherwise..proc tcl::Pkg::CompareExtension {fileName {ext {}}} {. global tcl_platform. if {$ext eq ""} {set ext
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\parray.tcl
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):816
          Entropy (8bit):4.833285375693491
          Encrypted:false
          SSDEEP:12:TcS2n1RBbgZKaNHaeYFSxYmXqt9IGUafZwXgEImK7k35IpbdELS8/McjbPgnE:TcHn5sZKGkwa/JxfJmRGNc93j7CE
          MD5:FCDAF75995F2CCE0A5D5943E9585590D
          SHA1:A0B1BD4E68DCE1768D3C5E0D3C7B31E28021D3BA
          SHA-256:EBE5A2B4CBBCD7FD3F7A6F76D68D7856301DB01B350C040942A7B806A46E0014
          SHA-512:A632D0169EE3B6E6B7EF73F5FBA4B7897F9491BDB389D78165E297252424546EFB43895D3DD530864B9FCF2ECF5BCE7DA8E55BA5B4F20E23E1E45ADDAF941C11
          Malicious:false
          Preview: # parray:.# Print the contents of a global array on stdout..#.# Copyright (c) 1991-1993 The Regents of the University of California..# Copyright (c) 1994 Sun Microsystems, Inc..#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES..#..proc parray {a {pattern *}} {. upvar 1 $a array. if {![array exists array]} {..return -code error "\"$a\" isn't an array". }. set maxl 0. set names [lsort [array names array $pattern]]. foreach name $names {..if {[string length $name] > $maxl} {.. set maxl [string length $name]..}. }. set maxl [expr {$maxl + [string length $a] + 2}]. foreach name $names {..set nameString [format %s(%s) $a $name]..puts stdout [format "%-*s = %s" $maxl $nameString $array($name)]. }.}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\safe.tcl
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:Tcl script, ASCII text
          Category:dropped
          Size (bytes):33439
          Entropy (8bit):4.750571844372246
          Encrypted:false
          SSDEEP:768:OovFcXxzYqZ1//L2J4lb77BvnthiV0EnoQI4MnNhGQmzY3wKIYkA:OovFcqqZF2J4lb7Rrg0EnoQI4INhGrzu
          MD5:325A573F30C9EA70FD891E85664E662C
          SHA1:6EC3F21EBCFD269847C43891DAD96189FACF20E4
          SHA-256:89B74D2417EB27FEEA32B8666B08D28BC1FFE5DCF1652DBD8799F7555D79C71F
          SHA-512:149FE725A3234A2F8C3EE1B03119440E3CB16586F04451B6E62CED0097B1AD227C97B55F5A66631033A888E860AB61CAF7DDD014696276BC9226D87F15164E2F
          Malicious:false
          Preview: # safe.tcl --.#.# This file provide a safe loading/sourcing mechanism for safe interpreters..# It implements a virtual path mecanism to hide the real pathnames from the.# slave. It runs in a master interpreter and sets up data structure and.# aliases that will be invoked when used from a slave interpreter..#.# See the safe.n man page for details..#.# Copyright (c) 1996-1997 Sun Microsystems, Inc..#.# See the file "license.terms" for information on usage and redistribution of.# this file, and for a DISCLAIMER OF ALL WARRANTIES...#.# The implementation is based on namespaces. These naming conventions are.# followed:.# Private procs starts with uppercase..# Public procs are exported and starts with lowercase.#..# Needed utilities package.package require opt 0.4.1..# Create the safe namespace.namespace eval ::safe {. # Exported API:. namespace export interpCreate interpInit interpConfigure interpDelete \..interpAddToAccessPath interpFindInAccessPath setLogCmd.}..# Helper function to
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tclIndex
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):5415
          Entropy (8bit):4.701682771925196
          Encrypted:false
          SSDEEP:96:esataNULULUVUhU5U1UIUZUJeUpgURUFD15Q0AkU6PkrBkGUjZKspDzmK5SMFTub:eNtEACkiwM3g4ePOiD15Q0AkU6PkrBko
          MD5:E127196E9174B429CC09C040158F6AAB
          SHA1:FF850F5D1BD8EFC1A8CB765FE8221330F0C6C699
          SHA-256:ABF7D9D1E86DE931096C21820BFA4FD70DB1F55005D2DB4AA674D86200867806
          SHA-512:C4B98EBC65E25DF41E6B9A93E16E608CF309FA0AE712578EE4974D84F7F33BCF2A6ED7626E88A343350E13DA0C5C1A88E24A87FCBD44F7DA5983BB3EF036A162
          Malicious:false
          Preview: # Tcl autoload index file, version 2.0.# -*- tcl -*-.# This file is generated by the "auto_mkindex" command.# and sourced to set up indexing information for one or.# more commands. Typically each line is a command that.# sets an element in the auto_index array, where the.# element name is the name of a command and the value is.# a script that loads the command...set auto_index(auto_reset) [list source [file join $dir auto.tcl]].set auto_index(tcl_findLibrary) [list source [file join $dir auto.tcl]].set auto_index(auto_mkindex) [list source [file join $dir auto.tcl]].set auto_index(auto_mkindex_old) [list source [file join $dir auto.tcl]].set auto_index(::auto_mkindex_parser::init) [list source [file join $dir auto.tcl]].set auto_index(::auto_mkindex_parser::cleanup) [list source [file join $dir auto.tcl]].set auto_index(::auto_mkindex_parser::mkindex) [list source [file join $dir auto.tcl]].set auto_index(::auto_mkindex_parser::hook) [list source [file join $dir auto.tcl]].set auto_in
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tm.tcl
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):11633
          Entropy (8bit):4.706526847377957
          Encrypted:false
          SSDEEP:192:CnjVD6gOGFpvXKPrzYkWo55z3ovPvKvaWZPZ9W6TV9ujpZw7K3mQ4auPltqQvu9:CGQvX+XYkn59YvPSvDJTV9174zuPltBC
          MD5:F9ED2096EEA0F998C6701DB8309F95A6
          SHA1:BCDB4F7E3DB3E2D78D25ED4E9231297465B45DB8
          SHA-256:6437BD7040206D3F2DB734FA482B6E79C68BCC950FBA80C544C7F390BA158F9B
          SHA-512:E4FB8F28DC72EA913F79CEDF5776788A0310608236D6607ADC441E7F3036D589FD2B31C446C187EF5827FD37DCAA26D9E94D802513E3BF3300E94DD939695B30
          Malicious:false
          Preview: # -*- tcl -*-.#.# Searching for Tcl Modules. Defines a procedure, declares it as the primary.# command for finding packages, however also uses the former 'package unknown'.# command as a fallback..#.# Locates all possible packages in a directory via a less restricted glob. The.# targeted directory is derived from the name of the requested package, i.e..# the TM scan will look only at directories which can contain the requested.# package. It will register all packages it found in the directory so that.# future requests have a higher chance of being fulfilled by the ifneeded.# database without having to come to us again..#.# We do not remember where we have been and simply rescan targeted directories.# when invoked again. The reasoning is this:.#.# - The only way we get back to the same directory is if someone is trying to.# [package require] something that wasn't there on the first scan..#.# Either.# 1) It is there now: If we rescan, you get it; if not you don't..#.# This co
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\Africa\Abidjan
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):141
          Entropy (8bit):4.951583909886815
          Encrypted:false
          SSDEEP:3:SlEVFRKvJT8QFx52DcsG/kXGm2OHnFvpsYvUdSalHFLd:SlSWB9X52DBGTm2OHnFvmYValHf
          MD5:6FB79707FD3A183F8A3C780CA2669D27
          SHA1:E703AB552B4231827ACD7872364C36C70988E4C0
          SHA-256:A5DC7BFB4F569361D438C8CF13A146CC2641A1A884ACF905BB51DA28FF29A900
          SHA-512:CDD3AD9AFFD246F4DFC40C1699E368FB2924E73928060B1178D298DCDB11DBD0E88BC10ED2FED265F7F7271AC5CCE14A60D65205084E9249154B8D54C2309E52
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit..set TZData(:Africa/Abidjan) {. {-9223372036854775808 -968 0 LMT}. {-1830383032 0 0 GMT}.}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\Africa\Accra
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1393
          Entropy (8bit):3.9087586646312253
          Encrypted:false
          SSDEEP:12:MBp52DUsmdHvdDZxdCjFaEu3MEANKSgI3u2VuTSr0l+pU4Y4Y0gK:cQ9elDZxdCwEu3MEANKSgsrVkvY64Y4
          MD5:FFEDB06126D6DA9F3BECA614428F51E9
          SHA1:2C549D1CF8636541D42BDC56D8E534A222E4642C
          SHA-256:567A0AD3D2C9E356A2E38A76AF4D5C4B8D5B950AF7B648A027FE816ACAE455AE
          SHA-512:E057EA59A47C881C60B2196554C9B24C00CB26345CA7E311B5409F6FBB31EBEDD13C41A4C3B0B68AE8B93F4819158D94610DE795112E77209F391AC31332BA2A
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit..set TZData(:Africa/Accra) {. {-9223372036854775808 -52 0 LMT}. {-1640995148 0 0 GMT}. {-1556841600 1200 1 GMT}. {-1546388400 0 0 GMT}. {-1525305600 1200 1 GMT}. {-1514852400 0 0 GMT}. {-1493769600 1200 1 GMT}. {-1483316400 0 0 GMT}. {-1462233600 1200 1 GMT}. {-1451780400 0 0 GMT}. {-1430611200 1200 1 GMT}. {-1420158000 0 0 GMT}. {-1399075200 1200 1 GMT}. {-1388622000 0 0 GMT}. {-1367539200 1200 1 GMT}. {-1357086000 0 0 GMT}. {-1336003200 1200 1 GMT}. {-1325550000 0 0 GMT}. {-1304380800 1200 1 GMT}. {-1293927600 0 0 GMT}. {-1272844800 1200 1 GMT}. {-1262391600 0 0 GMT}. {-1241308800 1200 1 GMT}. {-1230855600 0 0 GMT}. {-1209772800 1200 1 GMT}. {-1199319600 0 0 GMT}. {-1178150400 1200 1 GMT}. {-1167697200 0 0 GMT}. {-1146614400 1200 1 GMT}. {-1136161200 0 0 GMT}. {-1115078400 1200 1 GMT}. {-1104625200 0 0 GMT}. {-1083542400 1200 1 GMT}. {-1073
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\Africa\Addis_Ababa
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):184
          Entropy (8bit):4.766991307890532
          Encrypted:false
          SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqsVVMMvwVAIgNGExVMSt2DczqIVDcVVMMv:SlSWB9IZaM3y7VcVAIgNTxL2DnaDkr
          MD5:C203A97FC500E408AC841A6A5B21E14E
          SHA1:ED4C4AA578A16EB83220F37199460BFE207D2B44
          SHA-256:3EBC66964609493524809AD0A730FFFF036C38D9AB3770412841F80DFFC717D5
          SHA-512:2F1A4500F49AFD013BCA70089B1E24748D7E45D41F2C9D3D9AFDCC1778E750FFB020D34F622B071E80F80CC0FEFF080E8ACC1E7A8ABE8AD12C0F1A1DAA937FE5
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Nairobi)]} {. LoadTimeZoneFile Africa/Nairobi.}.set TZData(:Africa/Addis_Ababa) $TZData(:Africa/Nairobi).
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\Africa\Algiers
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1041
          Entropy (8bit):4.110061823095588
          Encrypted:false
          SSDEEP:12:MBp52D7AmdHh5PMybVSqSFvvqXFaLSaSxmvWo/fmvCkQ6eW6Xs8QQB1r5Q:cQIefMyb8BF6XFaLSxktf1PW6X4q1K
          MD5:8221A83520B1D3DE02E886CFB1948DE3
          SHA1:0806A0898FDE6F5AE502C64515A1345D71B1F7D2
          SHA-256:5EE3B25676E813D89ED866D03B5C3388567D8307A2A60D1C4A34D938CBADF710
          SHA-512:2B8A837F7CF6DE43DF4072BF4A54226235DA8B8CA78EF55649C7BF133B2E002C614FE7C693004E3B17C25FBCECAAD5CD9B0A8CB0A5D32ADF68EA019203EE8704
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit..set TZData(:Africa/Algiers) {. {-9223372036854775808 732 0 LMT}. {-2486679072 561 0 PMT}. {-1855958961 0 0 WET}. {-1689814800 3600 1 WEST}. {-1680397200 0 0 WET}. {-1665363600 3600 1 WEST}. {-1648342800 0 0 WET}. {-1635123600 3600 1 WEST}. {-1616893200 0 0 WET}. {-1604278800 3600 1 WEST}. {-1585443600 0 0 WET}. {-1574038800 3600 1 WEST}. {-1552266000 0 0 WET}. {-1539997200 3600 1 WEST}. {-1531443600 0 0 WET}. {-956365200 3600 1 WEST}. {-950486400 0 0 WET}. {-942012000 3600 0 CET}. {-812502000 7200 1 CEST}. {-796262400 3600 0 CET}. {-781052400 7200 1 CEST}. {-766630800 3600 0 CET}. {-733280400 0 0 WET}. {-439430400 3600 0 CET}. {-212029200 0 0 WET}. {41468400 3600 1 WEST}. {54774000 0 0 WET}. {231724800 3600 1 WEST}. {246240000 3600 0 CET}. {259545600 7200 1 CEST}. {275274000 3600 0 CET}. {309740400 0 0 WET}. {325468800 3600 1 WEST}. {3418020
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\Africa\Asmara
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):179
          Entropy (8bit):4.750118730136804
          Encrypted:false
          SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqsVVMMvwVAIgNGExVMSt2DcjEUEH+DcVVMMv:SlSWB9IZaM3y7VcVAIgNTxL2DGs+Dkr
          MD5:F8CEC826666174899C038EC9869576ED
          SHA1:4CAA32BB070F31BE919F5A03141711DB22072E2C
          SHA-256:D9C940B3BE2F9E424BC6F69D665C21FBCA7F33789E1FE1D27312C0B38B75E097
          SHA-512:DA890F5A6806AE6774CFC061DFD4AE069F78212AB063287146245692383022AABB3637DEB49C1D512DA3499DC4295541962DAC05729302B3314E7BF306E6CB41
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Nairobi)]} {. LoadTimeZoneFile Africa/Nairobi.}.set TZData(:Africa/Asmara) $TZData(:Africa/Nairobi).
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\Africa\Asmera
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):179
          Entropy (8bit):4.755468133981916
          Encrypted:false
          SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqsVVMMvwVAIgNGExVMSt2DcjAWDcVVMMv:SlSWB9IZaM3y7VcVAIgNTxL2D8Dkr
          MD5:8B5DCBBDB2309381EAA8488E1551655F
          SHA1:65065868620113F759C5D37B89843A334E64D210
          SHA-256:F7C8CEE9FA2A4BF9F41ABA18010236AC4CCD914ACCA9E568C87EDA0503D54014
          SHA-512:B8E61E6D5057CD75D178B292CD19CBCED2A127099D95046A7448438BCC035DE4066FDD637E9055AC3914E4A8EAA1B0123FA0E90E4F7042B2C4551BB009F1D2E9
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Nairobi)]} {. LoadTimeZoneFile Africa/Nairobi.}.set TZData(:Africa/Asmera) $TZData(:Africa/Nairobi).
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\Africa\Bamako
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):179
          Entropy (8bit):4.83500517532947
          Encrypted:false
          SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqss1kvFVAIgNGE4Rvt2DcxAQDcsP:SlSWB9IZaM3y7sYFVAIgNT4tt2DwNDBP
          MD5:FCBE668127DFD81CB0F730C878EB2F1A
          SHA1:F27C9D96A04A12AC7423A60A756732B360D6847D
          SHA-256:6F462C2C5E190EFCA68E882CD61D5F3A8EF4890761376F22E9905B1B1B6FDE9F
          SHA-512:B0E6E4F5B46A84C2D02A0519831B98F336AA79079FF2CB9F290D782335FB4FB39A3453520424ED3761D801B9FBE39228B1D045C40EDD70B29801C26592F9805A
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Abidjan)]} {. LoadTimeZoneFile Africa/Abidjan.}.set TZData(:Africa/Bamako) $TZData(:Africa/Abidjan).
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\Africa\Bangui
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):173
          Entropy (8bit):4.834042129935993
          Encrypted:false
          SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqsGe4FVAIgNGESIRL2Dcx2m/2DcGev:SlSWB9IZaM3y7V4FVAIgNT9L2Dw/2D4v
          MD5:7A017656AB8048BD67250207CA265717
          SHA1:F2BB86BC7B7AB886738A33ADA37C444D6873DB94
          SHA-256:E31F69E16450B91D79798C1064FEA18DE89D5FE343D2DE4A5190BCF15225E69D
          SHA-512:695FA7369341F1F4BC1B629CDAB1666BEFE2E7DB32D75E5038DC17526A3CCE293DB36AFEB0955B06F5834D43AEF140F7A66EC52598444DBE8C8B70429DBE5FC5
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Lagos)]} {. LoadTimeZoneFile Africa/Lagos.}.set TZData(:Africa/Bangui) $TZData(:Africa/Lagos).
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\Africa\Banjul
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):179
          Entropy (8bit):4.839691887198201
          Encrypted:false
          SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqss1kvFVAIgNGE4Rvt2Dcx79FHp4DcsP:SlSWB9IZaM3y7sYFVAIgNT4tt2Dw7J4V
          MD5:149DD4375235B088386A2D187ED03FFB
          SHA1:5E879B778E2AB110AC7815D3D62A607A76AAB93B
          SHA-256:1769E15721DAFF477E655FF7A8491F4954FB2F71496287C6F9ED265FE5588E00
          SHA-512:4F997EDE6F04A89240E0950D605BB43D6814DCCA433F3A75F330FA13EE8729A10D20E9A0AAD6E6912370E350ABD5A65B878B914FCC9A5CA8503E3A5485E57B3E
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Abidjan)]} {. LoadTimeZoneFile Africa/Abidjan.}.set TZData(:Africa/Banjul) $TZData(:Africa/Abidjan).
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\Africa\Bissau
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):169
          Entropy (8bit):4.797400281087303
          Encrypted:false
          SSDEEP:3:SlEVFRKvJT8QFx52Dc5ixXGm2OHGVkevUdSaw7FFFkhSVPVFd:SlSWB9X52D4fm2OHCkeVawBFF2mh
          MD5:BA4959590575031330280A4ADC7017D1
          SHA1:34FBC2AFD2E13575D286062050D98ABC4BF7C7A6
          SHA-256:2C06A94A43AC7F0079E6FE371F0D5A06A7BF23A868AC3B10135BFC4266CD2D4E
          SHA-512:65E6161CB6AF053B53C7ABE1E4CAAD4F40E350D52BADCB95EB37138268D17CF48DDB0CA771F450ECD8E6A57C99BE2E8C2227A28B5C4AF3DE7F6D74F255118F04
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit..set TZData(:Africa/Bissau) {. {-9223372036854775808 -3740 0 LMT}. {-1830380400 -3600 0 -01}. {157770000 0 0 GMT}.}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\Africa\Blantyre
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):178
          Entropy (8bit):4.856245693637169
          Encrypted:false
          SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqsfKGyVAIgNGEjKKW62Dc8ycXp75h4DcfKu:SlSWB9IZaM3y7fYVAIgNTj5W62DAmp1T
          MD5:3F6E187410D0109D05410EFC727FB5E5
          SHA1:CAB54D985823218E01EDF9165CABAB7A984EE93E
          SHA-256:9B2EEB0EF36F851349E254E1745D11B65CB30A16A2EE4A87004765688A5E0452
          SHA-512:E12D6DBEA8DE9E3FB236011B962FFE1AEB95E3353B13303C343565B60AA664508D51A011C66C3CE2460C52A901495F46D0500C9B74E19399AE66231E5D6200A0
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Maputo)]} {. LoadTimeZoneFile Africa/Maputo.}.set TZData(:Africa/Blantyre) $TZData(:Africa/Maputo).
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\Africa\Brazzaville
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):178
          Entropy (8bit):4.853052123353996
          Encrypted:false
          SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqsGe4FVAIgNGESIRL2DciE0TMJZp4DcGev:SlSWB9IZaM3y7V4FVAIgNT9L2D4qGp4e
          MD5:4F5159996C16A171D9B011C79FDDBF63
          SHA1:51BCA6487762E42528C845CCA33173B3ED707B3F
          SHA-256:E73ADC4283ECA7D8504ABC6CB28D98EB071ED867F77DE9FADA777181533AD1D0
          SHA-512:6E5D4DF903968395DFDB834FBD4B2A0294E945A9939D05BED8533674EA0ACE8393731DDCDFACF7F2C9A00D38DC8F5EDB173B4025CF05122B0927829D07ED203F
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Lagos)]} {. LoadTimeZoneFile Africa/Lagos.}.set TZData(:Africa/Brazzaville) $TZData(:Africa/Lagos).
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\Africa\Bujumbura
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):179
          Entropy (8bit):4.900915013374923
          Encrypted:false
          SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqsfKGyVAIgNGEjKKW62DclbDcfKu:SlSWB9IZaM3y7fYVAIgNTj5W62DkbDE/
          MD5:9E81B383C593422481B5066CF23B8CE1
          SHA1:8DD0408272CBE6DF1D5051CB4D9319B5A1BD770E
          SHA-256:9ADCD7CB6309049979ABF8D128C1D1BA35A02F405DB8DA8C39D474E8FA675E38
          SHA-512:9939ED703EC26350DE9CC59BF7A8C76B6B3FE3C67E47CCDDE86D87870711224ADEEC61D93AC7926905351B8333AD01FF235276A5AB766474B5884F8A0329C2CB
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Maputo)]} {. LoadTimeZoneFile Africa/Maputo.}.set TZData(:Africa/Bujumbura) $TZData(:Africa/Maputo).
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\Africa\Cairo
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):3720
          Entropy (8bit):3.687670811431724
          Encrypted:false
          SSDEEP:48:5hRg1oCSY0WF6yU0yWZVYbZ0F0ZeTvc0jDlSBFX84aKqITVuV09ONWHr0L0335Kw:Fu0oVy0FUeLIvQV8c0OvOakCUUO
          MD5:1B38D083FC54E17D82935D400051F571
          SHA1:AE34C08176094F4C4BFEB4E1BBAE6034BCD03A11
          SHA-256:11283B69DE0D02EAB1ECF78392E3A4B32288CCFEF946F0432EC83327A51AEDDC
          SHA-512:581161079EC0F77EEB119C96879FD586AE49997BAD2C5124C360BCACF9136FF0A6AD70AE7D4C88F96BC94EEB87F628E8890E65DB9B0C96017659058D35436307
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit..set TZData(:Africa/Cairo) {. {-9223372036854775808 7509 0 LMT}. {-2185409109 7200 0 EET}. {-929844000 10800 1 EEST}. {-923108400 7200 0 EET}. {-906170400 10800 1 EEST}. {-892868400 7200 0 EET}. {-875844000 10800 1 EEST}. {-857790000 7200 0 EET}. {-844308000 10800 1 EEST}. {-825822000 7200 0 EET}. {-812685600 10800 1 EEST}. {-794199600 7200 0 EET}. {-779853600 10800 1 EEST}. {-762663600 7200 0 EET}. {-399088800 10800 1 EEST}. {-386650800 7200 0 EET}. {-368330400 10800 1 EEST}. {-355114800 7200 0 EET}. {-336790800 10800 1 EEST}. {-323654400 7200 0 EET}. {-305168400 10800 1 EEST}. {-292032000 7200 0 EET}. {-273632400 10800 1 EEST}. {-260496000 7200 0 EET}. {-242096400 10800 1 EEST}. {-228960000 7200 0 EET}. {-210560400 10800 1 EEST}. {-197424000 7200 0 EET}. {-178938000 10800 1 EEST}. {-165801600 7200 0 EET}. {-147402000 10800 1 EEST}. {-134265600 72
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\Africa\Casablanca
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1567
          Entropy (8bit):3.593430930151928
          Encrypted:false
          SSDEEP:48:5qSFbS4PUuMfMSAdZXfSGjX6JAzS26WZrW0SKQYXRWXpSjv:YmG0HZPcOQy1p
          MD5:9DB3A6EB1162C5D814B98265FB58D004
          SHA1:63ACAD6C18B49EF6794610ADED9865C8600A4D5C
          SHA-256:EF30CFFD1285339F4CC1B655CB4CB8C5D864C4B575D66F18919A35C084AA4E5F
          SHA-512:0581F6640BDDD8C33E82983F2186EB0952946C70A4B3F524EC78D1BE3EC1FA10BC3672A99CBA3475B28C0798D62A14F298207160F04EE0861EDDA352DA2BCCA0
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit..set TZData(:Africa/Casablanca) {. {-9223372036854775808 -1820 0 LMT}. {-1773012580 0 0 +00}. {-956361600 3600 1 +00}. {-950490000 0 0 +00}. {-942019200 3600 1 +00}. {-761187600 0 0 +00}. {-617241600 3600 1 +00}. {-605149200 0 0 +00}. {-81432000 3600 1 +00}. {-71110800 0 0 +00}. {141264000 3600 1 +00}. {147222000 0 0 +00}. {199756800 3600 1 +00}. {207702000 0 0 +00}. {231292800 3600 1 +00}. {244249200 0 0 +00}. {265507200 3600 1 +00}. {271033200 0 0 +00}. {448243200 3600 0 +01}. {504918000 0 0 +00}. {1212278400 3600 1 +00}. {1220223600 0 0 +00}. {1243814400 3600 1 +00}. {1250809200 0 0 +00}. {1272758400 3600 1 +00}. {1281222000 0 0 +00}. {1301788800 3600 1 +00}. {1312066800 0 0 +00}. {1335664800 3600 1 +00}. {1342749600 0 0 +00}. {1345428000 3600 1 +00}. {1348970400 0 0 +00}. {1367114400 3600 1 +00}. {1373162400 0 0 +00}. {1376100000 3600
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\Africa\Ceuta
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):7277
          Entropy (8bit):3.744402699283941
          Encrypted:false
          SSDEEP:96:/N8d9VA1URbjOP9/V+H4Mnb4Nkrloy4xBqffZRgKs0AzxAHTdIVaAq0VZQltUbAT:/AHAiRNH4Mn82rlo6XIZ9ALeBO
          MD5:261E339A2575F28099CD783B52F0980C
          SHA1:F7EB8B3DAE9C07382D5123225B3EAA4B5BFD47D6
          SHA-256:9C7D0E75AFC5681579D1018D7259733473EEDFFAF7313016B60159CB2A4DCAB5
          SHA-512:8E622174CB6DB4D0172DBC2E408867F03EBB7D1D54AA51D99C4465945CFF369AAFAF17D1D0F9277E69CBE3AD6AAF9A0C6EE056017474DF171E94BD28BBA9C04A
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit..set TZData(:Africa/Ceuta) {. {-9223372036854775808 -1276 0 LMT}. {-2177452800 0 0 WET}. {-1630112400 3600 1 WEST}. {-1616810400 0 0 WET}. {-1451692800 0 0 WET}. {-1442451600 3600 1 WEST}. {-1427673600 0 0 WET}. {-1379293200 3600 1 WEST}. {-1364774400 0 0 WET}. {-1348448400 3600 1 WEST}. {-1333324800 0 0 WET}. {-1316390400 3600 1 WEST}. {-1301270400 0 0 WET}. {-1293840000 0 0 WET}. {-94694400 0 0 WET}. {-81432000 3600 1 WEST}. {-71110800 0 0 WET}. {141264000 3600 1 WEST}. {147222000 0 0 WET}. {199756800 3600 1 WEST}. {207702000 0 0 WET}. {231292800 3600 1 WEST}. {244249200 0 0 WET}. {265507200 3600 1 WEST}. {271033200 0 0 WET}. {448243200 3600 0 CET}. {504918000 3600 0 CET}. {512528400 7200 1 CEST}. {528253200 3600 0 CET}. {543978000 7200 1 CEST}. {559702800 3600 0 CET}. {575427600 7200 1 CEST}. {591152400 3600 0 CET}. {606877200 7200 1 CEST}
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\Africa\Conakry
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):180
          Entropy (8bit):4.832452688412801
          Encrypted:false
          SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqss1kvFVAIgNGE4Rvt2DcmMM1+DcsP:SlSWB9IZaM3y7sYFVAIgNT4tt2DCM1+V
          MD5:DC007D4B9C02AAD2DBD48E73624B893E
          SHA1:9BEE9D21566D6C6D4873EFF9429AE3D3F85BA4E4
          SHA-256:3BF37836C9358EC0ABD9691D8F59E69E8F6084A133A50650239890C458D4AA41
          SHA-512:45D3BC383A33F7079A6D04079112FD73DB2DDBB7F81BFF8172FABCAA949684DC31C8B156E647F77AF8BA26581D3812D510C250CDC4D7EEEC788DDB2B77CD47E8
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Abidjan)]} {. LoadTimeZoneFile Africa/Abidjan.}.set TZData(:Africa/Conakry) $TZData(:Africa/Abidjan).
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\Africa\Dakar
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):178
          Entropy (8bit):4.8075658510312484
          Encrypted:false
          SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqss1kvFVAIgNGE4Rvt2DcXXMFBx/2DcsP:SlSWB9IZaM3y7sYFVAIgNT4tt2DKXEB4
          MD5:CDA180DB8DF825268DB06298815C96F0
          SHA1:20B082082CFA0DF49C0DF4FD698EBD061280A2BB
          SHA-256:95D31A4B3D9D9977CBDDD55275492A5A954F431B1FD1442C519255FBC0DBA615
          SHA-512:2D35698DE3BF1E90AB37C84ED4E3D0B57F02555A8AEB98659717EEC1D5EED17044D446E12B5AAC12A9721A3F9667343C5CACD7AB00BF986285B8084FF9384654
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Abidjan)]} {. LoadTimeZoneFile Africa/Abidjan.}.set TZData(:Africa/Dakar) $TZData(:Africa/Abidjan).
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\Africa\Dar_es_Salaam
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):186
          Entropy (8bit):4.795449330458551
          Encrypted:false
          SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqsVVMMvwVAIgNGExVMSt2Dc8bEH+DcVVMMv:SlSWB9IZaM3y7VcVAIgNTxL2DJbVDkr
          MD5:AF8E3E86312E3A789B82CECEDDB019CE
          SHA1:6B353BAB18E897151BF274D6ACF410CDFF6F00F0
          SHA-256:F39E4CABE33629365C2CEF6037871D698B942F0672F753212D768E865480B822
          SHA-512:9891AA26C4321DD5C4A9466F2EE84B14F18D3FFD71D6E8D2DE5CAFE4DC563D85A934B7B4E55926B30181761EF8C9B6C97746F522718BAE9DCBE4BDDE70C42B53
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Nairobi)]} {. LoadTimeZoneFile Africa/Nairobi.}.set TZData(:Africa/Dar_es_Salaam) $TZData(:Africa/Nairobi).
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\Africa\Djibouti
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):181
          Entropy (8bit):4.779330261863059
          Encrypted:false
          SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqsVVMMvwVAIgNGExVMSt2DcRHKQ1BQDcVVMMv:SlSWB9IZaM3y7VcVAIgNTxL2DOrkDkr
          MD5:1440C37011F8F31213AE5833A3FCD5E1
          SHA1:9EEE9D7BB3A1E29EDDE90D7DBE63ED50513A909B
          SHA-256:A4E0E775206EDBA439A454649A7AC94AE3AFEADC8717CBD47FD7B8AC41ADB06F
          SHA-512:D82FF9C46C8845A6F15DC96AF8D98866C601EF0B4F7F5F0260AD571DD46931E90443FFEB5910D5805C5A43F6CC8866116066565646AE2C96E1D260999D1641F0
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Nairobi)]} {. LoadTimeZoneFile Africa/Nairobi.}.set TZData(:Africa/Djibouti) $TZData(:Africa/Nairobi).
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\Africa\Douala
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):173
          Entropy (8bit):4.800219030063992
          Encrypted:false
          SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqsGe4FVAIgNGESIRL2DcnKe2DcGev:SlSWB9IZaM3y7V4FVAIgNT9L2Dml2D4v
          MD5:18C0C9E9D5154E20CC9301D5012066B9
          SHA1:8395E917261467EC5C27034C980EDD05F2242F40
          SHA-256:0595C402B8499FC1B67C196BEE24BCA4DE14D3E10B8DBBD2840D2B4C88D9DF28
          SHA-512:C53540E25B76DF8EC3E2A5F27B473F1D6615BFBD043E133867F3391B057D8552350F912DF55DD11C1357765EF76D8E286BBBE839F28295D09751243DC0201BDF
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Lagos)]} {. LoadTimeZoneFile Africa/Lagos.}.set TZData(:Africa/Douala) $TZData(:Africa/Lagos).
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\Africa\El_Aaiun
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1281
          Entropy (8bit):3.6551425401331312
          Encrypted:false
          SSDEEP:24:cQbe5T7pkNUSMSA7ZXgUSGjX6JAWqS26WZrW0SKQYJZRWXpSjv:5opMfMSA7ZXfSGjX6JAzS26WZrW0SKQm
          MD5:8E9FF3CB18879B1C69A04F45715D24BB
          SHA1:EF391BF1C3E1DEC08D8158B82B2FB0ED3E69866E
          SHA-256:A6CFC4359B7E2D650B1851D805FF5CD4562D0D1253793EA0978819B9A2FCC0E2
          SHA-512:6BFF03EE8973E2204181967987930EECDD39789DB353DB2EFC786027A8013CFF4835FAB9E3F0AF935D2A2D49CCEBE565FD481BA230EDF4D22A7848D4781C877C
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit..set TZData(:Africa/El_Aaiun) {. {-9223372036854775808 -3168 0 LMT}. {-1136070432 -3600 0 -01}. {198291600 0 0 +00}. {199756800 3600 1 +00}. {207702000 0 0 +00}. {231292800 3600 1 +00}. {244249200 0 0 +00}. {265507200 3600 1 +00}. {271033200 0 0 +00}. {1212278400 3600 1 +00}. {1220223600 0 0 +00}. {1243814400 3600 1 +00}. {1250809200 0 0 +00}. {1272758400 3600 1 +00}. {1281222000 0 0 +00}. {1301788800 3600 1 +00}. {1312066800 0 0 +00}. {1335664800 3600 1 +00}. {1342749600 0 0 +00}. {1345428000 3600 1 +00}. {1348970400 0 0 +00}. {1367114400 3600 1 +00}. {1373162400 0 0 +00}. {1376100000 3600 1 +00}. {1382839200 0 0 +00}. {1396144800 3600 1 +00}. {1403920800 0 0 +00}. {1406944800 3600 1 +00}. {1414288800 0 0 +00}. {1427594400 3600 1 +00}. {1434247200 0 0 +00}. {1437271200 3600 1 +00}. {1445738400 0 0 +00}. {1459044000 3600 1 +00}. {146509200
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\Africa\Freetown
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):181
          Entropy (8bit):4.817633094200984
          Encrypted:false
          SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqss1kvFVAIgNGE4Rvt2Dcu5sp4DcsP:SlSWB9IZaM3y7sYFVAIgNT4tt2Dk4DBP
          MD5:035B36DF91F67179C8696158F58D0CE8
          SHA1:E43BFF33090324110048AC19CBA16C4ED8D8B3FE
          SHA-256:3101942D9F3B2E852C1D1EA7ED85826AB9EA0F8953B9A0E6BAC32818A2EC9EDD
          SHA-512:A7B52154C6085E5D234D6D658BA48D2C8EC093A429C3907BE7D16654F6EE9EBE8E3100187650956E5164B18340AB0C0979C1F4FA90EFE0CC423FBA5F14F45215
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Abidjan)]} {. LoadTimeZoneFile Africa/Abidjan.}.set TZData(:Africa/Freetown) $TZData(:Africa/Abidjan).
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\Africa\Gaborone
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):178
          Entropy (8bit):4.8512443534123255
          Encrypted:false
          SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqsfKGyVAIgNGEjKKW62DcHK0o/4DcfKu:SlSWB9IZaM3y7fYVAIgNTj5W62DAV+4G
          MD5:BA2C7443CFCB3E29DB84FEC16B3B3843
          SHA1:2BA7D68C48A79000B1C27588A20A751AA04C5779
          SHA-256:28C1453496C2604AA5C42A88A060157BDFE22F28EDD1FBC7CC63B02324ED8445
          SHA-512:B275ABAADA7352D303EFEAD66D897BE3099A33B80EA849F9F1D98D522AA9A3DC44E1D979C0ABF2D7886BACF2F86D25837C971ECE6B2AF731BE2EE0363939CBDE
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Maputo)]} {. LoadTimeZoneFile Africa/Maputo.}.set TZData(:Africa/Gaborone) $TZData(:Africa/Maputo).
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\Africa\Harare
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):176
          Entropy (8bit):4.835896095919456
          Encrypted:false
          SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqsfKGyVAIgNGEjKKW62Dc0B5h4DcfKu:SlSWB9IZaM3y7fYVAIgNTj5W62Dlfh4G
          MD5:59137CFDB8E4B48599FB417E0D8A4A70
          SHA1:F13F9932C0445911E395377FB51B859E4F72862A
          SHA-256:E633C6B619782DA7C21D548E06E6C46A845033936346506EA0F2D4CCCDA46028
          SHA-512:2DCEB9A9FA59512ADCDE4946F055718A8C8236A912F6D521087FC348D52FFF462B5712633FDA5505876C500F5FD472381B3AC90CF1AEDF0C96EA08E0A0D3B7BA
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Maputo)]} {. LoadTimeZoneFile Africa/Maputo.}.set TZData(:Africa/Harare) $TZData(:Africa/Maputo).
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\Africa\Johannesburg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):298
          Entropy (8bit):4.638948195674004
          Encrypted:false
          SSDEEP:6:SlSWB9X52DWbAm2OHePP1mXs0//HF20706VcF206KsF:MBp52DWkmdHePP1mcUvFxJVcFEKsF
          MD5:256740512DCB35B4743D05CC24C636DB
          SHA1:1FD418712B3D7191549BC0808CF180A682AF7FC1
          SHA-256:768E9B2D9BE96295C35120414522FA6DD3EDA4500FE86B6D398AD452CAF6FA4B
          SHA-512:DCFF6C02D1328297BE24E0A640F5823BFD23BDE67047671AC18EB0B1F450C717E273B27A48857F54A18D6877AB8132AAED94B2D87D2F962DA43FE473FC3DDC94
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit..set TZData(:Africa/Johannesburg) {. {-9223372036854775808 6720 0 LMT}. {-2458173120 5400 0 SAST}. {-2109288600 7200 0 SAST}. {-860976000 10800 1 SAST}. {-845254800 7200 0 SAST}. {-829526400 10800 1 SAST}. {-813805200 7200 0 SAST}.}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\Africa\Juba
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1059
          Entropy (8bit):3.9545766161038602
          Encrypted:false
          SSDEEP:24:cQresZkn0Vb0iluy8pLXeKXhCvN9U0TlW50qCPR8jYJRFp0Q8SdAri/8+u8Wb2:5on010ilux1XeKXhCvN9U0TMGqCp8jYH
          MD5:79FCA072C6AABA65FB2DC83F33BFA17E
          SHA1:AC86AA9B0EAACAB1E4FDB14AECD8D884F8329A5A
          SHA-256:C084565CC6C217147C00DCA7D885AC917CFC8AF4A33CBA146F28586AD6F9832C
          SHA-512:9F19DEA8E21CE3D3DCA0AFC5588203DBB6F5A13BBE10CFDA0CEBE4A417384B85DB3BFFC48687EF7AD27268715FC154E235C106EC91875BA646C6759D285F1027
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit..set TZData(:Africa/Juba) {. {-9223372036854775808 7588 0 LMT}. {-1230775588 7200 0 CAT}. {10360800 10800 1 CAST}. {24786000 7200 0 CAT}. {41810400 10800 1 CAST}. {56322000 7200 0 CAT}. {73432800 10800 1 CAST}. {87944400 7200 0 CAT}. {104882400 10800 1 CAST}. {119480400 7200 0 CAT}. {136332000 10800 1 CAST}. {151016400 7200 0 CAT}. {167781600 10800 1 CAST}. {182552400 7200 0 CAT}. {199231200 10800 1 CAST}. {214174800 7200 0 CAT}. {230680800 10800 1 CAST}. {245710800 7200 0 CAT}. {262735200 10800 1 CAST}. {277246800 7200 0 CAT}. {294184800 10800 1 CAST}. {308782800 7200 0 CAT}. {325634400 10800 1 CAST}. {340405200 7200 0 CAT}. {357084000 10800 1 CAST}. {371941200 7200 0 CAT}. {388533600 10800 1 CAST}. {403477200 7200 0 CAT}. {419983200 10800 1 CAST}. {435013200 7200 0 CAT}. {452037600 10800 1 CAST}. {466635600 7200 0 CAT}. {483487200 10800 1 CAST
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\Africa\Kampala
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):180
          Entropy (8bit):4.787605387034664
          Encrypted:false
          SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqsVVMMvwVAIgNGExVMSt2DcJEl2DcVVMMv:SlSWB9IZaM3y7VcVAIgNTxL2DIEl2Dkr
          MD5:8CF1CA04CD5FC03D3D96DC49E98D42D4
          SHA1:4D326475E9216089C872D5716C54DEB94590FCDE
          SHA-256:A166E17E3A4AB7C5B2425A17F905484EBFDBA971F88A221155BCA1EC5D28EA96
          SHA-512:1301B9469ED396198A2B87CBA254C66B148036C0117D7D4A8286CB8729296AD735DF16581AEF0715CEE24213E91970F181824F3A64BCF91435FDAD85DCD78C84
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Nairobi)]} {. LoadTimeZoneFile Africa/Nairobi.}.set TZData(:Africa/Kampala) $TZData(:Africa/Nairobi).
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\Africa\Khartoum
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1091
          Entropy (8bit):3.9616554773567083
          Encrypted:false
          SSDEEP:24:cQWe9hXn0Vb0iluy8pLXeKXhCvN9U0TlW50qCPR8jYJRFp0Q8SdAri/8+u8WbVgM:5vn010ilux1XeKXhCvN9U0TMGqCp8jYs
          MD5:A00B0C499DE60158C9990CFE9628FEA4
          SHA1:44B768C63E170331396B4B81ABF0E3EDD8B0D864
          SHA-256:FCFF440D525F3493447C0ACFE32BB1E8BCDF3F1A20ADC3E0F5D2B245E2DB10E9
          SHA-512:30BF22857AA4C26FC6178C950AB6EAB472F2AC77D2D8EB3A209DCDEF2DDC8312B0AB6DA3428936CA16225ABE652DDB8536D870DB1905027AD7BD7FF245871556
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit..set TZData(:Africa/Khartoum) {. {-9223372036854775808 7808 0 LMT}. {-1230775808 7200 0 CAT}. {10360800 10800 1 CAST}. {24786000 7200 0 CAT}. {41810400 10800 1 CAST}. {56322000 7200 0 CAT}. {73432800 10800 1 CAST}. {87944400 7200 0 CAT}. {104882400 10800 1 CAST}. {119480400 7200 0 CAT}. {136332000 10800 1 CAST}. {151016400 7200 0 CAT}. {167781600 10800 1 CAST}. {182552400 7200 0 CAT}. {199231200 10800 1 CAST}. {214174800 7200 0 CAT}. {230680800 10800 1 CAST}. {245710800 7200 0 CAT}. {262735200 10800 1 CAST}. {277246800 7200 0 CAT}. {294184800 10800 1 CAST}. {308782800 7200 0 CAT}. {325634400 10800 1 CAST}. {340405200 7200 0 CAT}. {357084000 10800 1 CAST}. {371941200 7200 0 CAT}. {388533600 10800 1 CAST}. {403477200 7200 0 CAT}. {419983200 10800 1 CAST}. {435013200 7200 0 CAT}. {452037600 10800 1 CAST}. {466635600 7200 0 CAT}. {483487200 10800 1
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\Africa\Kigali
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):176
          Entropy (8bit):4.8623059127375585
          Encrypted:false
          SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqsfKGyVAIgNGEjKKW62DcCJRx+DcfKu:SlSWB9IZaM3y7fYVAIgNTj5W62DRX+Da
          MD5:32AE0D7A7E7F0DF7AD0054E959A53B09
          SHA1:AE455C96401EBB1B2BDE5674A71A182D9E12D7BD
          SHA-256:7273FA039D250CABAE2ACCE926AB483B0BF16B0D77B9C2A7B499B9BDFB9E1CBB
          SHA-512:DC8E89A75D7212D398A253E6FF3D10AF72B7E14CBC07CA53C6CB01C8CE40FB12375E50AD4291C973C872566F8D875D1E1A2CF0A38F02C91355B957095004563E
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Maputo)]} {. LoadTimeZoneFile Africa/Maputo.}.set TZData(:Africa/Kigali) $TZData(:Africa/Maputo).
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\Africa\Kinshasa
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):175
          Entropy (8bit):4.816805447465336
          Encrypted:false
          SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqsGe4FVAIgNGESIRL2DcqQFeDcGev:SlSWB9IZaM3y7V4FVAIgNT9L2DdD4v
          MD5:90EC372D6C8677249C8C2841432F0FB7
          SHA1:5D5E549496962420F56897BC01887B09EC863D78
          SHA-256:56F7CA006294049FA92704EDEAD78669C1E9EABE007C41F722E972BE2FD58A37
          SHA-512:93FD7C8F5C6527DCCFBF21043AB5EED21862A22DA1FDB3ED7635723060C9252D76541DAD3A76EBF8C581A82A6DBEF2766DD428ACE3A9D6A45954A787B686B1CA
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Lagos)]} {. LoadTimeZoneFile Africa/Lagos.}.set TZData(:Africa/Kinshasa) $TZData(:Africa/Lagos).
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\Africa\Lagos
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):141
          Entropy (8bit):4.965079502032549
          Encrypted:false
          SSDEEP:3:SlEVFRKvJT8QFx52DcGemFFkXGm2OHWTdvUQDWTFWZRYvCn:SlSWB9X52D4mFJm2OHWTdRDWTGRLn
          MD5:51D7AC832AE95CFDE6098FFA6FA2B1C7
          SHA1:9DA61FDA03B4EFDA7ACC3F83E8AB9495706CCEF1
          SHA-256:EEDA5B96968552C12B916B39217005BF773A99CA17996893BC87BCC09966B954
          SHA-512:128C8D3A0AA7CF4DFAE326253F236058115028474BF122F14AB9461D910A03252FEEB420014CA91ACFBF94DF05FBFCADE98217FC59A86A2581BB68CDC83E88C8
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit..set TZData(:Africa/Lagos) {. {-9223372036854775808 816 0 LMT}. {-1588464816 3600 0 WAT}.}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\Africa\Libreville
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):177
          Entropy (8bit):4.816649832558406
          Encrypted:false
          SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqsGe4FVAIgNGESIRL2Dcr7bp4DcGev:SlSWB9IZaM3y7V4FVAIgNT9L2Dgfp4Di
          MD5:D1387B464CFCFE6CB2E10BA82D4EEE0E
          SHA1:F672B694551AB4228D4FC938D0CC2DA635EB8878
          SHA-256:BEE63E4DF9D03D2F5E4100D0FCF4E6D555173083A4470540D4ADC848B788A2FC
          SHA-512:DEB95AAB852772253B60F83DA9CE5E24144386DFBFB1F1E9A77905511181EC84FD13B00200602D6C276820527206EE0078DDE81CC0F1B1276B8BF4360C2CDB1E
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Lagos)]} {. LoadTimeZoneFile Africa/Lagos.}.set TZData(:Africa/Libreville) $TZData(:Africa/Lagos).
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\Africa\Lome
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):177
          Entropy (8bit):4.813464796454866
          Encrypted:false
          SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqss1kvFVAIgNGE4Rvt2Dcih4DcsP:SlSWB9IZaM3y7sYFVAIgNT4tt2DNh4DB
          MD5:D2AA823E78DD8E0A0C83508B6378DE5D
          SHA1:C26E03EF84C3C0B6001F0D4471907A94154E6850
          SHA-256:345F3F9422981CC1591FBC1B5B17A96F2F00F0C191DF23582328D44158041CF0
          SHA-512:908F8D096DA6A336703E7601D03477CECBCDC8D404C2410C7F419986379A14943BB61B0D92D87160D5F1EF5B229971B2B9D122D2B3F70746CED0D4D6B10D7412
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Abidjan)]} {. LoadTimeZoneFile Africa/Abidjan.}.set TZData(:Africa/Lome) $TZData(:Africa/Abidjan).
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\Africa\Luanda
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):173
          Entropy (8bit):4.807298951345495
          Encrypted:false
          SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqsGe4FVAIgNGESIRL2DccLtBQDcGev:SlSWB9IZaM3y7V4FVAIgNT9L2DXQD4v
          MD5:E851465BCA70F325B0B07E782D6A759E
          SHA1:3B3E0F3FD7AF99F941A3C70A2A2564C9301C8CFB
          SHA-256:F7E1DCBAE881B199F2E2BF18754E145DDED230518C691E7CB34DAE3C922A6063
          SHA-512:5F655B45D7A16213CE911EDAD935C1FEE7A947C0F5157CE20712A00B2A12A34AE51D5C05A392D2FF3A0B2DA7787D6C614FF100DDE7788CA01AAE21F10DD1CC3A
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Lagos)]} {. LoadTimeZoneFile Africa/Lagos.}.set TZData(:Africa/Luanda) $TZData(:Africa/Lagos).
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\Africa\Lubumbashi
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):180
          Entropy (8bit):4.893308860167744
          Encrypted:false
          SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqsfKGyVAIgNGEjKKW62DcfpT0DcfKu:SlSWB9IZaM3y7fYVAIgNTj5W62D8pT0G
          MD5:CD638B7929FB8C474293D5ECF1FE94D3
          SHA1:149AD0F3CF8AC1795E84B97CFF5CEB1FD26449C4
          SHA-256:41D32824F28AE235661EE0C959E0F555C44E3E78604D6D2809BBA2254FD47258
          SHA-512:D762C49B13961A01526C0DD9D7A55E202448E1B46BA64F701FB2E0ABE0F44B2C3DF743864B9E62DC07FD6CEA7197945CE246C89CDACB1FEC0F924F3ECC46B170
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Maputo)]} {. LoadTimeZoneFile Africa/Maputo.}.set TZData(:Africa/Lubumbashi) $TZData(:Africa/Maputo).
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\Africa\Lusaka
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):176
          Entropy (8bit):4.857012096036922
          Encrypted:false
          SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqsfKGyVAIgNGEjKKW62DcOf+DcfKu:SlSWB9IZaM3y7fYVAIgNTj5W62DkDE/
          MD5:3769866ADC24DA6F46996E43079C3545
          SHA1:546FA9C76A1AE5C6763B31FC7214B8A2B18C3C52
          SHA-256:5BAF390EA1CE95227F586423523377BABD141F0B5D4C31C6641E59C6E29FFAE0
          SHA-512:DEA8CAB330F6321AD9444DB9FEC58E2CBCC79404B9E5539EABB52DBC9C3AC01BA1E8A3E1EC32906F02E4E4744271D84B626A5C32A8CD8B22210C42DD0E774A9C
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Maputo)]} {. LoadTimeZoneFile Africa/Maputo.}.set TZData(:Africa/Lusaka) $TZData(:Africa/Maputo).
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\Africa\Malabo
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):173
          Entropy (8bit):4.807416212132411
          Encrypted:false
          SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqsGe4FVAIgNGESIRL2Dcn2DcGev:SlSWB9IZaM3y7V4FVAIgNT9L2D42D4v
          MD5:37C13E1D11C817BA70DDC84E768F8891
          SHA1:0765A45CC37EB71F4A5D2B8D3359AEE554C647FF
          SHA-256:8F4F0E1C85A33E80BF7C04CF7E0574A1D829141CC949D2E38BDCC174337C5BAE
          SHA-512:1E31BBA68E85A8603FBDD27DA68382CBC6B0E1AB0763E86516D3EFD15CFF106DE02812756F504AEE799BF6742423DF5732352D488B3F05B889BE5E48594F558D
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Lagos)]} {. LoadTimeZoneFile Africa/Lagos.}.set TZData(:Africa/Malabo) $TZData(:Africa/Lagos).
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\Africa\Maputo
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):143
          Entropy (8bit):4.906945970372021
          Encrypted:false
          SSDEEP:3:SlEVFRKvJT8QFx52DcfKUXGm2OHoVvXdSF2iv:SlSWB9X52DESm2OHoVPdM
          MD5:5497C01E507E7C392944946FCD984852
          SHA1:4C3FD215E931CE36FF095DD9D23165340D6EECFE
          SHA-256:C87A6E7B3B84CFFA4856C4B6C37C5C8BA5BBB339BDDCD9D2FD34CF17E5553F5D
          SHA-512:83A2AA0ED1EB22056FFD3A847FB63DD09302DA213FE3AB660C41229795012035B5EA64A3236D3871285A8E271458C2DA6FCD599E5747F2F842E742C11222671A
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit..set TZData(:Africa/Maputo) {. {-9223372036854775808 7820 0 LMT}. {-2109291020 7200 0 CAT}.}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\Africa\Maseru
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):194
          Entropy (8bit):4.91873415322653
          Encrypted:false
          SSDEEP:6:SlSWB9IZaM3y7HbsvFVAIgNTzbDJL2DZQs+DWbBn:MBaIMaHw4NHnJL2DZiDWt
          MD5:71A4197C8062BBFCCC62DCEFA87A25F9
          SHA1:7490FAA5A0F5F20F456E71CBF51AA6DEB1F1ACC8
          SHA-256:4B33414E2B59E07028E9742FA4AE34D28C08FD074DDC6084EDB1DD179198B3C1
          SHA-512:A71CCB957FB5102D493320F48C94ADB642CCAA5F7F28BDDE05D1BB175C29BCBAC4D19DBC481AC0C80CE48F8E3840746C126CBC9CE511CA48D4E53DE22B3D66E7
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Johannesburg)]} {. LoadTimeZoneFile Africa/Johannesburg.}.set TZData(:Africa/Maseru) $TZData(:Africa/Johannesburg).
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\Africa\Mbabane
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):195
          Entropy (8bit):4.911369740193625
          Encrypted:false
          SSDEEP:6:SlSWB9IZaM3y7HbsvFVAIgNTzbDJL2DzjEHp4DWbBn:MBaIMaHw4NHnJL2DzjEJ4DWt
          MD5:8F4C02CE326FAEEBD926F94B693BFF9E
          SHA1:9E8ABB12E4CFE341F24F5B050C75DDE3D8D0CB53
          SHA-256:029AD8C75A779AED71FD233263643DADE6DF878530C47CF140FC8B7755DDA616
          SHA-512:4B7D2D1D8DA876ABCD1E44FD5E4C992287F2B62B7C7BC3D6FD353E6312053F6762DBD11C0F27056EF8E37C8A2AF8E5111CF09D4EB6BB32EC1FF77F4C0C37917B
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Johannesburg)]} {. LoadTimeZoneFile Africa/Johannesburg.}.set TZData(:Africa/Mbabane) $TZData(:Africa/Johannesburg).
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\Africa\Mogadishu
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):182
          Entropy (8bit):4.828470940863702
          Encrypted:false
          SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqsVVMMvwVAIgNGExVMSt2DcBEBXCEeDcVVMMv:SlSWB9IZaM3y7VcVAIgNTxL2DFSVDkr
          MD5:B686E9408AB6EC58F3301D954A068C7E
          SHA1:C1259C31F93EB776F0F401920F076F162F3FFB2D
          SHA-256:79DB89294DAE09C215B9F71C61906E49AFAA5F5F27B4BC5B065992A45B2C183D
          SHA-512:CF96C687D33E68EB498A63EC262FC968858504410F670C6F492532F7C22F507BEACD41888B0A7527C30974DC545CCA9C015898E2D7C0C6D14C14C88F8BBED5C5
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Nairobi)]} {. LoadTimeZoneFile Africa/Nairobi.}.set TZData(:Africa/Mogadishu) $TZData(:Africa/Nairobi).
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\Africa\Monrovia
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):200
          Entropy (8bit):4.81604007062907
          Encrypted:false
          SSDEEP:6:SlSWB9X52D3NwTm2OHrFGxYPlHIgafTwG5B:MBp52D3NwTmdHhmYPdIgar5B
          MD5:8F9D1916FF86E2F8C5C9D4ABCC405D53
          SHA1:286BFEC8F7CE6729F84FD6CFEE6A40B7277A4DFF
          SHA-256:182F2608422FF14C53DC8AC1EDFFE054AE011275C1B5C2423E286AD95910F44C
          SHA-512:7EEF6840E54313EF1127694F550986BF97BB1C8BD51DED0AB6D5842B74B5BF0406C65B293F1106E69DDFA0B01AD46756492DEDD9ECCBD077BB75FDA95A9E1912
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit..set TZData(:Africa/Monrovia) {. {-9223372036854775808 -2588 0 LMT}. {-2776979812 -2588 0 MMT}. {-1604359012 -2670 0 MMT}. {63593070 0 0 GMT}.}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\Africa\Nairobi
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):235
          Entropy (8bit):4.70181156382821
          Encrypted:false
          SSDEEP:6:SlSWB9X52DkWJm2OHsvT5X26V/7VVpVCgekKB9TQ4U/w:MBp52DdJmdHsvVXHVVnmQ4U/w
          MD5:B6562D5A53E05FAAD80671C88A9E01D3
          SHA1:0014B14CFDDE47E603962935F8297C4C46533084
          SHA-256:726980DCC13E0596094E01B8377E17029A2FCCE6FE93538C61E61BA620DD0971
          SHA-512:D9C2838C89B0537C7F7A7319600D69D09AC004BD72358B452425A3B4861140246F71A94F004C2EF739620E81062F37ED9DA6D518F74956630006DD5674925A63
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit..set TZData(:Africa/Nairobi) {. {-9223372036854775808 8836 0 LMT}. {-1309746436 10800 0 EAT}. {-1262314800 9000 0 +0230}. {-946780200 9900 0 +0245}. {-315629100 10800 0 EAT}.}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\Africa\Ndjamena
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):200
          Entropy (8bit):4.8064239600480985
          Encrypted:false
          SSDEEP:6:SlSWB9X52DjXm2OHNseVaxCXGFaS1HkFWTvLn:MBp52DjXmdHPVX8aS2yzn
          MD5:459DA3ECBE5C32019D1130DDEAB10BAA
          SHA1:DD1F6653A7B7B091A57EC59E271197CEC1892594
          SHA-256:F36F8581755E1B40084442C43C60CC904C908285C4D719708F2CF1EADB778E2E
          SHA-512:FF74D540157DE358E657E968C9C040B8FE5C806D22782D878575BFAC68779303E6071DC84D6773BC06D299AC971B0EB6B38CA50439161574B5A50FF6F1704046
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit..set TZData(:Africa/Ndjamena) {. {-9223372036854775808 3612 0 LMT}. {-1830387612 3600 0 WAT}. {308703600 7200 1 WAST}. {321314400 3600 0 WAT}.}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\Africa\Niamey
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):173
          Entropy (8bit):4.822255424633636
          Encrypted:false
          SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqsGe4FVAIgNGESIRL2DcdhA9Ff2DcGev:SlSWB9IZaM3y7V4FVAIgNT9L2Dsh2f2e
          MD5:3142A6EAC3F36C872E7C32F8AF43A0F8
          SHA1:0EACF849944A55D4AB8198DDD0D3C5494D1986DA
          SHA-256:1704A1A82212E6DB71DA54E799D81EFA3279CD53A6BFA980625EE11126603B4C
          SHA-512:BB3DADC393D0CF87934629BBFAFAD3AD9149B80843FC5447670812357CC4DFBCAF71F7104EBF743C06517BB42111B0DB9028B22F401A50E17085431C9200DAB2
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Lagos)]} {. LoadTimeZoneFile Africa/Lagos.}.set TZData(:Africa/Niamey) $TZData(:Africa/Lagos).
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\Africa\Nouakchott
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):183
          Entropy (8bit):4.862257004762335
          Encrypted:false
          SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqss1kvFVAIgNGE4Rvt2DcboGb+DcsP:SlSWB9IZaM3y7sYFVAIgNT4tt2Dqbb+V
          MD5:6849FA8FFC1228286B08CE0950FEB4DD
          SHA1:7F8E8069BA31E2E549566011053DA01DEC5444E9
          SHA-256:2071F744BC880E61B653E2D84CED96D0AD2485691DDE9FFD38D3063B91E4F41F
          SHA-512:30211297C2D8255D4B5195E9781931861A4DF55C431FFC6F83FE9C00A0089ED56179C07D33B1376C5DE8C0A9ABF2CFE473EF32AD14239DFD9599EA66BC286556
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Abidjan)]} {. LoadTimeZoneFile Africa/Abidjan.}.set TZData(:Africa/Nouakchott) $TZData(:Africa/Abidjan).
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\Africa\Ouagadougou
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):184
          Entropy (8bit):4.872638989714255
          Encrypted:false
          SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqss1kvFVAIgNGE4Rvt2DcXCZDcsP:SlSWB9IZaM3y7sYFVAIgNT4tt2D1DBP
          MD5:7FF39BAAF47859EE3CD60F3E2C6DFC7D
          SHA1:5CFC8B14222554156985031C7E9507CE3311F371
          SHA-256:47E40BDBAC36CDB847C2E533B9D58D09FE1DBA2BED49C49BC75DD9086A63C6EB
          SHA-512:DEEA0982593AE7757E70BD2E933B20B65CD9613891DC734AA4E6EC14D12AD119D2C69BA38E6FA4AE836C6CE14E57F35AE7F53345ACA4CF70AD67680E49BC6B7C
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Abidjan)]} {. LoadTimeZoneFile Africa/Abidjan.}.set TZData(:Africa/Ouagadougou) $TZData(:Africa/Abidjan).
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\Africa\Porto-Novo
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):177
          Entropy (8bit):4.845403930433216
          Encrypted:false
          SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqsGe4FVAIgNGESIRL2DcyTKM0DcGev:SlSWB9IZaM3y7V4FVAIgNT9L2DQD4v
          MD5:9A4C8187E8AC86B1CF4177702A2D933A
          SHA1:6B54BBBE6D7ABC780EE11922F3AC50CDE3740A1F
          SHA-256:6292CC41FE34D465E3F38552BDE22F456E16ABCBAC0E0B813AE7566DF3725E83
          SHA-512:8008DB5E6F4F8144456021BB6B112B24ADB1194B1D544BBCB3E101E0684B63F4673F06A264C651A4BC0296CB81F7B4D73D47EAC7E1EC98468908E8B0086B2DDD
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Lagos)]} {. LoadTimeZoneFile Africa/Lagos.}.set TZData(:Africa/Porto-Novo) $TZData(:Africa/Lagos).
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\Africa\Sao_Tome
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):200
          Entropy (8bit):4.8463501042309645
          Encrypted:false
          SSDEEP:3:SlEVFRKvJT8QFx52DcOFwFkXGm2OHzT5vXbeaFnvUdSa5FF1IEvWZvZYvCn:SlSWB9X52DIJm2OHH5PzdVacbLn
          MD5:D28C0D0628DE3E5D9662A3376B20D5B4
          SHA1:464351F257655F10732CA9A1E59CF6587B33F8A1
          SHA-256:B9F317EAA504A195BD658BA7EE9EE22D816BF46A1FFDB8D8DA573D311A5FF78A
          SHA-512:B056E7A16CE8E5CC420F88AF26E893348117306D66ED2DF4C6A6C2CA9F48783714E08AACF94BC646A1B4A2B3FB2080A4E53EDF4633C9AE259BBBA3F8ABE4DEE3
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit..set TZData(:Africa/Sao_Tome) {. {-9223372036854775808 1616 0 LMT}. {-2713912016 -2205 0 LMT}. {-1830384000 0 0 GMT}. {1514768400 3600 0 WAT}.}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\Africa\Timbuktu
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):181
          Entropy (8bit):4.85737401659099
          Encrypted:false
          SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqss1kvFVAIgNGE4Rvt2DcHdDcsP:SlSWB9IZaM3y7sYFVAIgNT4tt2DwdDBP
          MD5:AF295B9595965712D77952D692F02C6B
          SHA1:BC6737BD9BFD52FE538376A1441C59FB4FC1A038
          SHA-256:13A06D69AEB38D7A2D35DF3802CEE1A6E15FA1F5A6648328A9584DD55D11E58C
          SHA-512:E47C5EA2DFBC22CF9EAC865F67D01F5593D3CDDB51FDE24CDD13C8957B70F50111675D8E94CA859EC9B6FAA109B3EFA522C3985A69FE5334156FEE66B607006E
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Abidjan)]} {. LoadTimeZoneFile Africa/Abidjan.}.set TZData(:Africa/Timbuktu) $TZData(:Africa/Abidjan).
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\Africa\Tripoli
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):920
          Entropy (8bit):4.074538534246205
          Encrypted:false
          SSDEEP:12:MBp52D0mdHrjWC+fGZni8hRSUNvoTC3yJ/Z9vPdq8UwLVFoBZdEthEK7st5kS1R:cQIevhR5FNgTbJ3b3D0WeXR
          MD5:A53F5CD6FE7C2BDD8091E38F26EEA4D1
          SHA1:90FB5EE343FCC78173F88CA59B35126CC8C07447
          SHA-256:D2FCC1AD3BFE20954795F2CDFFFE96B483E1A82640B79ADAA6062B96D143E3C7
          SHA-512:965E42972994AE79C9144323F87C904F393BA0CDF75186C346DA77CFAA1A2868C68AF8F2F1D63D5F06C5D1D4B96BA724DD4BC0DF7F5C4BD77E379AA674AE12DA
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit..set TZData(:Africa/Tripoli) {. {-9223372036854775808 3164 0 LMT}. {-1577926364 3600 0 CET}. {-574902000 7200 1 CEST}. {-512175600 7200 1 CEST}. {-449888400 7200 1 CEST}. {-347158800 7200 0 EET}. {378684000 3600 0 CET}. {386463600 7200 1 CEST}. {402271200 3600 0 CET}. {417999600 7200 1 CEST}. {433807200 3600 0 CET}. {449622000 7200 1 CEST}. {465429600 3600 0 CET}. {481590000 7200 1 CEST}. {496965600 3600 0 CET}. {512953200 7200 1 CEST}. {528674400 3600 0 CET}. {544230000 7200 1 CEST}. {560037600 3600 0 CET}. {575852400 7200 1 CEST}. {591660000 3600 0 CET}. {607388400 7200 1 CEST}. {623196000 3600 0 CET}. {641775600 7200 0 EET}. {844034400 3600 0 CET}. {860108400 7200 1 CEST}. {875919600 7200 0 EET}. {1352505600 3600 0 CET}. {1364515200 7200 1 CEST}. {1382662800 7200 0 EET}.}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\Africa\Tunis
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1072
          Entropy (8bit):4.074604685883076
          Encrypted:false
          SSDEEP:12:MBp52DgmdHjPbwSRjneMVyDKCNFWLFyBXS9/3S3K/CBmvyncSuZSqLS2C6oPwVFD:cQUejbwSRyS2Uyc+FcJLKgzmcx9b
          MD5:1899EDCB30CDDE3A13FB87C026CD5D87
          SHA1:4C7E25A36E0A62F3678BCD720FCB8911547BAC8D
          SHA-256:F0E01AA40BB39FE64A2EB2372E0E053D59AA65D64496792147FEFBAB476C4EC3
          SHA-512:FD22A2A7F9F8B66396152E27872CCBA6DA967F279BAF21BC91EF76E86B59505B3C21D198032B853427D9FFAB394FBB570F849B257D6F6821916C9AB29E7C37A1
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit..set TZData(:Africa/Tunis) {. {-9223372036854775808 2444 0 LMT}. {-2797202444 561 0 PMT}. {-1855958961 3600 0 CET}. {-969242400 7200 1 CEST}. {-950493600 3600 0 CET}. {-941940000 7200 1 CEST}. {-891136800 3600 0 CET}. {-877827600 7200 1 CEST}. {-857257200 3600 0 CET}. {-844556400 7200 1 CEST}. {-842918400 3600 0 CET}. {-842223600 7200 1 CEST}. {-828230400 3600 0 CET}. {-812502000 7200 1 CEST}. {-796269600 3600 0 CET}. {-781052400 7200 1 CEST}. {-766634400 3600 0 CET}. {231202800 7200 1 CEST}. {243903600 3600 0 CET}. {262825200 7200 1 CEST}. {276044400 3600 0 CET}. {581122800 7200 1 CEST}. {591145200 3600 0 CET}. {606870000 7200 1 CEST}. {622594800 3600 0 CET}. {641516400 7200 1 CEST}. {654649200 3600 0 CET}. {1114902000 7200 1 CEST}. {1128038400 3600 0 CET}. {1143334800 7200 1 CEST}. {1162083600 3600 0 CET}. {1174784400 7200 1 CEST}. {1193533200
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\Africa\Windhoek
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1591
          Entropy (8bit):3.915421470240155
          Encrypted:false
          SSDEEP:48:5qtCmcMxTFD9nJivm/8ySy/tnwfn8OIxJJSV1AnNlKQmX0UTjJx2MgXgprKfks1/:QCj6tXww023zn/
          MD5:18BD78EB14E153DAAAAE70B0A6A2510C
          SHA1:A91BA216A2AB62B138B1F0247D75FBA14A5F05C0
          SHA-256:639A57650A4EA5B866EAAA2EEC0562233DC92CF9D6955AC387AD954391B850B1
          SHA-512:88F34732F843E95F2A2AD4FAA0B5F945DD69B65FDDB4BB7DD957B95283B7AE995F52050B45A6332864C1C5CC4611390F6827D82569D343B5E1B9DDFE0AE5A633
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit..set TZData(:Africa/Windhoek) {. {-9223372036854775808 4104 0 LMT}. {-2458170504 5400 0 +0130}. {-2109288600 7200 0 SAST}. {-860976000 10800 1 SAST}. {-845254800 7200 0 SAST}. {637970400 7200 0 CAT}. {764200800 3600 1 WAT}. {778640400 7200 0 CAT}. {796780800 3600 1 WAT}. {810090000 7200 0 CAT}. {828835200 3600 1 WAT}. {841539600 7200 0 CAT}. {860284800 3600 1 WAT}. {873594000 7200 0 CAT}. {891734400 3600 1 WAT}. {905043600 7200 0 CAT}. {923184000 3600 1 WAT}. {936493200 7200 0 CAT}. {954633600 3600 1 WAT}. {967942800 7200 0 CAT}. {986083200 3600 1 WAT}. {999392400 7200 0 CAT}. {1018137600 3600 1 WAT}. {1030842000 7200 0 CAT}. {1049587200 3600 1 WAT}. {1062896400 7200 0 CAT}. {1081036800 3600 1 WAT}. {1094346000 7200 0 CAT}. {1112486400 3600 1 WAT}. {1125795600 7200 0 CAT}. {1143936000 3600 1 WAT}. {1157245200 7200 0 CAT}. {1175385600 3600 1 WAT}
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\America\Adak
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):8171
          Entropy (8bit):3.783938143940452
          Encrypted:false
          SSDEEP:96:DGWQm82ctfc/TVu7pAmKABmAlJD1NPaTsrEe50IC:DGWQm67pAmKABmiD1R2sG
          MD5:DD838D2C8CF84B775BBCBA7868E7FFB5
          SHA1:509CFC15E2CBFC2F183B4A3CDEC42C8427EBA825
          SHA-256:01A88ADE038DDD264B74ED921441642CAA93830CEF9594F70188CCF6D19C4664
          SHA-512:9D520CADC0134E7812B5643311246CED011A22D50240A03260478C90B69EC325AE5BD7548BA266E00253AC3288605A912C5DBB026EA1516CB2030F302BFCDF0E
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit..set TZData(:America/Adak) {. {-9223372036854775808 44002 0 LMT}. {-3225223727 -42398 0 LMT}. {-2188944802 -39600 0 NST}. {-883573200 -39600 0 NST}. {-880196400 -36000 1 NWT}. {-769395600 -36000 1 NPT}. {-765374400 -39600 0 NST}. {-757342800 -39600 0 NST}. {-86878800 -39600 0 BST}. {-31496400 -39600 0 BST}. {-21466800 -36000 1 BDT}. {-5745600 -39600 0 BST}. {9982800 -36000 1 BDT}. {25704000 -39600 0 BST}. {41432400 -36000 1 BDT}. {57758400 -39600 0 BST}. {73486800 -36000 1 BDT}. {89208000 -39600 0 BST}. {104936400 -36000 1 BDT}. {120657600 -39600 0 BST}. {126709200 -36000 1 BDT}. {152107200 -39600 0 BST}. {162392400 -36000 1 BDT}. {183556800 -39600 0 BST}. {199285200 -36000 1 BDT}. {215611200 -39600 0 BST}. {230734800 -36000 1 BDT}. {247060800 -39600 0 BST}. {262789200 -36000 1 BDT}. {278510400 -39600 0 BST}. {294238800 -36000 1 BDT}. {309960000 -3
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\America\Anchorage
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):8410
          Entropy (8bit):3.882284820226162
          Encrypted:false
          SSDEEP:96:RWFxXw34N+YXSUKC8aaIqDPRs/Q7Ddh5sBPyNsSLFOMM/EowALVZVmWa86Eac8rQ:Rsd6M/4h5sBPy+CMt/ElALLVuAH
          MD5:30468928CFDD0B6AAC8EA5BF84956E21
          SHA1:0B146D4D789CD49F0A7FEDFFE85FFD31C0926D9C
          SHA-256:202A45DEBFD6E92EF21E2FFF37281C1DE5B4AF4C79DC59A642013EBB37FE5AF0
          SHA-512:721049A2C751BC3F90B0D757C85F59971B46C70942B2F8A20B0E0E0834B89BBE9A5F16D20AEB5F58C1B6268D71DD5F39F9135C60FDE692E3E472598E054C1D96
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit..set TZData(:America/Anchorage) {. {-9223372036854775808 50424 0 LMT}. {-3225223727 -35976 0 LMT}. {-2188951224 -36000 0 AST}. {-883576800 -36000 0 AST}. {-880200000 -32400 1 AWT}. {-769395600 -32400 1 APT}. {-765378000 -36000 0 AST}. {-86882400 -36000 0 AHST}. {-31500000 -36000 0 AHST}. {-21470400 -32400 1 AHDT}. {-5749200 -36000 0 AHST}. {9979200 -32400 1 AHDT}. {25700400 -36000 0 AHST}. {41428800 -32400 1 AHDT}. {57754800 -36000 0 AHST}. {73483200 -32400 1 AHDT}. {89204400 -36000 0 AHST}. {104932800 -32400 1 AHDT}. {120654000 -36000 0 AHST}. {126705600 -32400 1 AHDT}. {152103600 -36000 0 AHST}. {162388800 -32400 1 AHDT}. {183553200 -36000 0 AHST}. {199281600 -32400 1 AHDT}. {215607600 -36000 0 AHST}. {230731200 -32400 1 AHDT}. {247057200 -36000 0 AHST}. {262785600 -32400 1 AHDT}. {278506800 -36000 0 AHST}. {294235200 -32400 1 AHDT}. {309956400 -360
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\America\Anguilla
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):203
          Entropy (8bit):4.9101657646476164
          Encrypted:false
          SSDEEP:6:SlSWB9IZaM3y7eoFVAIgpeX290/8J5290e/:MBaIMY9QpI290/8m90O
          MD5:F7D915076ABE4FF032E13F8769D38433
          SHA1:F930A8943E87105EE8523F640EA6F65BD4C9CE78
          SHA-256:9D368458140F29D95CAB9B5D0259DE27B52B1F2E987B4FA1C12F287082F4FE56
          SHA-512:63C99FFA65F749B7637D0DF5A73A21AC34DFEAD364479DE992E215258A82B9C15AB0D45AAF29BD2F259766346FDB901412413DD44C5D45BB8DF6B582C34F48B3
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Port_of_Spain)]} {. LoadTimeZoneFile America/Port_of_Spain.}.set TZData(:America/Anguilla) $TZData(:America/Port_of_Spain).
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\America\Antigua
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):202
          Entropy (8bit):4.90033942341457
          Encrypted:false
          SSDEEP:6:SlSWB9IZaM3y7eoFVAIgpeX290//MFe90e/:MBaIMY9QpI290//V90O
          MD5:25CA3996DDB8F1964D3008660338BA72
          SHA1:B66D73B5B38C2CCCA78232ADC3572BBBEB79365D
          SHA-256:A2ABBD9BCFCE1DB1D78C99F4993AC0D414A08DB4AC5CE915B81119E17C4DA76F
          SHA-512:A25AFE4FD981F458FE194A5D87C35BE5FC7D4426C1EEE8311AE655BB53364CD4AAC0710C0D7E6A91C0F248E2A6916902F4FD43A220CFF7A6474B77D93CF35C81
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Port_of_Spain)]} {. LoadTimeZoneFile America/Port_of_Spain.}.set TZData(:America/Antigua) $TZData(:America/Port_of_Spain).
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\America\Araguaina
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1722
          Entropy (8bit):3.6435096006301833
          Encrypted:false
          SSDEEP:48:5s4h19U2dBUGrmO7XGtN3kh0VKnNIVkHZU7WWhKRWRN:Cm19U2zUGrpzGtVE0VKnyVkHZWWWhKRG
          MD5:6349567E3ED0FD11DD97056D2CFF11EE
          SHA1:404F1B311D7072A6372351366BA15BB94F3AC7D2
          SHA-256:41C816E9C0217A01D9288014013CD1D315B2CEB719F8BB310670D02B664A4462
          SHA-512:782910DFA0FF8FEDB94D622271FA0FF983BC50A4FEE95FFC8EC3E89FB123B82C26701D81A994A8248F1C1CA0B1EF49C2752C4D7B498A0A623D79E2B6753DA432
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit..set TZData(:America/Araguaina) {. {-9223372036854775808 -11568 0 LMT}. {-1767214032 -10800 0 -03}. {-1206957600 -7200 1 -03}. {-1191362400 -10800 0 -03}. {-1175374800 -7200 1 -03}. {-1159826400 -10800 0 -03}. {-633819600 -7200 1 -03}. {-622069200 -10800 0 -03}. {-602283600 -7200 1 -03}. {-591832800 -10800 0 -03}. {-570747600 -7200 1 -03}. {-560210400 -10800 0 -03}. {-539125200 -7200 1 -03}. {-531352800 -10800 0 -03}. {-191365200 -7200 1 -03}. {-184197600 -10800 0 -03}. {-155163600 -7200 1 -03}. {-150069600 -10800 0 -03}. {-128898000 -7200 1 -03}. {-121125600 -10800 0 -03}. {-99954000 -7200 1 -03}. {-89589600 -10800 0 -03}. {-68418000 -7200 1 -03}. {-57967200 -10800 0 -03}. {499748400 -7200 1 -03}. {511236000 -10800 0 -03}. {530593200 -7200 1 -03}. {540266400 -10800 0 -03}. {562129200 -7200 1 -03}. {571197600 -10800 0 -03}. {592974000 -7200 1 -03}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\America\Argentina\Buenos_Aires
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1981
          Entropy (8bit):3.6790048972731686
          Encrypted:false
          SSDEEP:48:5Wcap0SaS2SeSNS2S/SwS8gSvJ1/SKSHSRCSiS9SDS+SGwRShoSdXvCWvXydhSTP:vC0ZB9yRwhS+/po/lKENURMo8XvCWvX1
          MD5:93B8CF61EDC7378C39BE33A77A4222FC
          SHA1:8A01D2B22F8FC163B0FDCED4305C3FA08336AF7D
          SHA-256:35E05545A12E213DCBC0C2F7FDCA5C79CD522E7D2684EDF959E8A0A991BEF3C8
          SHA-512:68333AB0C9348AF0994DB26FB6D34FF67ABF56AF1FBABB77F2C9EFF20E9A2DB2B59C5B81DF0C42299DE459B03DF13E07071B84576E62597920D1848F1E1FC9E3
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit..set TZData(:America/Argentina/Buenos_Aires) {. {-9223372036854775808 -14028 0 LMT}. {-2372097972 -15408 0 CMT}. {-1567453392 -14400 0 -04}. {-1233432000 -10800 0 -04}. {-1222981200 -14400 0 -04}. {-1205956800 -10800 1 -04}. {-1194037200 -14400 0 -04}. {-1172865600 -10800 1 -04}. {-1162501200 -14400 0 -04}. {-1141329600 -10800 1 -04}. {-1130965200 -14400 0 -04}. {-1109793600 -10800 1 -04}. {-1099429200 -14400 0 -04}. {-1078257600 -10800 1 -04}. {-1067806800 -14400 0 -04}. {-1046635200 -10800 1 -04}. {-1036270800 -14400 0 -04}. {-1015099200 -10800 1 -04}. {-1004734800 -14400 0 -04}. {-983563200 -10800 1 -04}. {-973198800 -14400 0 -04}. {-952027200 -10800 1 -04}. {-941576400 -14400 0 -04}. {-931032000 -10800 1 -04}. {-900882000 -14400 0 -04}. {-890337600 -10800 1 -04}. {-833749200 -14400 0 -04}. {-827265600 -10800 1 -04}. {-752274000 -14400 0 -04}. {-73378
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\America\Argentina\Catamarca
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):2009
          Entropy (8bit):3.6543367491742913
          Encrypted:false
          SSDEEP:48:5f4p0SaS2SeSNS2S/SwS8gSvJ1/SKSHSRCSiS9SDS+SGwRShoSdXvCWg7ydhSTK+:No0ZB9yRwhS+/po/lKENURMo8XvCWg7r
          MD5:7FCA355F863158D180B3179782A6E8C8
          SHA1:CDFBC98923F7315388009F22F9C37626B677321F
          SHA-256:C3FE34E5BE68503D78D63A2AFB5C970584D0854C63648D7FE6E2412A4E5B008F
          SHA-512:6C2F9598C714BEBA7A538AAB7FA68C1962001C426C80B21F2A9560C72BCEA87B956821E68AF30B4576C1ECDB07E33D616934BD49943DA2E45841B10D483833C5
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit..set TZData(:America/Argentina/Catamarca) {. {-9223372036854775808 -15788 0 LMT}. {-2372096212 -15408 0 CMT}. {-1567453392 -14400 0 -04}. {-1233432000 -10800 0 -04}. {-1222981200 -14400 0 -04}. {-1205956800 -10800 1 -04}. {-1194037200 -14400 0 -04}. {-1172865600 -10800 1 -04}. {-1162501200 -14400 0 -04}. {-1141329600 -10800 1 -04}. {-1130965200 -14400 0 -04}. {-1109793600 -10800 1 -04}. {-1099429200 -14400 0 -04}. {-1078257600 -10800 1 -04}. {-1067806800 -14400 0 -04}. {-1046635200 -10800 1 -04}. {-1036270800 -14400 0 -04}. {-1015099200 -10800 1 -04}. {-1004734800 -14400 0 -04}. {-983563200 -10800 1 -04}. {-973198800 -14400 0 -04}. {-952027200 -10800 1 -04}. {-941576400 -14400 0 -04}. {-931032000 -10800 1 -04}. {-900882000 -14400 0 -04}. {-890337600 -10800 1 -04}. {-833749200 -14400 0 -04}. {-827265600 -10800 1 -04}. {-752274000 -14400 0 -04}. {-73378080
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\America\Argentina\ComodRivadavia
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):237
          Entropy (8bit):4.672788403288451
          Encrypted:false
          SSDEEP:6:SlSWB9IZaM3y7/MMXAIVAIgp/MMXs290/MquQ90/MMXAv:MBaIMY/Mhp/MP290/MquQ90/MH
          MD5:42D568B6100D68F9E5698F301F4EC136
          SHA1:E0A5F43A80EB0FAAFBD45127DCAF793406A4CF3A
          SHA-256:D442E5BBB801C004A7903F6C217149FCDA521088705AC9FECB0BC3B3058981BF
          SHA-512:99580239B40247AF75FFAA44E930CDECB71F6769E3597AC85F19A8816F7D0859F6A0D5499AFAC2FA35C32BA05B75B27C77F36DE290DD0D442C0769D6F41E96DA
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Argentina/Catamarca)]} {. LoadTimeZoneFile America/Argentina/Catamarca.}.set TZData(:America/Argentina/ComodRivadavia) $TZData(:America/Argentina/Catamarca).
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\America\Argentina\Cordoba
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1976
          Entropy (8bit):3.659938468164974
          Encrypted:false
          SSDEEP:48:5zxpp0SaS2SeSNS2S/SwS8gSvJ1/SKSHSRCSiS9SDS+SGwRShoSdXvCWg7ydhSTP:1xT0ZB9yRwhS+/po/lKENURMo8XvCWgJ
          MD5:C6A4EED52A2829671089F9E84D986BFB
          SHA1:F5BBDD0C3347C7519282249AA48543C01DA95B7A
          SHA-256:50541A1FBACAD2C93F08CD402A609C4984AF66E27DB9FAA7F64FDA93DDC57939
          SHA-512:52EA5BB27C91C753275EAC90E082EEBE98B5997B830D8DD579174558355E3FED0AAF4AA02679B0866591951F04F358AFB113423872D57820143E75FEB4415B60
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit..set TZData(:America/Argentina/Cordoba) {. {-9223372036854775808 -15408 0 LMT}. {-2372096592 -15408 0 CMT}. {-1567453392 -14400 0 -04}. {-1233432000 -10800 0 -04}. {-1222981200 -14400 0 -04}. {-1205956800 -10800 1 -04}. {-1194037200 -14400 0 -04}. {-1172865600 -10800 1 -04}. {-1162501200 -14400 0 -04}. {-1141329600 -10800 1 -04}. {-1130965200 -14400 0 -04}. {-1109793600 -10800 1 -04}. {-1099429200 -14400 0 -04}. {-1078257600 -10800 1 -04}. {-1067806800 -14400 0 -04}. {-1046635200 -10800 1 -04}. {-1036270800 -14400 0 -04}. {-1015099200 -10800 1 -04}. {-1004734800 -14400 0 -04}. {-983563200 -10800 1 -04}. {-973198800 -14400 0 -04}. {-952027200 -10800 1 -04}. {-941576400 -14400 0 -04}. {-931032000 -10800 1 -04}. {-900882000 -14400 0 -04}. {-890337600 -10800 1 -04}. {-833749200 -14400 0 -04}. {-827265600 -10800 1 -04}. {-752274000 -14400 0 -04}. {-733780800
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\America\Argentina\Jujuy
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1974
          Entropy (8bit):3.659895575974408
          Encrypted:false
          SSDEEP:48:5rCp0SaS2SeSNS2S/SwS8gSvJ1/SKSHSRCSiS9SDS+SGwRShoSdXvCfSWnzydhSR:FK0ZB9yRwhS+/po/lKENURMo8XvCfbzD
          MD5:A7F2318729F0B4B04C9176CB5257691E
          SHA1:0EAD91CBDC640DB67F64A34209359674AC47062A
          SHA-256:E33962F99E6022ED1825898990B38C10F505DE6EC44DAFB00C75E3A7C1A61C8A
          SHA-512:CB80580383309CCA4837556ED0444F2B931E1B3B13582023BFB715393C94C4F1279D8EC18CACB06BB13E3D32A535495DF2D093E225DF7B6DFFD3571A3B3573B2
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit..set TZData(:America/Argentina/Jujuy) {. {-9223372036854775808 -15672 0 LMT}. {-2372096328 -15408 0 CMT}. {-1567453392 -14400 0 -04}. {-1233432000 -10800 0 -04}. {-1222981200 -14400 0 -04}. {-1205956800 -10800 1 -04}. {-1194037200 -14400 0 -04}. {-1172865600 -10800 1 -04}. {-1162501200 -14400 0 -04}. {-1141329600 -10800 1 -04}. {-1130965200 -14400 0 -04}. {-1109793600 -10800 1 -04}. {-1099429200 -14400 0 -04}. {-1078257600 -10800 1 -04}. {-1067806800 -14400 0 -04}. {-1046635200 -10800 1 -04}. {-1036270800 -14400 0 -04}. {-1015099200 -10800 1 -04}. {-1004734800 -14400 0 -04}. {-983563200 -10800 1 -04}. {-973198800 -14400 0 -04}. {-952027200 -10800 1 -04}. {-941576400 -14400 0 -04}. {-931032000 -10800 1 -04}. {-900882000 -14400 0 -04}. {-890337600 -10800 1 -04}. {-833749200 -14400 0 -04}. {-827265600 -10800 1 -04}. {-752274000 -14400 0 -04}. {-733780800 -1
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\America\Argentina\La_Rioja
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):2037
          Entropy (8bit):3.655968476161033
          Encrypted:false
          SSDEEP:48:5J6p0SaS2SeSNS2S/SwS8gSvJ1/SKSHSRCSiS9SDS+SGwRShoSdXvCWXXydhSTK+:Hi0ZB9yRwhS+/po/lKENURMo8XvCWXXr
          MD5:49BB6DAD5560E7C6EAEA6F3CF9EB1F67
          SHA1:56E0D9DD4E6B12522A75F0ABFEBB6AE019614CB5
          SHA-256:13CBECD826DD5DE4D8576285FC6C4DE39F2E9CF03F4A61F75316776CAED9F878
          SHA-512:CA7EF1A94A6635EAB644C5EAAC2B890E7401745CFA97609BDA410D031B990C87EB2F97160731A45B5A8ADE48D883EAB529AE2379406852129102F0FDF92247D8
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit..set TZData(:America/Argentina/La_Rioja) {. {-9223372036854775808 -16044 0 LMT}. {-2372095956 -15408 0 CMT}. {-1567453392 -14400 0 -04}. {-1233432000 -10800 0 -04}. {-1222981200 -14400 0 -04}. {-1205956800 -10800 1 -04}. {-1194037200 -14400 0 -04}. {-1172865600 -10800 1 -04}. {-1162501200 -14400 0 -04}. {-1141329600 -10800 1 -04}. {-1130965200 -14400 0 -04}. {-1109793600 -10800 1 -04}. {-1099429200 -14400 0 -04}. {-1078257600 -10800 1 -04}. {-1067806800 -14400 0 -04}. {-1046635200 -10800 1 -04}. {-1036270800 -14400 0 -04}. {-1015099200 -10800 1 -04}. {-1004734800 -14400 0 -04}. {-983563200 -10800 1 -04}. {-973198800 -14400 0 -04}. {-952027200 -10800 1 -04}. {-941576400 -14400 0 -04}. {-931032000 -10800 1 -04}. {-900882000 -14400 0 -04}. {-890337600 -10800 1 -04}. {-833749200 -14400 0 -04}. {-827265600 -10800 1 -04}. {-752274000 -14400 0 -04}. {-733780800
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\America\Argentina\Mendoza
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):2009
          Entropy (8bit):3.649537276151328
          Encrypted:false
          SSDEEP:48:5Yep0SaS2SeSNS2S/SwS8gSvJ1/SKSHSRCSiS9SDS+SGwRShoSdXvCpSGSldhSTS:C+0ZB9yRwhS+/po/lKENURMo8XvCpVap
          MD5:69F8A1AC33BE03C008EC5FEBD1CE4CAA
          SHA1:858362EFEA0C68C1EC9295A9FCE647B41DBF429D
          SHA-256:B02DDE8DCF8E68B2B1DBF66ADF5B247E9833FEC347DFBC487C391FADA5706AD3
          SHA-512:8373EAEEBF5EA028CC0673B10E9DFE84F4DFC2F9E9E8320D59E6CE6125643B31F5E61FC894E420A8D7E9C2FF242617DF911ABF0884AF5B32316A098C8524772D
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit..set TZData(:America/Argentina/Mendoza) {. {-9223372036854775808 -16516 0 LMT}. {-2372095484 -15408 0 CMT}. {-1567453392 -14400 0 -04}. {-1233432000 -10800 0 -04}. {-1222981200 -14400 0 -04}. {-1205956800 -10800 1 -04}. {-1194037200 -14400 0 -04}. {-1172865600 -10800 1 -04}. {-1162501200 -14400 0 -04}. {-1141329600 -10800 1 -04}. {-1130965200 -14400 0 -04}. {-1109793600 -10800 1 -04}. {-1099429200 -14400 0 -04}. {-1078257600 -10800 1 -04}. {-1067806800 -14400 0 -04}. {-1046635200 -10800 1 -04}. {-1036270800 -14400 0 -04}. {-1015099200 -10800 1 -04}. {-1004734800 -14400 0 -04}. {-983563200 -10800 1 -04}. {-973198800 -14400 0 -04}. {-952027200 -10800 1 -04}. {-941576400 -14400 0 -04}. {-931032000 -10800 1 -04}. {-900882000 -14400 0 -04}. {-890337600 -10800 1 -04}. {-833749200 -14400 0 -04}. {-827265600 -10800 1 -04}. {-752274000 -14400 0 -04}. {-733780800
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\America\Argentina\Rio_Gallegos
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):2012
          Entropy (8bit):3.6703415662732746
          Encrypted:false
          SSDEEP:48:5mpp0SaS2SeSNS2S/SwS8gSvJ1/SKSHSRCSiS9SDS+SGwRShoSdXvCWvXydhSTK+:oT0ZB9yRwhS+/po/lKENURMo8XvCWvXr
          MD5:AC8E561F7573280594BDD898324E9442
          SHA1:7DC6248ED29719700189FF3A69D06AAC7B54EB6B
          SHA-256:0833962C0DE220BC601D764EE14442E98F83CB581816B74E5867540348227250
          SHA-512:2FDD23ABA891EBEF01944F3C8F1A9E6844C182B0EB2CBEC0F942F268BAE51F0D7775370E262B500FE7151210F8849DD54BA5CEB2160AE03A5747A48A10933F05
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit..set TZData(:America/Argentina/Rio_Gallegos) {. {-9223372036854775808 -16612 0 LMT}. {-2372095388 -15408 0 CMT}. {-1567453392 -14400 0 -04}. {-1233432000 -10800 0 -04}. {-1222981200 -14400 0 -04}. {-1205956800 -10800 1 -04}. {-1194037200 -14400 0 -04}. {-1172865600 -10800 1 -04}. {-1162501200 -14400 0 -04}. {-1141329600 -10800 1 -04}. {-1130965200 -14400 0 -04}. {-1109793600 -10800 1 -04}. {-1099429200 -14400 0 -04}. {-1078257600 -10800 1 -04}. {-1067806800 -14400 0 -04}. {-1046635200 -10800 1 -04}. {-1036270800 -14400 0 -04}. {-1015099200 -10800 1 -04}. {-1004734800 -14400 0 -04}. {-983563200 -10800 1 -04}. {-973198800 -14400 0 -04}. {-952027200 -10800 1 -04}. {-941576400 -14400 0 -04}. {-931032000 -10800 1 -04}. {-900882000 -14400 0 -04}. {-890337600 -10800 1 -04}. {-833749200 -14400 0 -04}. {-827265600 -10800 1 -04}. {-752274000 -14400 0 -04}. {-73378
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\America\Argentina\Salta
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1945
          Entropy (8bit):3.653135248071002
          Encrypted:false
          SSDEEP:48:5Vgp0SaS2SeSNS2S/SwS8gSvJ1/SKSHSRCSiS9SDS+SGwRShoSdXvCWg7ydhSTQO:7w0ZB9yRwhS+/po/lKENURMo8XvCWg7D
          MD5:70FB90E24FEEF5211C9488C938295F02
          SHA1:5C903A669B51A1635284AD80877E0C6789D8EB26
          SHA-256:FBDACFA5D82DC23ECDD9D9F8A4EF71F7DBB579BF4A621C545062A7AE0296141D
          SHA-512:4C36B34B2203F6D4C78CC6F0E061BF35C4B98121D50096C8015EBA6DBEFA989DD2F2E32436EEE3055F1CF466BC3D4FD787A89873EEE4914CB51B273E335C90C3
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit..set TZData(:America/Argentina/Salta) {. {-9223372036854775808 -15700 0 LMT}. {-2372096300 -15408 0 CMT}. {-1567453392 -14400 0 -04}. {-1233432000 -10800 0 -04}. {-1222981200 -14400 0 -04}. {-1205956800 -10800 1 -04}. {-1194037200 -14400 0 -04}. {-1172865600 -10800 1 -04}. {-1162501200 -14400 0 -04}. {-1141329600 -10800 1 -04}. {-1130965200 -14400 0 -04}. {-1109793600 -10800 1 -04}. {-1099429200 -14400 0 -04}. {-1078257600 -10800 1 -04}. {-1067806800 -14400 0 -04}. {-1046635200 -10800 1 -04}. {-1036270800 -14400 0 -04}. {-1015099200 -10800 1 -04}. {-1004734800 -14400 0 -04}. {-983563200 -10800 1 -04}. {-973198800 -14400 0 -04}. {-952027200 -10800 1 -04}. {-941576400 -14400 0 -04}. {-931032000 -10800 1 -04}. {-900882000 -14400 0 -04}. {-890337600 -10800 1 -04}. {-833749200 -14400 0 -04}. {-827265600 -10800 1 -04}. {-752274000 -14400 0 -04}. {-733780800 -1
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\America\Argentina\San_Juan
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):2037
          Entropy (8bit):3.6597750686514887
          Encrypted:false
          SSDEEP:48:5jXup0SaS2SeSNS2S/SwS8gSvJ1/SKSHSRCSiS9SDS+SGwRShoSdXvCWXXydhSTH:1+0ZB9yRwhS+/po/lKENURMo8XvCWXXh
          MD5:BBB4D4B341E7FEC2E5A937267AADCD0F
          SHA1:9AB509F97DCBAAE5ACA7F67853E86429438ED8DC
          SHA-256:BAC6CC41865DD3D4F042FE6106176279F3DEB9127BE0146AF75AE1E47098AF43
          SHA-512:49E32BD5BDBA773D99C883080660B431E8D4C806164C0354C848CF3AB0042797DBE7F6226BA234634A1DF254B0464ED5F714B054454520263536B0A77D7053D9
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit..set TZData(:America/Argentina/San_Juan) {. {-9223372036854775808 -16444 0 LMT}. {-2372095556 -15408 0 CMT}. {-1567453392 -14400 0 -04}. {-1233432000 -10800 0 -04}. {-1222981200 -14400 0 -04}. {-1205956800 -10800 1 -04}. {-1194037200 -14400 0 -04}. {-1172865600 -10800 1 -04}. {-1162501200 -14400 0 -04}. {-1141329600 -10800 1 -04}. {-1130965200 -14400 0 -04}. {-1109793600 -10800 1 -04}. {-1099429200 -14400 0 -04}. {-1078257600 -10800 1 -04}. {-1067806800 -14400 0 -04}. {-1046635200 -10800 1 -04}. {-1036270800 -14400 0 -04}. {-1015099200 -10800 1 -04}. {-1004734800 -14400 0 -04}. {-983563200 -10800 1 -04}. {-973198800 -14400 0 -04}. {-952027200 -10800 1 -04}. {-941576400 -14400 0 -04}. {-931032000 -10800 1 -04}. {-900882000 -14400 0 -04}. {-890337600 -10800 1 -04}. {-833749200 -14400 0 -04}. {-827265600 -10800 1 -04}. {-752274000 -14400 0 -04}. {-733780800
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\America\Argentina\San_Luis
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):2013
          Entropy (8bit):3.6516068215670687
          Encrypted:false
          SSDEEP:48:58kp0SaS2SeSNS2S/SwS8gSvJ1/SKSHSRCSiS9SDS+SGwRShoSdXvCp1ESWn0SK4:K80ZB9yRwhS+/po/lKENURMo8XvCpmTr
          MD5:767F99822C382327A318EAC0779321F3
          SHA1:1352B21F20C7F742D57CB734013143C9B58DA221
          SHA-256:B4590DF5AC1993E10F508CC5183809775F5248B565400BA05AE5F87B69D4E26B
          SHA-512:C8FF21DC573DE5CB327DDA536391071012A038B8266C4E39922EC0F0EC975000E5D7AFBBE81D1C28DB8733E8B01E1E4D6BE0968D9EFCFC50DB102CC09BDABEA6
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit..set TZData(:America/Argentina/San_Luis) {. {-9223372036854775808 -15924 0 LMT}. {-2372096076 -15408 0 CMT}. {-1567453392 -14400 0 -04}. {-1233432000 -10800 0 -04}. {-1222981200 -14400 0 -04}. {-1205956800 -10800 1 -04}. {-1194037200 -14400 0 -04}. {-1172865600 -10800 1 -04}. {-1162501200 -14400 0 -04}. {-1141329600 -10800 1 -04}. {-1130965200 -14400 0 -04}. {-1109793600 -10800 1 -04}. {-1099429200 -14400 0 -04}. {-1078257600 -10800 1 -04}. {-1067806800 -14400 0 -04}. {-1046635200 -10800 1 -04}. {-1036270800 -14400 0 -04}. {-1015099200 -10800 1 -04}. {-1004734800 -14400 0 -04}. {-983563200 -10800 1 -04}. {-973198800 -14400 0 -04}. {-952027200 -10800 1 -04}. {-941576400 -14400 0 -04}. {-931032000 -10800 1 -04}. {-900882000 -14400 0 -04}. {-890337600 -10800 1 -04}. {-833749200 -14400 0 -04}. {-827265600 -10800 1 -04}. {-752274000 -14400 0 -04}. {-733780800
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\America\Argentina\Tucuman
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):2036
          Entropy (8bit):3.653313944168433
          Encrypted:false
          SSDEEP:48:5yM9Ep0SaS2SeSNS2S/SwS8gSvJ1/SKSHSRCSiS9SDS+SGwRShoSdXvCWg7ydhSU:b9c0ZB9yRwhS+/po/lKENURMo8XvCWgi
          MD5:892E23EEB82C4EF52CB830C607E3DD6D
          SHA1:9A9334DC1F9FBA0152C1B5CAA954F2FF1775B78C
          SHA-256:F3D19E51463B4D04BE1CD4F36CD9DD5E3954B6186ADD6A176B78C3C4F399CCA1
          SHA-512:4FCC3F61E261D57788756921AE21E54D387AB533ACF56182579B9082EC0791CD655D50BEDDAF996233CDBDE549F743855C191BCB581EF3D7877C4CE26B14EEC2
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit..set TZData(:America/Argentina/Tucuman) {. {-9223372036854775808 -15652 0 LMT}. {-2372096348 -15408 0 CMT}. {-1567453392 -14400 0 -04}. {-1233432000 -10800 0 -04}. {-1222981200 -14400 0 -04}. {-1205956800 -10800 1 -04}. {-1194037200 -14400 0 -04}. {-1172865600 -10800 1 -04}. {-1162501200 -14400 0 -04}. {-1141329600 -10800 1 -04}. {-1130965200 -14400 0 -04}. {-1109793600 -10800 1 -04}. {-1099429200 -14400 0 -04}. {-1078257600 -10800 1 -04}. {-1067806800 -14400 0 -04}. {-1046635200 -10800 1 -04}. {-1036270800 -14400 0 -04}. {-1015099200 -10800 1 -04}. {-1004734800 -14400 0 -04}. {-983563200 -10800 1 -04}. {-973198800 -14400 0 -04}. {-952027200 -10800 1 -04}. {-941576400 -14400 0 -04}. {-931032000 -10800 1 -04}. {-900882000 -14400 0 -04}. {-890337600 -10800 1 -04}. {-833749200 -14400 0 -04}. {-827265600 -10800 1 -04}. {-752274000 -14400 0 -04}. {-733780800
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\America\Argentina\Ushuaia
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):2007
          Entropy (8bit):3.6562927023582197
          Encrypted:false
          SSDEEP:48:56Yp0SaS2SeSNS2S/SwS8gSvJ1/SKSHSRCSiS9SDS+SGwRShoSdXvCWvXydhSTHd:QI0ZB9yRwhS+/po/lKENURMo8XvCWvXz
          MD5:EA31C60D08FFE56504DEC62A539F51D9
          SHA1:79F31368AC9C141B5F0F5804A0D903C12B75A386
          SHA-256:4E3A4539FE0D8E0401C8304E5A79F40C420333C92BF1227BCBB5DB242444ECD6
          SHA-512:EB58A3122DE8FC7887622D3716E1D9D615625FC47C30BA0BD8112894B595263F04B37D43E142C43251C48D2CD703BB6F56966B965C5475DA83F2C290B6F564E8
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit..set TZData(:America/Argentina/Ushuaia) {. {-9223372036854775808 -16392 0 LMT}. {-2372095608 -15408 0 CMT}. {-1567453392 -14400 0 -04}. {-1233432000 -10800 0 -04}. {-1222981200 -14400 0 -04}. {-1205956800 -10800 1 -04}. {-1194037200 -14400 0 -04}. {-1172865600 -10800 1 -04}. {-1162501200 -14400 0 -04}. {-1141329600 -10800 1 -04}. {-1130965200 -14400 0 -04}. {-1109793600 -10800 1 -04}. {-1099429200 -14400 0 -04}. {-1078257600 -10800 1 -04}. {-1067806800 -14400 0 -04}. {-1046635200 -10800 1 -04}. {-1036270800 -14400 0 -04}. {-1015099200 -10800 1 -04}. {-1004734800 -14400 0 -04}. {-983563200 -10800 1 -04}. {-973198800 -14400 0 -04}. {-952027200 -10800 1 -04}. {-941576400 -14400 0 -04}. {-931032000 -10800 1 -04}. {-900882000 -14400 0 -04}. {-890337600 -10800 1 -04}. {-833749200 -14400 0 -04}. {-827265600 -10800 1 -04}. {-752274000 -14400 0 -04}. {-733780800
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\America\Aruba
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):182
          Entropy (8bit):4.760006229014668
          Encrypted:false
          SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqx09CvjHVAIg209CvjvQ2IAcGE/nVIAcGE9Cvju:SlSWB9IZaM3y79CzVAIgp9CE290/V90J
          MD5:84605CB5AC93D51FF8C0C3D46B6A566F
          SHA1:8B56DBDAD33684743E5828EFBD638F082E9AA20D
          SHA-256:680651D932753C9F9E856018B7C1B6D944536111900CB56685ABA958DE9EC9C1
          SHA-512:A5FA747C4743130308A8D8832AD33CF10B2DA2F214DEE129CAC9543D6F88FF232B4387026976578D037DF7816D0F4177835866A35F497438DD2526FEBACA2AF6
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Curacao)]} {. LoadTimeZoneFile America/Curacao.}.set TZData(:America/Aruba) $TZData(:America/Curacao).
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\America\Asuncion
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):7685
          Entropy (8bit):3.4198614734785875
          Encrypted:false
          SSDEEP:192:57TOr5dwtvNJZWDQ2eBTVSZKnb0Yg6f5xgTK5IQPyP8D3rVPe9DptTkhXXkbCkCg:5P7J1A
          MD5:625A707182C6E0027D49F0FFD775AC51
          SHA1:6423A50DB875051656A1C3C5B6C6AF556F8FBE0A
          SHA-256:CD884C5C99949F5723DC94FBFF011B97AE0989EF2EDE089B30C2CD4893AFCE08
          SHA-512:C5787953997D7D1B583AEE7F68FCC255AC1FAC5C9A7025C8093F274206A0C8163DE221B4823F7750B5B30AF32D673F88D5956C0E510851EBA72CC2360AC35D18
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit..set TZData(:America/Asuncion) {. {-9223372036854775808 -13840 0 LMT}. {-2524507760 -13840 0 AMT}. {-1206389360 -14400 0 -04}. {86760000 -10800 0 -03}. {134017200 -14400 0 -04}. {162878400 -14400 0 -04}. {181368000 -10800 1 -04}. {194497200 -14400 0 -04}. {212990400 -10800 1 -04}. {226033200 -14400 0 -04}. {244526400 -10800 1 -04}. {257569200 -14400 0 -04}. {276062400 -10800 1 -04}. {291783600 -14400 0 -04}. {307598400 -10800 1 -04}. {323406000 -14400 0 -04}. {339220800 -10800 1 -04}. {354942000 -14400 0 -04}. {370756800 -10800 1 -04}. {386478000 -14400 0 -04}. {402292800 -10800 1 -04}. {418014000 -14400 0 -04}. {433828800 -10800 1 -04}. {449636400 -14400 0 -04}. {465451200 -10800 1 -04}. {481172400 -14400 0 -04}. {496987200 -10800 1 -04}. {512708400 -14400 0 -04}. {528523200 -10800 1 -04}. {544244400 -14400 0 -04}. {560059200 -10800 1 -04}. {57586
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\America\Atikokan
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):332
          Entropy (8bit):4.582750266902939
          Encrypted:false
          SSDEEP:6:SlSWB9X5290/qlfbm2OHvcFGxYP329V/uFn/TUs/uFn/lHIs8/kRm5/uFb/C/iin:MBp5290/emdHLYP323/uFn/9/uFn/dBs
          MD5:66777BB05E04E030FABBC70649290851
          SHA1:97118A1C4561FC1CC9B7D18EE2C7D805778970B8
          SHA-256:2C6BBDE21C77163CD32465D773F6EBBA3332CA1EAEEF88BB95F1C98CBCA1562D
          SHA-512:B00F01A72A5306C71C30B1F0742E14E23202E03924887B2418CA6F5513AE59E12BC45F62B614716BBE50A7BEA8D62310E1B67BB39B84F7B1B40C5D2D19086B7C
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit..set TZData(:America/Atikokan) {. {-9223372036854775808 -21988 0 LMT}. {-2366733212 -21600 0 CST}. {-1632067200 -18000 1 CDT}. {-1615136400 -21600 0 CST}. {-923248800 -18000 1 CDT}. {-880214400 -18000 0 CWT}. {-769395600 -18000 1 CPT}. {-765388800 -18000 0 EST}.}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\America\Atka
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):172
          Entropy (8bit):4.761501750421919
          Encrypted:false
          SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqx0/yO5pVAIg20/yOvYvt2IAcGE/ol7x+IAcGE/yOun:SlSWB9IZaM3y7/ykVAIgp/y9F290/ola
          MD5:E641C6615E1EF015427202803761AADD
          SHA1:E254129517335E60D82DFE00C6D5AF722D36565A
          SHA-256:9C546927B107BB4AB345F618A91C0F8C03D8A366028B2F0FCBF0A3CE29E6588E
          SHA-512:B7D34B1EA0D6722D7BFCD91F082D79EE009B97A2B5684D76A3F04CB59079637134275CF9A0306B9F4423A03CC0C2AB43994207D1B209161C893C2C6F3F3B6311
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Adak)]} {. LoadTimeZoneFile America/Adak.}.set TZData(:America/Atka) $TZData(:America/Adak).
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\America\Bahia
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1944
          Entropy (8bit):3.6123892296166242
          Encrypted:false
          SSDEEP:48:534h19U2dBUGrmO7XGtN3kh0OjmimtnNIVkHZU7WWhw5N:Nm19U2zUGrpzGtVE0OjmicnyVkHZWWWK
          MD5:E52095DB1E77EC4553A0AF56665CDE51
          SHA1:CED0966E8D89443F2CCBBE9F44DA683F7D2D688B
          SHA-256:30A4658BD46F88A1585ACABB9EB6BA03DB929EAF7D2F430BC4864D194A6CC0DD
          SHA-512:D6F3D51393F9D8F6414023A8435213EC6BD4FCAA5084B664B828CCDE8D57821E3E284B3D5A27414B4C2AB0B71E31D775D1F924C926C849F591D361DAA8681D8A
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit..set TZData(:America/Bahia) {. {-9223372036854775808 -9244 0 LMT}. {-1767216356 -10800 0 -03}. {-1206957600 -7200 1 -03}. {-1191362400 -10800 0 -03}. {-1175374800 -7200 1 -03}. {-1159826400 -10800 0 -03}. {-633819600 -7200 1 -03}. {-622069200 -10800 0 -03}. {-602283600 -7200 1 -03}. {-591832800 -10800 0 -03}. {-570747600 -7200 1 -03}. {-560210400 -10800 0 -03}. {-539125200 -7200 1 -03}. {-531352800 -10800 0 -03}. {-191365200 -7200 1 -03}. {-184197600 -10800 0 -03}. {-155163600 -7200 1 -03}. {-150069600 -10800 0 -03}. {-128898000 -7200 1 -03}. {-121125600 -10800 0 -03}. {-99954000 -7200 1 -03}. {-89589600 -10800 0 -03}. {-68418000 -7200 1 -03}. {-57967200 -10800 0 -03}. {499748400 -7200 1 -03}. {511236000 -10800 0 -03}. {530593200 -7200 1 -03}. {540266400 -10800 0 -03}. {562129200 -7200 1 -03}. {571197600 -10800 0 -03}. {592974000 -7200 1 -03}. {602
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\America\Bahia_Banderas
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):6625
          Entropy (8bit):3.791871111929614
          Encrypted:false
          SSDEEP:192:NqZL/1dCYDXEaXTuXMEXiH4RxGIJkYWXsWwav7jNf4sOVEmbwBlhcCLfYkNRfsNz:NqZL/1dCYDDCxyH4RxGIJkYWXsWwav7S
          MD5:6A18936EC3AA0FCEC8A230ADAF90FF1E
          SHA1:B13B8BF1FD2EEED44F63A0DC71F0BCE8AC15C783
          SHA-256:974481F867DEA51B6D8C6C21432F9F6F7D6A951EC1C34B49D5445305A6FB29B7
          SHA-512:75AA7A3AE63ED41AFF6CF0F6DC3CA649786A86A64293E715962B003383D31A8AD2B99C72CE6B788EC4DFF1AF7820F011B3F1FD353B37C326EF02289CE4A061BF
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit..set TZData(:America/Bahia_Banderas) {. {-9223372036854775808 -25260 0 LMT}. {-1514739600 -25200 0 MST}. {-1343066400 -21600 0 CST}. {-1234807200 -25200 0 MST}. {-1220292000 -21600 0 CST}. {-1207159200 -25200 0 MST}. {-1191344400 -21600 0 CST}. {-873828000 -25200 0 MST}. {-661539600 -28800 0 PST}. {28800 -25200 0 MST}. {828867600 -21600 1 MDT}. {846403200 -25200 0 MST}. {860317200 -21600 1 MDT}. {877852800 -25200 0 MST}. {891766800 -21600 1 MDT}. {909302400 -25200 0 MST}. {923216400 -21600 1 MDT}. {941356800 -25200 0 MST}. {954666000 -21600 1 MDT}. {972806400 -25200 0 MST}. {989139600 -21600 1 MDT}. {1001836800 -25200 0 MST}. {1018170000 -21600 1 MDT}. {1035705600 -25200 0 MST}. {1049619600 -21600 1 MDT}. {1067155200 -25200 0 MST}. {1081069200 -21600 1 MDT}. {1099209600 -25200 0 MST}. {1112518800 -21600 1 MDT}. {1130659200 -25200 0 MST}. {1143968400 -
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\America\Barbados
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):413
          Entropy (8bit):4.429320498710922
          Encrypted:false
          SSDEEP:12:MBp5290eNJmdH9Gcvm/uFkCFP/K/uFkCFks/v/h/uFkCFFoI/qZ/uFkCF3dX/r:cQT7enmSkC9/KSkCT/BSkCLl/wSkCj/r
          MD5:49EED111AB16F289E7D2D145A2641720
          SHA1:2F0A37524209FC26421C2951F169B4352250ED9E
          SHA-256:E7415944397EF395DDBD8EACB6D68662908A25E2DB18E4A3411016CBB6B8AFC6
          SHA-512:3AD4511798BA763C4E4A549340C807FE2FDF6B107C74A977E425734BBADDFF44ADAA68B5AE1F96170902A10208BC4BBF551C596EB1A3E292071549B8F3012A35
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit..set TZData(:America/Barbados) {. {-9223372036854775808 -14309 0 LMT}. {-1451678491 -14309 0 BMT}. {-1199217691 -14400 0 AST}. {234943200 -10800 1 ADT}. {244616400 -14400 0 AST}. {261554400 -10800 1 ADT}. {276066000 -14400 0 AST}. {293004000 -10800 1 ADT}. {307515600 -14400 0 AST}. {325058400 -10800 1 ADT}. {338706000 -14400 0 AST}.}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\America\Belem
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):996
          Entropy (8bit):3.799419505060255
          Encrypted:false
          SSDEEP:24:cQYe3wc4h1u80V2dBUGphmC17ewGtN3kN:5VB4h19U2dBUGrmO7XGtN3kN
          MD5:2F3314B71810C1AC0280F292F09F37BE
          SHA1:B8702125A9768AE530354CE2A765BC07BABAEF34
          SHA-256:9ECA949D328915C6CB02A2E6084F3E0730D49F1C53C6D6AA12751F852C51BF02
          SHA-512:C4E1ADD2E580BFD4100EE776305530BCEA017D57A65205881536A1CDDA3A299816C133B5B1F4B40A99E47BB94AE2A7E727F3D24D06131705818CC0C1AA12E5BD
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit..set TZData(:America/Belem) {. {-9223372036854775808 -11636 0 LMT}. {-1767213964 -10800 0 -03}. {-1206957600 -7200 1 -03}. {-1191362400 -10800 0 -03}. {-1175374800 -7200 1 -03}. {-1159826400 -10800 0 -03}. {-633819600 -7200 1 -03}. {-622069200 -10800 0 -03}. {-602283600 -7200 1 -03}. {-591832800 -10800 0 -03}. {-570747600 -7200 1 -03}. {-560210400 -10800 0 -03}. {-539125200 -7200 1 -03}. {-531352800 -10800 0 -03}. {-191365200 -7200 1 -03}. {-184197600 -10800 0 -03}. {-155163600 -7200 1 -03}. {-150069600 -10800 0 -03}. {-128898000 -7200 1 -03}. {-121125600 -10800 0 -03}. {-99954000 -7200 1 -03}. {-89589600 -10800 0 -03}. {-68418000 -7200 1 -03}. {-57967200 -10800 0 -03}. {499748400 -7200 1 -03}. {511236000 -10800 0 -03}. {530593200 -7200 1 -03}. {540266400 -10800 0 -03}. {562129200 -7200 1 -03}. {571197600 -10800 0 -03}. {590032800 -10800 0 -03}.}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\America\Belize
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1854
          Entropy (8bit):3.8463726575443573
          Encrypted:false
          SSDEEP:24:cQMeVyJOCSSVTSuWcLwX1QIXVlXco0bKdTu/pUHQGyUrROSTgltVJyODrUSn/mJO:5hxKj4jDMtVpIM/mjM/sQ
          MD5:1BFD01ECF77E031C23BDA5ED371E061F
          SHA1:7A38C5665A834B812613E4D10FE4D1E45F606407
          SHA-256:BDF09D97876E3A3C0422C655562252806B4EF914679FDCAB6DD78BD2B84DD932
          SHA-512:D7A2C2645129C4BAB1F0170A29A084396AD8CF07237DE339512C3A5C7227B017BF1D4B78EBD5A7274CAF1D172ECB2DB6F912887BFF1C6AC73E9D645E333A75A3
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit..set TZData(:America/Belize) {. {-9223372036854775808 -21168 0 LMT}. {-1822500432 -21600 0 CST}. {-1616954400 -19800 1 -0530}. {-1606069800 -21600 0 CST}. {-1585504800 -19800 1 -0530}. {-1574015400 -21600 0 CST}. {-1554055200 -19800 1 -0530}. {-1542565800 -21600 0 CST}. {-1522605600 -19800 1 -0530}. {-1511116200 -21600 0 CST}. {-1490551200 -19800 1 -0530}. {-1479666600 -21600 0 CST}. {-1459101600 -19800 1 -0530}. {-1448217000 -21600 0 CST}. {-1427652000 -19800 1 -0530}. {-1416162600 -21600 0 CST}. {-1396202400 -19800 1 -0530}. {-1384713000 -21600 0 CST}. {-1364752800 -19800 1 -0530}. {-1353263400 -21600 0 CST}. {-1333303200 -19800 1 -0530}. {-1321813800 -21600 0 CST}. {-1301248800 -19800 1 -0530}. {-1290364200 -21600 0 CST}. {-1269799200 -19800 1 -0530}. {-1258914600 -21600 0 CST}. {-1238349600 -19800 1 -0530}. {-1226860200 -21600 0 CST}. {-1206900000 -1980
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\America\Blanc-Sablon
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):331
          Entropy (8bit):4.599775510303771
          Encrypted:false
          SSDEEP:6:SlSWB9X5290Am2OHff4YPawmX/bVVFUFkCFVUP/GH6/XVVFUFkIZVVFUFkeF3k/g:MBp5290AmdHff4YPawY/b/uFkCFVUP/L
          MD5:5ACBD50E1CB87B4E7B735A8B5281917B
          SHA1:3E92C60B365C7E1F9BF5F312B007CBFD4175DB8F
          SHA-256:E61F3762B827971147772A01D51763A18CC5BED8F736000C64B4BDFF32973803
          SHA-512:9284FFDF115C7D7E548A06A6513E3591F88EE3E5197106B71B54CD82F27890D12773381218BCA69720F074A6762282F25830422DFA402FF19301D6834FD9FF7D
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit..set TZData(:America/Blanc-Sablon) {. {-9223372036854775808 -13708 0 LMT}. {-2713896692 -14400 0 AST}. {-1632074400 -10800 1 ADT}. {-1615143600 -14400 0 AST}. {-880221600 -10800 1 AWT}. {-769395600 -10800 1 APT}. {-765399600 -14400 0 AST}. {14400 -14400 0 AST}.}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\America\Boa_Vista
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1159
          Entropy (8bit):3.7116873200926586
          Encrypted:false
          SSDEEP:24:cQETmex8Sos/USws/QSI/LHSD/vOSy/WS3o/aS2/vSh/TSSX/WcSp/ySZd/YlSjx:5EqSaSwXS4SqSbS3JSySxSxcSESAlSQE
          MD5:0858FCA5A59C9C6EE38B7E8A61307412
          SHA1:685597A5FD8BFEBF3EC558DB8ABF11903F63E05E
          SHA-256:825E89E4B35C9BA92CF53380475960C36307BF11FD87057891DF6EEBA984A88D
          SHA-512:7369EE42CD73CFD635505BF784E16A36C9BBDE0BDAAAB405CB8401EBC508F4CE0B0155206756C1905E915756F1D3CDC381C6B9C357A01EAE0ECC4C448978844A
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit..set TZData(:America/Boa_Vista) {. {-9223372036854775808 -14560 0 LMT}. {-1767211040 -14400 0 -04}. {-1206954000 -10800 1 -04}. {-1191358800 -14400 0 -04}. {-1175371200 -10800 1 -04}. {-1159822800 -14400 0 -04}. {-633816000 -10800 1 -04}. {-622065600 -14400 0 -04}. {-602280000 -10800 1 -04}. {-591829200 -14400 0 -04}. {-570744000 -10800 1 -04}. {-560206800 -14400 0 -04}. {-539121600 -10800 1 -04}. {-531349200 -14400 0 -04}. {-191361600 -10800 1 -04}. {-184194000 -14400 0 -04}. {-155160000 -10800 1 -04}. {-150066000 -14400 0 -04}. {-128894400 -10800 1 -04}. {-121122000 -14400 0 -04}. {-99950400 -10800 1 -04}. {-89586000 -14400 0 -04}. {-68414400 -10800 1 -04}. {-57963600 -14400 0 -04}. {499752000 -10800 1 -04}. {511239600 -14400 0 -04}. {530596800 -10800 1 -04}. {540270000 -14400 0 -04}. {562132800 -10800 1 -04}. {571201200 -14400 0 -04}. {590036400 -1
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\America\Bogota
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):237
          Entropy (8bit):4.649012348678967
          Encrypted:false
          SSDEEP:6:SlSWB9X5290bJqm2OHDgPcuknTEXPKV93kR/uFeEV/KV9C:MBp5290bUmdHDgPcukT8O93Y/uF7/O9C
          MD5:4B3B0F66FB3BC69A5AB5DA79D02F7E34
          SHA1:79B84C0578BBB0E4C07E99977D02EDE45F11CC8A
          SHA-256:E7C45CA67F1BA913E7DC1632C166973FDA8DA4734F8BCF3AB1157A45454C8D7B
          SHA-512:96289B4D179F146D6C5FB5DDAA4336CBCB60CF27BABCC20B9691387920897B293903DF41F5D9DE7237A689013A9266134B32AB4B4656796419B46E8378D84358
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit..set TZData(:America/Bogota) {. {-9223372036854775808 -17776 0 LMT}. {-2707671824 -17776 0 BMT}. {-1739041424 -18000 0 -05}. {704869200 -14400 1 -05}. {733896000 -18000 0 -05}.}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\America\Boise
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):8324
          Entropy (8bit):3.772029913040983
          Encrypted:false
          SSDEEP:96:e45eG5cnWsGm+4I1zXN+C2mWBNQMsmNTxf6AeO+cblX:xGnWdVUC2mWBNwWTxyWR
          MD5:239425659E7345C757E6A44ABF258A22
          SHA1:9659217B4D55795333DFA5E08451B69D17F514AD
          SHA-256:6D6D377DDF237B1C5AB012DDDEB5F4FAA39D1D51240AA5C4C34EE96556D2D2F4
          SHA-512:3891D7BC1F84FF6B01B6C2DF6F0413C9E168E5B84CE445030F1B871766DD38B2FF7418501AB7C0DCEAB8381E538D65DF4E7708502EE924546A28DF1AC9BB7129
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit..set TZData(:America/Boise) {. {-9223372036854775808 -27889 0 LMT}. {-2717640000 -28800 0 PST}. {-1633269600 -25200 1 PDT}. {-1615129200 -28800 0 PST}. {-1601820000 -25200 1 PDT}. {-1583679600 -28800 0 PST}. {-1471788000 -25200 0 MST}. {-880210800 -21600 1 MWT}. {-769395600 -21600 1 MPT}. {-765388800 -25200 0 MST}. {-84380400 -21600 1 MDT}. {-68659200 -25200 0 MST}. {-52930800 -21600 1 MDT}. {-37209600 -25200 0 MST}. {-21481200 -21600 1 MDT}. {-5760000 -25200 0 MST}. {9968400 -21600 1 MDT}. {25689600 -25200 0 MST}. {41418000 -21600 1 MDT}. {57744000 -25200 0 MST}. {73472400 -21600 1 MDT}. {89193600 -25200 0 MST}. {104922000 -21600 1 MDT}. {120643200 -25200 0 MST}. {126255600 -25200 0 MST}. {129114000 -21600 0 MDT}. {152092800 -25200 0 MST}. {162378000 -21600 1 MDT}. {183542400 -25200 0 MST}. {199270800 -21600 1 MDT}. {215596800 -25200 0 MST}. {2307
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\America\Buenos_Aires
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):234
          Entropy (8bit):4.775296176809929
          Encrypted:false
          SSDEEP:6:SlSWB9IZaM3y7/MQA+zJFVAIgp/MQA+z2L290BFzk5h490/MQA+zq:MBaIMY/MV+z6p/MV+z2L290rzy490/Mz
          MD5:861DAA3C2FFF1D3E9F81FB5C63EA71F1
          SHA1:8E219E63E6D7E702FD0644543E05778CE786601A
          SHA-256:1D32F22CF50C7586CB566E45988CA05538E61A05DF09FD8F824D870717832307
          SHA-512:71B47C369DF1958C560E71B114616B999FB4B091FAA6DD203B29D2555FFE419D6FC5EF82FA810DC56E6F00722E13B03BFBED2516B4C5C2321F21E03F0198B91B
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Argentina/Buenos_Aires)]} {. LoadTimeZoneFile America/Argentina/Buenos_Aires.}.set TZData(:America/Buenos_Aires) $TZData(:America/Argentina/Buenos_Aires).
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\America\Cambridge_Bay
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):7487
          Entropy (8bit):3.787618233072156
          Encrypted:false
          SSDEEP:96:OGoGm+4ILQzXN+C2mWBNQMsmNTxf6AeO+cblX:P7YUC2mWBNwWTxyWR
          MD5:839C797E403B4C102D466B1E759A6CC4
          SHA1:D95864FF269AD16B35CDAAC95AE03D8306B8DE1F
          SHA-256:37E219C4C7AEBCC8919293114280A247E8072F2760E69F083E9FDD6BE460B9BC
          SHA-512:A74F3B3C83815F62F6BDF4199EA471872AE539D6C0C595BA41E6D2DF033075D74CC00995C8F99C3ADD4B1E5E04A12D663BE9BED4CE600FC5F067D7CDDED4D7F5
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit..set TZData(:America/Cambridge_Bay) {. {-9223372036854775808 0 0 -00}. {-1577923200 -25200 0 MST}. {-880210800 -21600 1 MWT}. {-769395600 -21600 1 MPT}. {-765388800 -25200 0 MST}. {-147891600 -18000 1 MDDT}. {-131562000 -25200 0 MST}. {325674000 -21600 1 MDT}. {341395200 -25200 0 MST}. {357123600 -21600 1 MDT}. {372844800 -25200 0 MST}. {388573200 -21600 1 MDT}. {404899200 -25200 0 MST}. {420022800 -21600 1 MDT}. {436348800 -25200 0 MST}. {452077200 -21600 1 MDT}. {467798400 -25200 0 MST}. {483526800 -21600 1 MDT}. {499248000 -25200 0 MST}. {514976400 -21600 1 MDT}. {530697600 -25200 0 MST}. {544611600 -21600 1 MDT}. {562147200 -25200 0 MST}. {576061200 -21600 1 MDT}. {594201600 -25200 0 MST}. {607510800 -21600 1 MDT}. {625651200 -25200 0 MST}. {638960400 -21600 1 MDT}. {657100800 -25200 0 MST}. {671014800 -21600 1 MDT}. {688550400 -25200 0 MST}. {
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\America\Campo_Grande
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):7652
          Entropy (8bit):3.4267759764212906
          Encrypted:false
          SSDEEP:192:ylD7ZYOtu7D/fVLF5H1RuSFuY66DCM/rDAWicDqRp5RepgK3i8kmmkniko1Kg+R7:n4jF17vArp
          MD5:87CB052D17717B696F3D9158B237E4FB
          SHA1:79B3947A50ED15C908CFC2D699D2B7F11468E7B2
          SHA-256:113E8ADCECE14A96261A59E0C26073EA5CFF864C4FF2DA6FAB5C61129A549043
          SHA-512:2BF788FD51E7268A1989F1C564E7B81B002B876381AEC561564D4BCE8D76C9D3F621A2F1AB26C1EAB5E5C64A3C41A536A1E21A5322D678CB11CB608333515144
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit..set TZData(:America/Campo_Grande) {. {-9223372036854775808 -13108 0 LMT}. {-1767212492 -14400 0 -04}. {-1206954000 -10800 1 -04}. {-1191358800 -14400 0 -04}. {-1175371200 -10800 1 -04}. {-1159822800 -14400 0 -04}. {-633816000 -10800 1 -04}. {-622065600 -14400 0 -04}. {-602280000 -10800 1 -04}. {-591829200 -14400 0 -04}. {-570744000 -10800 1 -04}. {-560206800 -14400 0 -04}. {-539121600 -10800 1 -04}. {-531349200 -14400 0 -04}. {-191361600 -10800 1 -04}. {-184194000 -14400 0 -04}. {-155160000 -10800 1 -04}. {-150066000 -14400 0 -04}. {-128894400 -10800 1 -04}. {-121122000 -14400 0 -04}. {-99950400 -10800 1 -04}. {-89586000 -14400 0 -04}. {-68414400 -10800 1 -04}. {-57963600 -14400 0 -04}. {499752000 -10800 1 -04}. {511239600 -14400 0 -04}. {530596800 -10800 1 -04}. {540270000 -14400 0 -04}. {562132800 -10800 1 -04}. {571201200 -14400 0 -04}. {592977600
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\America\Cancun
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1365
          Entropy (8bit):3.9551252054637245
          Encrypted:false
          SSDEEP:24:cQseeRb/uyV3XVP/upG/u/yRXiSn/Q8Sn/mfSn/yISn/PSn/zI3Sn/RSn/lfSn/A:5i7XEaRyM/BM/mfM/1M/PM/zmM/RM/l/
          MD5:2EC91D30699B64FA8199004F97C63645
          SHA1:4C4E00857B1FB3970E7C16C4EFAA9347ED2C3629
          SHA-256:4EB4C729FF11E170D683310422D8F10BCE78992CF13DACCB06662308C76CCA3B
          SHA-512:D7811C32E4D2B3B9FAEE730D580BC813EC41B63765DE34BB3A30A0D9BBEF2F090E2DA59C6D9A4D8FC91885DDEA2B6E3B1FD3FD434E42D805AF66E578E66AE6FE
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit..set TZData(:America/Cancun) {. {-9223372036854775808 -20824 0 LMT}. {-1514743200 -21600 0 CST}. {377935200 -18000 0 EST}. {828860400 -14400 1 EDT}. {846396000 -18000 0 EST}. {860310000 -14400 1 EDT}. {877845600 -18000 0 EST}. {891759600 -14400 1 EDT}. {902041200 -18000 0 CDT}. {909298800 -21600 0 CST}. {923212800 -18000 1 CDT}. {941353200 -21600 0 CST}. {954662400 -18000 1 CDT}. {972802800 -21600 0 CST}. {989136000 -18000 1 CDT}. {1001833200 -21600 0 CST}. {1018166400 -18000 1 CDT}. {1035702000 -21600 0 CST}. {1049616000 -18000 1 CDT}. {1067151600 -21600 0 CST}. {1081065600 -18000 1 CDT}. {1099206000 -21600 0 CST}. {1112515200 -18000 1 CDT}. {1130655600 -21600 0 CST}. {1143964800 -18000 1 CDT}. {1162105200 -21600 0 CST}. {1175414400 -18000 1 CDT}. {1193554800 -21600 0 CST}. {1207468800 -18000 1 CDT}. {1225004400 -21600 0 CST}. {1238918400 -18000 1 CD
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\America\Caracas
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):274
          Entropy (8bit):4.527582804527589
          Encrypted:false
          SSDEEP:6:SlSWB9X52909+ET2m2OHXP8Hk4lvFVFQVgIUF/R/OGWnVVFQVg2vR/O9:MBp5290QmdHXPy/ltvAYFZ/OGqVvA9/K
          MD5:D47486658B408AAF7F91569435B49D19
          SHA1:C69EDC17F2E77723A5C711342822BF21ECCB9C8E
          SHA-256:555A66624909220ACCCB35D852079D44944E188A81DF6A07CBA7433AC2478E5E
          SHA-512:35A4AF702405BD36F6EF7E42F1E1AEAD841A5710D04306C1C3390B3CC134E88F1221F284F489F6926C58E8FD50BD7E6BE0E5904AAE2ACBEA817EFCE0AAE61169
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit..set TZData(:America/Caracas) {. {-9223372036854775808 -16064 0 LMT}. {-2524505536 -16060 0 CMT}. {-1826739140 -16200 0 -0430}. {-157750200 -14400 0 -04}. {1197183600 -16200 0 -0430}. {1462086000 -14400 0 -04}.}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\America\Catamarca
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):222
          Entropy (8bit):4.615632762186706
          Encrypted:false
          SSDEEP:6:SlSWB9IZaM3y7/MMXAIVAIgp/MMXs29094SXAFB5290/MMXAv:MBaIMY/Mhp/MP290mh5290/MH
          MD5:359226FA8A7EAFCA0851F658B4EBBCDC
          SHA1:611A24C24462DF5994B5D043E65770B778A6443B
          SHA-256:F2782781F1FB7FD12FF85D36BB244887D1C2AD52746456B3C3FEAC2A63EC2157
          SHA-512:6F9DD2D1662103EC5A34A8858BDFA69AC9F74D3337052AB47EA61DC4D76216886A0644CF1284940E8862A09CBA3E0A87784DFDB6414434C92E45004AAF312614
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Argentina/Catamarca)]} {. LoadTimeZoneFile America/Argentina/Catamarca.}.set TZData(:America/Catamarca) $TZData(:America/Argentina/Catamarca).
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\America\Cayenne
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):178
          Entropy (8bit):4.781235086647991
          Encrypted:false
          SSDEEP:3:SlEVFRKvJT8QFx52IAcGE91pkXGm2OHEFvpoevUdR4FIUPvGDUwXvp3VVFVGHC:SlSWB9X52909zm2OHEdGeG4vOIw/ZVVF
          MD5:1FFD7817EE1DC55EF72AD686749AE9CE
          SHA1:AE972D5395F3562F052780AD014BA2C0767943B6
          SHA-256:9CE77C0A01BFDA002EE3B2DCEF316DB7C9AC80B270DFC3A0D7769021E731D849
          SHA-512:480D8D56F7B8829F6E82D8AFF1A0A161C3C45402D85A588027E98F2FA20C6E6F35549FFC5F38F0EEA9C4190A70B334066FCD406D39FF06EE7B7855AF75CD0FC3
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit..set TZData(:America/Cayenne) {. {-9223372036854775808 -12560 0 LMT}. {-1846269040 -14400 0 -04}. {-71092800 -10800 0 -03}.}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\America\Cayman
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):180
          Entropy (8bit):4.723325073771884
          Encrypted:false
          SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqx0u55DdVAIg20u5AF2IAcGE91mr4IAcGEu5un:SlSWB9IZaM3y7oDdVAIgpX2909Yr490/
          MD5:E03755B574F4962030DB1E21D1317963
          SHA1:5B5FA4787DA7AE358EFEA81787EB2AB48E4D7247
          SHA-256:8E85F05135DB89CB304689081B22535002DBD184D5DCDBF6487CD0A2FBE4621E
          SHA-512:8B85E51BD8DC04AE768A4D42F8DF0E0D60F23FAB2607E3DCAD4E10695E50C2A3F2124DA7E3A87E97DB7AF090EF70C9A5B5C2D34F7D1B6F74FEFEA9148FEB15AB
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Panama)]} {. LoadTimeZoneFile America/Panama.}.set TZData(:America/Cayman) $TZData(:America/Panama).
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\America\Chicago
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):11003
          Entropy (8bit):3.728817385585057
          Encrypted:false
          SSDEEP:192:rXxbWziyUZB4ME9Hmp7EYQYMWUJ2eQzURWu3OabMQxXI6X8x3X3D2DgOMIOdXkqq:rXxbWziyUZB4ME9Hmp7EYQYMWUJ2eQzg
          MD5:6175956F3052F3BE172F6110EF6342EE
          SHA1:532E2600DFAFAACCD3A187A233956462383401A6
          SHA-256:FC172494A4943F8D1C3FC35362D96F3D12D6D352984B93BC1DE7BDCB7C85F15E
          SHA-512:36B47003183EB9D7886F9980538DB3BDDC231BB27D4F14006CDBE0CB9042215A02559D97085679F8320DED6109FC7745DC43859EBA99B87365B09C4526D28193
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit..set TZData(:America/Chicago) {. {-9223372036854775808 -21036 0 LMT}. {-2717647200 -21600 0 CST}. {-1633276800 -18000 1 CDT}. {-1615136400 -21600 0 CST}. {-1601827200 -18000 1 CDT}. {-1583686800 -21600 0 CST}. {-1577901600 -21600 0 CST}. {-1563724800 -18000 1 CDT}. {-1551632400 -21600 0 CST}. {-1538928000 -18000 1 CDT}. {-1520182800 -21600 0 CST}. {-1504454400 -18000 1 CDT}. {-1491757200 -21600 0 CST}. {-1473004800 -18000 1 CDT}. {-1459702800 -21600 0 CST}. {-1441555200 -18000 1 CDT}. {-1428253200 -21600 0 CST}. {-1410105600 -18000 1 CDT}. {-1396803600 -21600 0 CST}. {-1378656000 -18000 1 CDT}. {-1365354000 -21600 0 CST}. {-1347206400 -18000 1 CDT}. {-1333904400 -21600 0 CST}. {-1315152000 -18000 1 CDT}. {-1301850000 -21600 0 CST}. {-1283702400 -18000 1 CDT}. {-1270400400 -21600 0 CST}. {-1252252800 -18000 1 CDT}. {-1238950800 -21600 0 CST}. {-1220803200
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\America\Chihuahua
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):6593
          Entropy (8bit):3.795313170000037
          Encrypted:false
          SSDEEP:96:LJNfzBT8tRkfKxhzY720zaOXmlITHjLc1cb:dN18tRkfKv+2wB9h
          MD5:B0CA4CFF6571AFBFF25FAC72CDDB5B08
          SHA1:1BF3ACEC369AEA504AAA248459A115E61CF79C4B
          SHA-256:C689A3BEED80D26EAB96C95C85874428F80699F7E136A44377776E52B5855D00
          SHA-512:398496EBA4344EDF78AFBF51BD6024481D3A12546D0EE597B7C593A1CD1BF575AFDE62FFADE7A0DDFEDA79CF235612E6F4DA74D7305A6E48F5942EA10D8A4F8E
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit..set TZData(:America/Chihuahua) {. {-9223372036854775808 -25460 0 LMT}. {-1514739600 -25200 0 MST}. {-1343066400 -21600 0 CST}. {-1234807200 -25200 0 MST}. {-1220292000 -21600 0 CST}. {-1207159200 -25200 0 MST}. {-1191344400 -21600 0 CST}. {820476000 -21600 0 CST}. {828864000 -18000 1 CDT}. {846399600 -21600 0 CST}. {860313600 -18000 1 CDT}. {877849200 -21600 0 CST}. {883634400 -21600 0 CST}. {891766800 -21600 0 MDT}. {909302400 -25200 0 MST}. {923216400 -21600 1 MDT}. {941356800 -25200 0 MST}. {954666000 -21600 1 MDT}. {972806400 -25200 0 MST}. {989139600 -21600 1 MDT}. {1001836800 -25200 0 MST}. {1018170000 -21600 1 MDT}. {1035705600 -25200 0 MST}. {1049619600 -21600 1 MDT}. {1067155200 -25200 0 MST}. {1081069200 -21600 1 MDT}. {1099209600 -25200 0 MST}. {1112518800 -21600 1 MDT}. {1130659200 -25200 0 MST}. {1143968400 -21600 1 MDT}. {1162108800 -25
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\America\Coral_Harbour
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):193
          Entropy (8bit):4.822360211437507
          Encrypted:false
          SSDEEP:6:SlSWB9IZaM3y7/qlfSwFVAIgp/qlfAvt2909qEac90/qlfu:MBaIMY/TwQp/tvt290Fac90/j
          MD5:2541EC94D1EA371AB1361118EEC98CC6
          SHA1:950E460C1BB680B591BA3ADA0CAA73EF07C229FE
          SHA-256:50E6EE06C0218FF19D5679D539983CEB2349E5D25F67FD05E142921431DC63D6
          SHA-512:2E6B66815565A9422015CAB8E972314055DC4141B5C21B302ABD671F30D0FBAE1A206F3474409826B65C30EDBEDD46E92A99251AB6316D59B09FC5A8095E7562
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Atikokan)]} {. LoadTimeZoneFile America/Atikokan.}.set TZData(:America/Coral_Harbour) $TZData(:America/Atikokan).
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\America\Cordoba
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):214
          Entropy (8bit):4.74004515366486
          Encrypted:false
          SSDEEP:6:SlSWB9IZaM3y7/MdVAIgp/MOF29093+90/Msn:MBaIMY/M4p/MOF290c90/Ms
          MD5:89870B2001C2EE737755A692E7CA2F18
          SHA1:F67F6C22BF681C105068BEEB494A59B3809C5ED8
          SHA-256:38C3DD7DAF75DBF0179DBFC387CE7E64678232497AF0DACF35DC76050E9424F7
          SHA-512:EFA8A5A90BE6FAAA7C6F5F39CBBBA3C7D44C7943E1BB1B0F7E966FEE4F00F0E4BF1D999A377D4E5230271B120B059EB020BD93E7DA46CF1FFA54AB13D7EC3FFE
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Argentina/Cordoba)]} {. LoadTimeZoneFile America/Argentina/Cordoba.}.set TZData(:America/Cordoba) $TZData(:America/Argentina/Cordoba).
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\America\Costa_Rica
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):416
          Entropy (8bit):4.443696146912203
          Encrypted:false
          SSDEEP:12:MBp5290l0TmdHd5PZ6kibvI8/uFn/mSU/uFn/i/uFn/4Y8/uFn//DVn:cQmAed9Z6n5Sn/mtSn/iSn/4JSn/bh
          MD5:D47A1FBA5AD701E1CA168A356D0DA0A9
          SHA1:6738EA6B4F54CC76B9723917AA373034F6865AF1
          SHA-256:51F08C1671F07D21D69E2B7868AA5B9BDBFA6C31D57EB84EB5FF37A06002C5CD
          SHA-512:DB6AD81466500F22820941DF3369155BA03CFA42FA9D267984A28A6D15F88E1A71625E3DC578370B5F97727355EBB7C338482FA33A7701ADB85A160C09BAD232
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit..set TZData(:America/Costa_Rica) {. {-9223372036854775808 -20173 0 LMT}. {-2524501427 -20173 0 SJMT}. {-1545071027 -21600 0 CST}. {288770400 -18000 1 CDT}. {297234000 -21600 0 CST}. {320220000 -18000 1 CDT}. {328683600 -21600 0 CST}. {664264800 -18000 1 CDT}. {678344400 -21600 0 CST}. {695714400 -18000 1 CDT}. {700635600 -21600 0 CST}.}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\America\Creston
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):211
          Entropy (8bit):4.798554218839104
          Encrypted:false
          SSDEEP:6:SlSWB9X52909ovTm2OHpcHvvPagcyEXC/vHcQCi:MBp52900mdHpcHPagPECvHl
          MD5:9E3726148A53940507998FA1A5EEE6DB
          SHA1:2493B72DF895ED2AE91D09D43BDDADDB41E4DEBC
          SHA-256:E809F227E92542C6FB4BAC82E6079661EEF7700964079AA4D7E289B5B400EC49
          SHA-512:F5ED4085160A06DE672DB93CEE700C420D0438DE9AC3548B291DA236AA8CCC84F97270DA3956E49432AE1E281CCECEB6DF92E71EB305106655B4DF231E04B558
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit..set TZData(:America/Creston) {. {-9223372036854775808 -27964 0 LMT}. {-2713882436 -25200 0 MST}. {-1680454800 -28800 0 PST}. {-1627833600 -25200 0 MST}.}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\America\Cuiaba
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):7646
          Entropy (8bit):3.4194836403778353
          Encrypted:false
          SSDEEP:192:+lD7ZYOtu7D/fVLF5H1RuSFuY66DCVDAWicDqRp5RepgK3i8kmmkniko1Kg+R4hu:3jF17vArp
          MD5:7309EBE8210C3C84C24D459289484EFA
          SHA1:31EFE19E3CA2DB512C7AC9CAFD72991EF0517FD3
          SHA-256:FE7543FF576D7EDC3A3FF82759E5C244DE8EB57A95744E20610CEDF6E29AB4C9
          SHA-512:41C94E4093F015B61ACEFCEA067C101AA1ECB855789CFDB8FA4D17589D20868FB7A1456D21C90B5261445D970E5E7F134CBAF17EA926278C9E6DFC471D29F896
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit..set TZData(:America/Cuiaba) {. {-9223372036854775808 -13460 0 LMT}. {-1767212140 -14400 0 -04}. {-1206954000 -10800 1 -04}. {-1191358800 -14400 0 -04}. {-1175371200 -10800 1 -04}. {-1159822800 -14400 0 -04}. {-633816000 -10800 1 -04}. {-622065600 -14400 0 -04}. {-602280000 -10800 1 -04}. {-591829200 -14400 0 -04}. {-570744000 -10800 1 -04}. {-560206800 -14400 0 -04}. {-539121600 -10800 1 -04}. {-531349200 -14400 0 -04}. {-191361600 -10800 1 -04}. {-184194000 -14400 0 -04}. {-155160000 -10800 1 -04}. {-150066000 -14400 0 -04}. {-128894400 -10800 1 -04}. {-121122000 -14400 0 -04}. {-99950400 -10800 1 -04}. {-89586000 -14400 0 -04}. {-68414400 -10800 1 -04}. {-57963600 -14400 0 -04}. {499752000 -10800 1 -04}. {511239600 -14400 0 -04}. {530596800 -10800 1 -04}. {540270000 -14400 0 -04}. {562132800 -10800 1 -04}. {571201200 -14400 0 -04}. {592977600 -1080
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\America\Curacao
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):181
          Entropy (8bit):4.858195118945703
          Encrypted:false
          SSDEEP:3:SlEVFRKvJT8QFx52IAcGE9CvjEwcXGm2OHCevUd5xF9vFVFIVgYd/iQG3VFpRR/r:SlSWB9X52909C4wTm2OHjyxzFQVgIUFp
          MD5:CE0F18F27502E771B27236C5BF7D3317
          SHA1:D2E68415B8544A8BAC2A4F335854FC048BD4B34C
          SHA-256:118EC9D89937FDA05FCE45F694F8C3841664BBE9DFADB86347B375BF437F9BD6
          SHA-512:B04B5DAB30384FF05ABFC235DA4F9BFE96F400076DEB7CBBA0938F93E66BFF5E86B18E95E9BC0448D812722C8F2D4AFD78AC75180FD80D992F96DFA0CEC156AC
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit..set TZData(:America/Curacao) {. {-9223372036854775808 -16547 0 LMT}. {-1826738653 -16200 0 -0430}. {-157750200 -14400 0 AST}.}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\America\Danmarkshavn
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1089
          Entropy (8bit):3.793747183330894
          Encrypted:false
          SSDEEP:24:cQZefXQgiu2kPIw1Dtc7UXxH9vC0gdtiyW8RWK79ET7cSXKIuXvY:52XQgiu2kgw1DtuyxdvC0gdtiyW8RB7S
          MD5:E83072C1351121C5CFD74E110ECA9B4B
          SHA1:360B468851EBFF266E4A8F40FE5D196BC6809E65
          SHA-256:6A12AD52CBCF0B3F8BB449C7BC51A784BE560F4BD13545D04426E76B2511D8F9
          SHA-512:539C53AA1D02E3AABF65873CA830782697AC9D55EC6694B68B95C325608F8703882B1182215D2B4E2B6066784AC880BCF0F4EBC5A72B2E637BD9B2C3A61D2979
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit..set TZData(:America/Danmarkshavn) {. {-9223372036854775808 -4480 0 LMT}. {-1686091520 -10800 0 -03}. {323845200 -7200 0 -02}. {338950800 -10800 0 -03}. {354675600 -7200 1 -02}. {370400400 -10800 0 -03}. {386125200 -7200 1 -02}. {401850000 -10800 0 -03}. {417574800 -7200 1 -02}. {433299600 -10800 0 -03}. {449024400 -7200 1 -02}. {465354000 -10800 0 -03}. {481078800 -7200 1 -02}. {496803600 -10800 0 -03}. {512528400 -7200 1 -02}. {528253200 -10800 0 -03}. {543978000 -7200 1 -02}. {559702800 -10800 0 -03}. {575427600 -7200 1 -02}. {591152400 -10800 0 -03}. {606877200 -7200 1 -02}. {622602000 -10800 0 -03}. {638326800 -7200 1 -02}. {654656400 -10800 0 -03}. {670381200 -7200 1 -02}. {686106000 -10800 0 -03}. {701830800 -7200 1 -02}. {717555600 -10800 0 -03}. {733280400 -7200 1 -02}. {749005200 -10800 0 -03}. {764730000 -7200 1 -02}. {780454800 -10800 0
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\America\Dawson
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):7609
          Entropy (8bit):3.785302701923574
          Encrypted:false
          SSDEEP:96:nxr+C2ZCHtffWsBNwj/lpmlOxGcKcnRH31t+ucgge:nx/Nf+aNwj/lpmlOxnKcndIG
          MD5:4DBA9C83ECAD5B5A099CC1AA78D391B0
          SHA1:FFCC77D7964BD16BD8A554FB437BCF4F2FC8958E
          SHA-256:3A89A6834DDBE4A3A6A1CB8C1A1F9579259E7FD6C6C55DE21DCD4807753D8E48
          SHA-512:21212AFE8917C0F3BBED433B510C4FCE671B0DA887A1C7338A18CD5409B1A95E766510A9E636E5AA3AB0BA21D7D2C00A462FEBB10D4567A343B85AFE6A3E2394
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit..set TZData(:America/Dawson) {. {-9223372036854775808 -33460 0 LMT}. {-2188996940 -32400 0 YST}. {-1632056400 -28800 1 YDT}. {-1615125600 -32400 0 YST}. {-1596978000 -28800 1 YDT}. {-1583164800 -32400 0 YST}. {-880203600 -28800 1 YWT}. {-769395600 -28800 1 YPT}. {-765381600 -32400 0 YST}. {-147884400 -25200 1 YDDT}. {-131554800 -32400 0 YST}. {315561600 -28800 0 PST}. {325677600 -25200 1 PDT}. {341398800 -28800 0 PST}. {357127200 -25200 1 PDT}. {372848400 -28800 0 PST}. {388576800 -25200 1 PDT}. {404902800 -28800 0 PST}. {420026400 -25200 1 PDT}. {436352400 -28800 0 PST}. {452080800 -25200 1 PDT}. {467802000 -28800 0 PST}. {483530400 -25200 1 PDT}. {499251600 -28800 0 PST}. {514980000 -25200 1 PDT}. {530701200 -28800 0 PST}. {544615200 -25200 1 PDT}. {562150800 -28800 0 PST}. {576064800 -25200 1 PDT}. {594205200 -28800 0 PST}. {607514400 -25200 1 PDT}
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\America\Dawson_Creek
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1876
          Entropy (8bit):3.9458112723626755
          Encrypted:false
          SSDEEP:24:cQ4eJ58IlJ14RsT8X+km8VnynhBZ2c4Y+O4A5W5xDICW2n7oZA8QZFaIOvkty1H2:5DH0yIRkf12fZGJ5LB6xfZ89Y
          MD5:D7E4978775F290809B7C042674F46903
          SHA1:E94DB1EBB6A1594ED1A5AEA48B52395482D06085
          SHA-256:2E6CFFE8E0C1FE93F55B1BD01F96AA1F3CE645BC802C061CB4917318E30C4494
          SHA-512:1FF3CD58A4C4DEC7538F0816E93E6577C51B0045CF36190FF4D327E81FB8282ADDB0EF20BD78A838ABD507EBAD1C187F2A20CC7840E2325B9C326EC449897B45
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit..set TZData(:America/Dawson_Creek) {. {-9223372036854775808 -28856 0 LMT}. {-2713881544 -28800 0 PST}. {-1632060000 -25200 1 PDT}. {-1615129200 -28800 0 PST}. {-880207200 -25200 1 PWT}. {-769395600 -25200 1 PPT}. {-765385200 -28800 0 PST}. {-725817600 -28800 0 PST}. {-715788000 -25200 1 PDT}. {-702486000 -28800 0 PST}. {-684338400 -25200 1 PDT}. {-671036400 -28800 0 PST}. {-652888800 -25200 1 PDT}. {-639586800 -28800 0 PST}. {-620834400 -25200 1 PDT}. {-608137200 -28800 0 PST}. {-589384800 -25200 1 PDT}. {-576082800 -28800 0 PST}. {-557935200 -25200 1 PDT}. {-544633200 -28800 0 PST}. {-526485600 -25200 1 PDT}. {-513183600 -28800 0 PST}. {-495036000 -25200 1 PDT}. {-481734000 -28800 0 PST}. {-463586400 -25200 1 PDT}. {-450284400 -28800 0 PST}. {-431532000 -25200 1 PDT}. {-418230000 -28800 0 PST}. {-400082400 -25200 1 PDT}. {-386780400 -28800 0 PST}. {-
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\America\Denver
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):8629
          Entropy (8bit):3.76966035849006
          Encrypted:false
          SSDEEP:96:4cGbc2sGm+4I1zXN+C2mWBNQMsmNTxf6AeO+cblX:4c2dVUC2mWBNwWTxyWR
          MD5:F641A7F5DE8FCF4ADC1E5A1A2C9DEC53
          SHA1:B013EBBE8002C91C0C45A2D389245A1A9194077A
          SHA-256:DF5459068DB3C771E41BE8D62FB89A2822CB2A33CF9A5640C6C666AB20ECE608
          SHA-512:C2EA07FF21FD6D1A45A87C6AD85DD3929C2B56E66A52D23103DDFF7B2B3B6433EC5EBFC17BED0F9C0A9AF036F0DF965E12EA3D4463207A128AEF5F6BC12970D7
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit..set TZData(:America/Denver) {. {-9223372036854775808 -25196 0 LMT}. {-2717643600 -25200 0 MST}. {-1633273200 -21600 1 MDT}. {-1615132800 -25200 0 MST}. {-1601823600 -21600 1 MDT}. {-1583683200 -25200 0 MST}. {-1577898000 -25200 0 MST}. {-1570374000 -21600 1 MDT}. {-1551628800 -25200 0 MST}. {-1538924400 -21600 1 MDT}. {-1534089600 -25200 0 MST}. {-883587600 -25200 0 MST}. {-880210800 -21600 1 MWT}. {-769395600 -21600 1 MPT}. {-765388800 -25200 0 MST}. {-757357200 -25200 0 MST}. {-147884400 -21600 1 MDT}. {-131558400 -25200 0 MST}. {-116434800 -21600 1 MDT}. {-100108800 -25200 0 MST}. {-94669200 -25200 0 MST}. {-84380400 -21600 1 MDT}. {-68659200 -25200 0 MST}. {-52930800 -21600 1 MDT}. {-37209600 -25200 0 MST}. {-21481200 -21600 1 MDT}. {-5760000 -25200 0 MST}. {9968400 -21600 1 MDT}. {25689600 -25200 0 MST}. {41418000 -21600 1 MDT}. {57744000 -25200
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\America\Detroit
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):8010
          Entropy (8bit):3.742999180017181
          Encrypted:false
          SSDEEP:96:FVzApQaC3Xm8sHRwvOTFhP5S+ijFnRaJeaX1eyDt:FVspQrn+qvOTFhPI1jFIL
          MD5:177B0815E8BD6BFA6E62895FE12A61E5
          SHA1:EC2400FA644023D6B3100B52381DB65EAF2606F0
          SHA-256:402EC5AB0E99EF6EBB33F4D482EEA5198EC686C7EAE75FC4F7D9B4EF4AC0A9E9
          SHA-512:CFA4226A21FDB23C723335F7385EA15436D8A0752EE50C67DA4C1D839BFFD4792EE9AB6E408498CD06C6B8A99A96E95E0B591F7EA17B41C1895ED396438C6D5A
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit..set TZData(:America/Detroit) {. {-9223372036854775808 -19931 0 LMT}. {-2051202469 -21600 0 CST}. {-1724083200 -18000 0 EST}. {-883594800 -18000 0 EST}. {-880218000 -14400 1 EWT}. {-769395600 -14400 1 EPT}. {-765396000 -18000 0 EST}. {-757364400 -18000 0 EST}. {-684349200 -14400 1 EDT}. {-671047200 -18000 0 EST}. {94712400 -18000 0 EST}. {104914800 -14400 1 EDT}. {120636000 -18000 0 EST}. {126687600 -14400 1 EDT}. {152085600 -18000 0 EST}. {157784400 -18000 0 EST}. {167814000 -14400 0 EDT}. {183535200 -18000 0 EST}. {199263600 -14400 1 EDT}. {215589600 -18000 0 EST}. {230713200 -14400 1 EDT}. {247039200 -18000 0 EST}. {262767600 -14400 1 EDT}. {278488800 -18000 0 EST}. {294217200 -14400 1 EDT}. {309938400 -18000 0 EST}. {325666800 -14400 1 EDT}. {341388000 -18000 0 EST}. {357116400 -14400 1 EDT}. {372837600 -18000 0 EST}. {388566000 -14400 1 EDT}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\America\Dominica
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):203
          Entropy (8bit):4.856609165175433
          Encrypted:false
          SSDEEP:6:SlSWB9IZaM3y7eoFVAIgpeX290TL3290e/:MBaIMY9QpI290Tr290O
          MD5:F85ADC16127A74C9B35D16C631E11F4F
          SHA1:F7716E20F546AA04697FB0F4993A14BAFDD1825E
          SHA-256:67ACF237962E3D12E0C746AEDC7CDBC8579DC7C0A7998AC6B6E169C58A687C17
          SHA-512:89E8F9DC6A306912B2DAEE77705E2DCD76E32F403352C23ED6BE34F8BEBB12C3604C20DA11DB921553D20E3FC43EC7984C7103D8D1396AB83B104E70BA6D13B1
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Port_of_Spain)]} {. LoadTimeZoneFile America/Port_of_Spain.}.set TZData(:America/Dominica) $TZData(:America/Port_of_Spain).
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\America\Edmonton
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):8435
          Entropy (8bit):3.7724320820194475
          Encrypted:false
          SSDEEP:96:7tGVgeb0Gm+qI1zXN+C2mWBNQMsmNTxf6AeO+cblX:7heJ/UC2mWBNwWTxyWR
          MD5:FECBDD64036247B2FBB723ADD8F798F6
          SHA1:60B1719958AD6151CDB174A319A396D5F48C7CF1
          SHA-256:EC95041E0A97B37A60EF16A6FA2B6BCB1EBEFABBC9468B828D0F467595132BC2
          SHA-512:7CF94EC5040F4C8FA3C6ED30CFDAB59A199C18AA0CDA9A66D1A477F15563D2B7CB872CEEF1E2295E0F3B9A85508A03AEC29E3ECEBE11D9B089A92794D510BA00
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit..set TZData(:America/Edmonton) {. {-9223372036854775808 -27232 0 LMT}. {-1998663968 -25200 0 MST}. {-1632063600 -21600 1 MDT}. {-1615132800 -25200 0 MST}. {-1600614000 -21600 1 MDT}. {-1596816000 -25200 0 MST}. {-1567954800 -21600 1 MDT}. {-1551628800 -25200 0 MST}. {-1536505200 -21600 1 MDT}. {-1523203200 -25200 0 MST}. {-1504450800 -21600 1 MDT}. {-1491753600 -25200 0 MST}. {-1473001200 -21600 1 MDT}. {-1459699200 -25200 0 MST}. {-880210800 -21600 1 MWT}. {-769395600 -21600 1 MPT}. {-765388800 -25200 0 MST}. {-715791600 -21600 1 MDT}. {-702489600 -25200 0 MST}. {-84380400 -21600 1 MDT}. {-68659200 -25200 0 MST}. {-21481200 -21600 1 MDT}. {-5760000 -25200 0 MST}. {73472400 -21600 1 MDT}. {89193600 -25200 0 MST}. {104922000 -21600 1 MDT}. {120643200 -25200 0 MST}. {136371600 -21600 1 MDT}. {152092800 -25200 0 MST}. {167821200 -21600 1 MDT}. {183542400
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\America\Eirunepe
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1189
          Entropy (8bit):3.7118381376452767
          Encrypted:false
          SSDEEP:24:cQOX9eptXyss/u/C5/ukCI/uiCk/u8CHe/uOCXs/um4Co/uN3Cc/ux8CL/uiFCyL:5OXUCs5IlTToo4mdGFtapG8dtedJ9fO2
          MD5:D6945DF73BA7E12D3B23889CC34F6CFB
          SHA1:8C1317F3EF82225A14751318DFDA8904F908C457
          SHA-256:71F15943EAD942224B8807CCBB21F9AE34F04619FD76176404633BDB49D9E88C
          SHA-512:088C2D7BE44650A044B7632337A1FF8C3CF8A6188F24507C846B9B648FE796466B22D4A322B602B75C2943653FC43C7B9A99AE0AACF9AB7BCC86388EC3953F8A
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit..set TZData(:America/Eirunepe) {. {-9223372036854775808 -16768 0 LMT}. {-1767208832 -18000 0 -05}. {-1206950400 -14400 1 -05}. {-1191355200 -18000 0 -05}. {-1175367600 -14400 1 -05}. {-1159819200 -18000 0 -05}. {-633812400 -14400 1 -05}. {-622062000 -18000 0 -05}. {-602276400 -14400 1 -05}. {-591825600 -18000 0 -05}. {-570740400 -14400 1 -05}. {-560203200 -18000 0 -05}. {-539118000 -14400 1 -05}. {-531345600 -18000 0 -05}. {-191358000 -14400 1 -05}. {-184190400 -18000 0 -05}. {-155156400 -14400 1 -05}. {-150062400 -18000 0 -05}. {-128890800 -14400 1 -05}. {-121118400 -18000 0 -05}. {-99946800 -14400 1 -05}. {-89582400 -18000 0 -05}. {-68410800 -14400 1 -05}. {-57960000 -18000 0 -05}. {499755600 -14400 1 -05}. {511243200 -18000 0 -05}. {530600400 -14400 1 -05}. {540273600 -18000 0 -05}. {562136400 -14400 1 -05}. {571204800 -18000 0 -05}. {590040000 -18
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\America\El_Salvador
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):269
          Entropy (8bit):4.7060952459188305
          Encrypted:false
          SSDEEP:6:SlSWB9X529078iwTm2OHvJ4YRIgdrV/uFn/acD3/uFn/sVn:MBp5290785mdHx4YlB/uFn/z/uFn/U
          MD5:77BE2E0759A3B7227B4DAC601A670D03
          SHA1:1FB09211F291E5B1C5CC9848EB53106AF48EE830
          SHA-256:40994535FE02326EA9E373F54CB60804BA7AE7162B52EA5F73497E7F72F2D482
          SHA-512:EB5E6A4A912053E399F6225A02DDC524A223D4A5724165CAD9009F1FA10B042F971E52CE17B395A86BC80FCC6897FD2CCC3B00708506FEF39E4D71812F5DF595
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit..set TZData(:America/El_Salvador) {. {-9223372036854775808 -21408 0 LMT}. {-1546279392 -21600 0 CST}. {547020000 -18000 1 CDT}. {559717200 -21600 0 CST}. {578469600 -18000 1 CDT}. {591166800 -21600 0 CST}.}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\America\Ensenada
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):185
          Entropy (8bit):4.786739478919165
          Encrypted:false
          SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqx0qfSwVAIg20qfo2IAcGE7JM7QIAcGEqfu:SlSWB9IZaM3y7eHVAIgpeo2907390eu
          MD5:74AB4664E80A145D808CAB004A22859B
          SHA1:2AF7665C4E155A227B3F76D1C4BC87854C25A6CB
          SHA-256:BDD0893AA5D170F388B1E93CE5FE2EDF438866707E52033E49898AFC499F86C5
          SHA-512:CCC2E75E07BA1CAAFD1149A22D07668D191594272922AA2A1CE6DE628A8FF49AD90AA8BFE75C005328820C700B991AD87A6F40DEB5AD519B2708D8F7BF04E5A0
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Tijuana)]} {. LoadTimeZoneFile America/Tijuana.}.set TZData(:America/Ensenada) $TZData(:America/Tijuana).
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\America\Fort_Nelson
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):4427
          Entropy (8bit):3.8109873978594053
          Encrypted:false
          SSDEEP:48:5aIl06OIRkf12fZGJ5LB6xfZ89Cf5udCLA9ZClqs/K+ff0t9:sIlWf/5LB6xR89C8CgZCHtffW9
          MD5:90BBD338049233FAC5596CC63AA0D5B6
          SHA1:D96282F5B57CBF823D5A1C1FDDE7907B74DAD770
          SHA-256:DD21597BA97FD6591750E83CC00773864D658F32653017C4B52285670FFE52E3
          SHA-512:3B0F5801E55EBBB7B4C0F74DDBD3469B8F4C2BFC1B44CC80B0D36DA2152C837C8176695945F61FA75664C04F1266BCA0564815307A2C27E783CD3348C4451E4A
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit..set TZData(:America/Fort_Nelson) {. {-9223372036854775808 -29447 0 LMT}. {-2713880953 -28800 0 PST}. {-1632060000 -25200 1 PDT}. {-1615129200 -28800 0 PST}. {-880207200 -25200 1 PWT}. {-769395600 -25200 1 PPT}. {-765385200 -28800 0 PST}. {-757353600 -28800 0 PST}. {-725817600 -28800 0 PST}. {-715788000 -25200 1 PDT}. {-702486000 -28800 0 PST}. {-684338400 -25200 1 PDT}. {-671036400 -28800 0 PST}. {-652888800 -25200 1 PDT}. {-639586800 -28800 0 PST}. {-620834400 -25200 1 PDT}. {-608137200 -28800 0 PST}. {-589384800 -25200 1 PDT}. {-576082800 -28800 0 PST}. {-557935200 -25200 1 PDT}. {-544633200 -28800 0 PST}. {-526485600 -25200 1 PDT}. {-513183600 -28800 0 PST}. {-495036000 -25200 1 PDT}. {-481734000 -28800 0 PST}. {-463586400 -25200 1 PDT}. {-450284400 -28800 0 PST}. {-431532000 -25200 1 PDT}. {-418230000 -28800 0 PST}. {-400082400 -25200 1 PDT}. {-3
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\America\Fort_Wayne
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):226
          Entropy (8bit):4.730673843485836
          Encrypted:false
          SSDEEP:6:SlSWB9IZaM3y73GK7mFVAIgp3GKBL290HXYAp4903GK1:MBaIMY3GK7Hp3GKBL290Hz4903GK1
          MD5:4685E4E850E0B6669F72B8E1B4314A0A
          SHA1:BC6CCD58A2977A1E125B21D7B8FD57E800E624E1
          SHA-256:D35F335D6F575F95CEA4FF53382C0BE0BE94BE7EB8B1E0CA3B7C50E8F7614E4E
          SHA-512:867003B33A5FC6E42D546FBFC7A8AB351DE72232B89BA1BEC6DB566F6DCE135E65C08DE9112837190EB21D677E2F83E7E0F6049EC70CB9E36F223DE3A68E000A
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Indiana/Indianapolis)]} {. LoadTimeZoneFile America/Indiana/Indianapolis.}.set TZData(:America/Fort_Wayne) $TZData(:America/Indiana/Indianapolis).
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\America\Fortaleza
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1375
          Entropy (8bit):3.695923796037783
          Encrypted:false
          SSDEEP:24:cQVeVc4h1u80V2dBUGphmC17ewGtN3rvIh0VBHZDIOXqWoN:5b4h19U2dBUGrmO7XGtN3kh0VBHZUwqX
          MD5:2BCCE3C71898F3D7F2327419950C5838
          SHA1:CE45568E951C227CB3D88D20B337E5E1E1D4B1EF
          SHA-256:AA2CF8DA8D63FC4DE912A4F220CF7E49379021F5E51ABA1AFCFC7C9164D5A381
          SHA-512:420066E5D39446AA53547CBF1A015A4745F02D1059B2530B7735AC4C28BD2BFC431AEB7531C2C49C2BDF8E31405F15717D88DE0DE3F5F42BAA96A8289A014D06
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit..set TZData(:America/Fortaleza) {. {-9223372036854775808 -9240 0 LMT}. {-1767216360 -10800 0 -03}. {-1206957600 -7200 1 -03}. {-1191362400 -10800 0 -03}. {-1175374800 -7200 1 -03}. {-1159826400 -10800 0 -03}. {-633819600 -7200 1 -03}. {-622069200 -10800 0 -03}. {-602283600 -7200 1 -03}. {-591832800 -10800 0 -03}. {-570747600 -7200 1 -03}. {-560210400 -10800 0 -03}. {-539125200 -7200 1 -03}. {-531352800 -10800 0 -03}. {-191365200 -7200 1 -03}. {-184197600 -10800 0 -03}. {-155163600 -7200 1 -03}. {-150069600 -10800 0 -03}. {-128898000 -7200 1 -03}. {-121125600 -10800 0 -03}. {-99954000 -7200 1 -03}. {-89589600 -10800 0 -03}. {-68418000 -7200 1 -03}. {-57967200 -10800 0 -03}. {499748400 -7200 1 -03}. {511236000 -10800 0 -03}. {530593200 -7200 1 -03}. {540266400 -10800 0 -03}. {562129200 -7200 1 -03}. {571197600 -10800 0 -03}. {592974000 -7200 1 -03}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\America\Glace_Bay
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):8099
          Entropy (8bit):3.737123408653655
          Encrypted:false
          SSDEEP:192:C1V2eXXnqvlrPGgFEUlpde9pXbO53oVmM7IEc2fVGYu2yeB/T/eleWmBk81kS/kQ:CDJv
          MD5:3A839112950BFDFD3B5FBD440A2981E4
          SHA1:FFDF034F7E26647D1C18C1F6C49C776AD5BA93ED
          SHA-256:3D0325012AB7076FB31A68E33EE0EABC8556DFA78FBA16A3E41F986D523858FF
          SHA-512:1E06F4F607252C235D2D69E027D7E0510027D8DB0EE49CF291C39D6FD010868EF6899437057DA489DD30981949243DDFA6599FD07CE80E05A1994147B78A76CE
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit..set TZData(:America/Glace_Bay) {. {-9223372036854775808 -14388 0 LMT}. {-2131646412 -14400 0 AST}. {-1632074400 -10800 1 ADT}. {-1615143600 -14400 0 AST}. {-880221600 -10800 1 AWT}. {-769395600 -10800 1 APT}. {-765399600 -14400 0 AST}. {-536443200 -14400 0 AST}. {-526500000 -10800 1 ADT}. {-513198000 -14400 0 AST}. {-504907200 -14400 0 AST}. {63086400 -14400 0 AST}. {73461600 -10800 1 ADT}. {89182800 -14400 0 AST}. {104911200 -10800 1 ADT}. {120632400 -14400 0 AST}. {126244800 -14400 0 AST}. {136360800 -10800 1 ADT}. {152082000 -14400 0 AST}. {167810400 -10800 1 ADT}. {183531600 -14400 0 AST}. {199260000 -10800 1 ADT}. {215586000 -14400 0 AST}. {230709600 -10800 1 ADT}. {247035600 -14400 0 AST}. {262764000 -10800 1 ADT}. {278485200 -14400 0 AST}. {294213600 -10800 1 ADT}. {309934800 -14400 0 AST}. {325663200 -10800 1 ADT}. {341384400 -14400 0 AST}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\America\Godthab
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):7186
          Entropy (8bit):3.4539479411234977
          Encrypted:false
          SSDEEP:192:HzC1RFbvHQbnRJ2N+f4hQAa3/paCxwPQg07VvN/W5ylGiGJ3G5cGKQWaT7dZV4gF:t5lfDARzJXC
          MD5:F7C502D77495455080AC3125CE2B42EA
          SHA1:B4883AF71068903AFA372DBFA9E73A39B658A8FF
          SHA-256:058FBB47D5CD3001C0E5A0B5D92ACE1F8A720527A673A78AB71925198AC0ACA1
          SHA-512:B0361D7FB7B02C996B9E608F9B8B1D8DB76FC7D298FA9AC841C4C51A0469FF05A06E0F7829E6C7D810D13BDF3B792A9547B70F6721CA9D7544CBD94028364CAB
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit..set TZData(:America/Godthab) {. {-9223372036854775808 -12416 0 LMT}. {-1686083584 -10800 0 -03}. {323845200 -7200 0 -02}. {338950800 -10800 0 -03}. {354675600 -7200 1 -02}. {370400400 -10800 0 -03}. {386125200 -7200 1 -02}. {401850000 -10800 0 -03}. {417574800 -7200 1 -02}. {433299600 -10800 0 -03}. {449024400 -7200 1 -02}. {465354000 -10800 0 -03}. {481078800 -7200 1 -02}. {496803600 -10800 0 -03}. {512528400 -7200 1 -02}. {528253200 -10800 0 -03}. {543978000 -7200 1 -02}. {559702800 -10800 0 -03}. {575427600 -7200 1 -02}. {591152400 -10800 0 -03}. {606877200 -7200 1 -02}. {622602000 -10800 0 -03}. {638326800 -7200 1 -02}. {654656400 -10800 0 -03}. {670381200 -7200 1 -02}. {686106000 -10800 0 -03}. {701830800 -7200 1 -02}. {717555600 -10800 0 -03}. {733280400 -7200 1 -02}. {749005200 -10800 0 -03}. {764730000 -7200 1 -02}. {780454800 -10800 0 -03
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\America\Goose_Bay
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):10015
          Entropy (8bit):3.780383775128893
          Encrypted:false
          SSDEEP:192:z9zdvd8mSGDcfnrpbXXMqvlrPGgFEUlpd8ESeYPiVFuT/eleWmBk81kS/kV6kefD:z9zdvd7SGgcESeYPiV2Jv
          MD5:77DEEF08876F92042F71E1DEFA666857
          SHA1:7E21B51B3ED8EBEB85193374174C6E2BCA7FEB7F
          SHA-256:87E9C6E265BFA58885FBEC128263D5E5D86CC32B8FFEDECAFE96F773192C18BE
          SHA-512:C9AB8C9147354A388AEC5FE04C6C5317481478A07893461706CDC9FD5B42E31733EAC01C95C357F3C5DC3556C49F20374F58A6E0A120755D5E96744DE3A95A81
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit..set TZData(:America/Goose_Bay) {. {-9223372036854775808 -14500 0 LMT}. {-2713895900 -12652 0 NST}. {-1640982548 -12652 0 NST}. {-1632076148 -9052 1 NDT}. {-1615145348 -12652 0 NST}. {-1609446548 -12652 0 NST}. {-1096921748 -12600 0 NST}. {-1072989000 -12600 0 NST}. {-1061670600 -9000 1 NDT}. {-1048973400 -12600 0 NST}. {-1030221000 -9000 1 NDT}. {-1017523800 -12600 0 NST}. {-998771400 -9000 1 NDT}. {-986074200 -12600 0 NST}. {-966717000 -9000 1 NDT}. {-954624600 -12600 0 NST}. {-935267400 -9000 1 NDT}. {-922570200 -12600 0 NST}. {-903817800 -9000 1 NDT}. {-891120600 -12600 0 NST}. {-872368200 -9000 0 NWT}. {-769395600 -9000 1 NPT}. {-765401400 -12600 0 NST}. {-757369800 -12600 0 NST}. {-746044200 -9000 1 NDT}. {-733347000 -12600 0 NST}. {-714594600 -9000 1 NDT}. {-701897400 -12600 0 NST}. {-683145000 -9000 1 NDT}. {-670447800 -12600 0 NST}. {-6516954
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\America\Grand_Turk
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):7307
          Entropy (8bit):3.755018614919114
          Encrypted:false
          SSDEEP:96:hrZaC3Xm8sHRyvOTFhP5S+ijFnRaJeaX1eyDt:htrn+cvOTFhPI1jFIL
          MD5:8582299C1262010B6843306D65DB436C
          SHA1:70DB6B507D7F51B1E2C96E087CD7987EB69E9A1D
          SHA-256:7CFBA4D1B1E6106A0EC6D6B5600791D6A33AD527B7D47325C3AB9524B17B1829
          SHA-512:CC12912C38D85B23242C69211BA2B58167C55836D51DB02E6D820CDBD6368F835893AF656FC81F73EA745FD786E9134EC4A3E8D325D1515A01540E8A7EBEF03B
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit..set TZData(:America/Grand_Turk) {. {-9223372036854775808 -17072 0 LMT}. {-2524504528 -18430 0 KMT}. {-1827687170 -18000 0 EST}. {284014800 -18000 0 EST}. {294217200 -14400 1 EDT}. {309938400 -18000 0 EST}. {325666800 -14400 1 EDT}. {341388000 -18000 0 EST}. {357116400 -14400 1 EDT}. {372837600 -18000 0 EST}. {388566000 -14400 1 EDT}. {404892000 -18000 0 EST}. {420015600 -14400 1 EDT}. {436341600 -18000 0 EST}. {452070000 -14400 1 EDT}. {467791200 -18000 0 EST}. {483519600 -14400 1 EDT}. {499240800 -18000 0 EST}. {514969200 -14400 1 EDT}. {530690400 -18000 0 EST}. {544604400 -14400 1 EDT}. {562140000 -18000 0 EST}. {576054000 -14400 1 EDT}. {594194400 -18000 0 EST}. {607503600 -14400 1 EDT}. {625644000 -18000 0 EST}. {638953200 -14400 1 EDT}. {657093600 -18000 0 EST}. {671007600 -14400 1 EDT}. {688543200 -18000 0 EST}. {702457200 -14400 1 EDT}. {71
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\America\Grenada
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):202
          Entropy (8bit):4.877543794488217
          Encrypted:false
          SSDEEP:6:SlSWB9IZaM3y7eoFVAIgpeX2905Qb90e/:MBaIMY9QpI290Ob90O
          MD5:C62E81B423F5BA10709D331FEBAB1839
          SHA1:F7BC5E7055E472DE33DED5077045F680843B1AA7
          SHA-256:0806C0E907DB13687BBAD2D22CEF5974D37A407D00E0A97847EC12AF972BCFF3
          SHA-512:7D7090C3A6FEBE67203EB18E06717B39EC62830757BAD5A40E0A7F97572ABB81E81CAB614AA4CD3089C3787DAA6293D6FED0137BB57EF3AE358A92FCDDCF52A8
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Port_of_Spain)]} {. LoadTimeZoneFile America/Port_of_Spain.}.set TZData(:America/Grenada) $TZData(:America/Port_of_Spain).
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\America\Guadeloupe
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):205
          Entropy (8bit):4.914669229343752
          Encrypted:false
          SSDEEP:6:SlSWB9IZaM3y7eoFVAIgpeX2905AJLr490e/:MBaIMY9QpI290qJLr490O
          MD5:026A098D231C9BE8557A7F4A673C1BE2
          SHA1:192EECA778E1E713053D37353AF6D3C168D2BFF5
          SHA-256:FFE0E204D43000121944C57D2B2A846E792DDC73405C02FC5E8017136CD55BCB
          SHA-512:B49BD0FC12CC8D475E7E5116B8BDEA1584912BFA433734451F4338E42B5E042F3EC259E81C009E85798030E21F658158FA9F4EFC60078972351F706F852425E3
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Port_of_Spain)]} {. LoadTimeZoneFile America/Port_of_Spain.}.set TZData(:America/Guadeloupe) $TZData(:America/Port_of_Spain).
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\America\Guatemala
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):385
          Entropy (8bit):4.450029420195016
          Encrypted:false
          SSDEEP:12:MBp52906GdJmdHKznI2f/uFn/z/uFn/w67Rd3/uFn/4Bx/uFn/xAQ:cQ8JeQXfSn/zSn/w67Rd3Sn/4HSn/j
          MD5:6E3FD9D19E0CD26275B0F95412F13F4C
          SHA1:A1B6D6219DEBDBC9B5FFF5848E5DF14F8F4B1158
          SHA-256:1DC103227CA0EDEEBA8EE8A41AE54B3E11459E4239DC051B0694CF7DF3636F1A
          SHA-512:BF615D16BB55186AFC7216B47250EE84B7834FD08077E29E0A8F49C65AACAAD8D27539EA751202EBFF5E0B00702EC59B0A7D95F5FB585BFED68AC6206416110D
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit..set TZData(:America/Guatemala) {. {-9223372036854775808 -21724 0 LMT}. {-1617040676 -21600 0 CST}. {123055200 -18000 1 CDT}. {130914000 -21600 0 CST}. {422344800 -18000 1 CDT}. {433054800 -21600 0 CST}. {669708000 -18000 1 CDT}. {684219600 -21600 0 CST}. {1146376800 -18000 1 CDT}. {1159678800 -21600 0 CST}.}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\America\Guayaquil
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):240
          Entropy (8bit):4.690879495223713
          Encrypted:false
          SSDEEP:6:SlSWB9X529056m2OHHjGeP5lahicKpKV91EX/uFkfF/KV9C:MBp5290smdHHLP5C/gO9U/uFEF/O9C
          MD5:58E0902DC63F2F584AD72E6855A68BB8
          SHA1:C8ED225C95DB512CB860D798E6AF648A321B82E7
          SHA-256:D940627FFCBE6D690E34406B62EE4A032F116DF1AB81631E27A61E16BD4051E2
          SHA-512:EF2523F2C55890BE4CE78DA2274833647587CF6F48B144C8261EB69B24BA73946B63244F03FEDF37A990FCAFECB2D88F4ECE302993F115C06323721E570EDD99
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit..set TZData(:America/Guayaquil) {. {-9223372036854775808 -19160 0 LMT}. {-2524502440 -18840 0 QMT}. {-1230749160 -18000 0 -05}. {722926800 -14400 1 -05}. {728884800 -18000 0 -05}.}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\America\Guyana
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):208
          Entropy (8bit):4.687194013851928
          Encrypted:false
          SSDEEP:6:SlSWB9X52905R3Lm2OHRjGeTShVy4yViUKcVVFAH/MIB/O9:MBp5290LLmdHVTiy4yVi7c/OH/MG/O9
          MD5:CF5AD3AFBD735A42E3F7D85064C16AFC
          SHA1:B8160F8D5E677836051643622262F13E3AE1B0BE
          SHA-256:AF2EC2151402DF377E011618512BBC25A5A6AC64165E2C42212E2C2EC182E8F1
          SHA-512:F69F10822AB115D25C0B5F705D294332FAAA66EB0BA2D98A6610A35E1FA5ED05F02B3DDBB4E37B9B4A77946C05E28C98113DBF11EDF8DB2661A2D8ED40711182
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit..set TZData(:America/Guyana) {. {-9223372036854775808 -13960 0 LMT}. {-1730578040 -13500 0 -0345}. {176010300 -10800 0 -03}. {662698800 -14400 0 -04}.}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\America\Halifax
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):10763
          Entropy (8bit):3.724988391778253
          Encrypted:false
          SSDEEP:192:Y7Z1hubfVmv0SqJXDiFHrbm96qddObEn/RDzWRfQFQ4XL8vG+81VcfnrpbXXnqvo:823ZLYvuOZJv
          MD5:7DE8E355A725B3D9B3FD06A838B9715F
          SHA1:41C6AAEA03FC7FEED50CFFFC4DFF7F35E2B1C23D
          SHA-256:5F65F38FFA6B05C59B21DB98672EB2124E4283530ACB01B22093EAEFB256D116
          SHA-512:4C61A15DDF28124343C1E6EFE068D15E48F0662534486EC38A4E2731BE085CDA5856F884521EF32A6E0EDD610A8A491A722220BDD1BAF2A9652D8457778AF696
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit..set TZData(:America/Halifax) {. {-9223372036854775808 -15264 0 LMT}. {-2131645536 -14400 0 AST}. {-1696276800 -10800 1 ADT}. {-1680469200 -14400 0 AST}. {-1640980800 -14400 0 AST}. {-1632074400 -10800 1 ADT}. {-1615143600 -14400 0 AST}. {-1609444800 -14400 0 AST}. {-1566763200 -10800 1 ADT}. {-1557090000 -14400 0 AST}. {-1535486400 -10800 1 ADT}. {-1524949200 -14400 0 AST}. {-1504468800 -10800 1 ADT}. {-1493413200 -14400 0 AST}. {-1472414400 -10800 1 ADT}. {-1461963600 -14400 0 AST}. {-1440964800 -10800 1 ADT}. {-1429390800 -14400 0 AST}. {-1409515200 -10800 1 ADT}. {-1396731600 -14400 0 AST}. {-1376856000 -10800 1 ADT}. {-1366491600 -14400 0 AST}. {-1346616000 -10800 1 ADT}. {-1333832400 -14400 0 AST}. {-1313956800 -10800 1 ADT}. {-1303678800 -14400 0 AST}. {-1282507200 -10800 1 ADT}. {-1272661200 -14400 0 AST}. {-1251057600 -10800 1 ADT}. {-1240088400
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\America\Havana
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):8444
          Entropy (8bit):3.7372403334059547
          Encrypted:false
          SSDEEP:192:VXA0Bc0tTJtNliQ4sxgpuG4c2JPTxUw9Or2ocrPGSyM9Gk4LK46MCf7VkXgySCWv:VXA0Bc0tTJtNliQ4sxSuG4c2JPTxUw9F
          MD5:C436FDCDBA98987601FEFC2DBFD5947B
          SHA1:A04CF2A5C9468C634AED324CB79F9EE3544514B7
          SHA-256:32F8B4D03E4ACB466353D72DAA2AA9E1E42D454DBBA001D0B880667E6346B8A1
          SHA-512:56C25003685582AF2B8BA4E32EFF03EF10F4360D1A12E0F1294355000161ADDF7024CBD047D1830AB884BE2C385FD8ABE8DA5C30E9A0671C22E84EE3BF957D85
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit..set TZData(:America/Havana) {. {-9223372036854775808 -19768 0 LMT}. {-2524501832 -19776 0 HMT}. {-1402813824 -18000 0 CST}. {-1311534000 -14400 1 CDT}. {-1300996800 -18000 0 CST}. {-933534000 -14400 1 CDT}. {-925675200 -18000 0 CST}. {-902084400 -14400 1 CDT}. {-893620800 -18000 0 CST}. {-870030000 -14400 1 CDT}. {-862171200 -18000 0 CST}. {-775681200 -14400 1 CDT}. {-767822400 -18000 0 CST}. {-744231600 -14400 1 CDT}. {-736372800 -18000 0 CST}. {-144702000 -14400 1 CDT}. {-134251200 -18000 0 CST}. {-113425200 -14400 1 CDT}. {-102542400 -18000 0 CST}. {-86295600 -14400 1 CDT}. {-72907200 -18000 0 CST}. {-54154800 -14400 1 CDT}. {-41457600 -18000 0 CST}. {-21495600 -14400 1 CDT}. {-5774400 -18000 0 CST}. {9954000 -14400 1 CDT}. {25675200 -18000 0 CST}. {41403600 -14400 1 CDT}. {57729600 -18000 0 CST}. {73458000 -14400 1 CDT}. {87364800 -18000 0 CST}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\America\Hermosillo
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):595
          Entropy (8bit):4.2803367804689785
          Encrypted:false
          SSDEEP:12:MBp5290ebmdH5NWw+Ux++vTQtFlvm0tFXtFjV5a:cQBe5gfUT7UFltF9FjV5a
          MD5:9D1A1746614CE2CEE26D066182938CDC
          SHA1:967590403A84E80ED299B8D548A2B37C8EEB21CE
          SHA-256:493DB3E7B56B2E6B266A5C212CD1F75F1E5CF57533DA03BB1C1F2449543B9F48
          SHA-512:DFAE6BC48F2E4B75DD6744AEE57D31D6A6E764D02DCA5731C7B516AD87B9BAB2FEB355A012EC38BDD53008B501B0744953EB7E0677F02B9EAF083D2E66042B37
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit..set TZData(:America/Hermosillo) {. {-9223372036854775808 -26632 0 LMT}. {-1514739600 -25200 0 MST}. {-1343066400 -21600 0 CST}. {-1234807200 -25200 0 MST}. {-1220292000 -21600 0 CST}. {-1207159200 -25200 0 MST}. {-1191344400 -21600 0 CST}. {-873828000 -25200 0 MST}. {-661539600 -28800 0 PST}. {28800 -25200 0 MST}. {828867600 -21600 1 MDT}. {846403200 -25200 0 MST}. {860317200 -21600 1 MDT}. {877852800 -25200 0 MST}. {891766800 -21600 1 MDT}. {909302400 -25200 0 MST}. {915174000 -25200 0 MST}.}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\America\Indiana\Indianapolis
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):6996
          Entropy (8bit):3.799188069575817
          Encrypted:false
          SSDEEP:96:uRXxWMzJ2eQzURWu3N7sHRwvOTFhP5S+ijFnRaJeaX1eyDt:uRXxWUJ2eQzURWu3NOqvOTFhPI1jFIL
          MD5:154A332C3ACF6D6F358B07D96B91EBD1
          SHA1:FC16E7CBE179B3AB4E0C2A61AB5E0E8C23E50D50
          SHA-256:C0C7964EBF9EA332B46D8B928B52FDE2ED15ED2B25EC664ACD33DA7BF3F987AE
          SHA-512:5831905E1E6C6FA9DD309104B3A2EE476941D6FF159764123A477E2690C697B0F19EDEA0AD0CD3BBBECF96D64DC4B981027439E7865FCB1632661C8539B3BD6C
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit..set TZData(:America/Indiana/Indianapolis) {. {-9223372036854775808 -20678 0 LMT}. {-2717647200 -21600 0 CST}. {-1633276800 -18000 1 CDT}. {-1615136400 -21600 0 CST}. {-1601827200 -18000 1 CDT}. {-1583686800 -21600 0 CST}. {-1577901600 -21600 0 CST}. {-900259200 -18000 1 CDT}. {-891795600 -21600 0 CST}. {-883591200 -21600 0 CST}. {-880214400 -18000 1 CWT}. {-769395600 -18000 1 CPT}. {-765392400 -21600 0 CST}. {-757360800 -21600 0 CST}. {-747244800 -18000 1 CDT}. {-733942800 -21600 0 CST}. {-715795200 -18000 1 CDT}. {-702493200 -21600 0 CST}. {-684345600 -18000 1 CDT}. {-671043600 -21600 0 CST}. {-652896000 -18000 1 CDT}. {-639594000 -21600 0 CST}. {-620841600 -18000 1 CDT}. {-608144400 -21600 0 CST}. {-589392000 -18000 1 CDT}. {-576090000 -21600 0 CST}. {-557942400 -18000 1 CDT}. {-544640400 -21600 0 CST}. {-526492800 -18000 1 CDT}. {-513190800 -21600 0
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\America\Indiana\Knox
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):8470
          Entropy (8bit):3.7546412701514034
          Encrypted:false
          SSDEEP:192:AXxr2eQzURWu3Oab9BxXI6X8xYIIOdXkqbfkeTzZSJw5/9/yuvQ+hcr8bYkzbXw6:AXxr2eQzUwu3Oab9BxXI6XUYIIOdXkqv
          MD5:E8AFD9E320A7F4310B413F8086462F31
          SHA1:7BEE624AAC096E9C280B4FC84B0671381C657F6C
          SHA-256:BE74C1765317898834A18617352DF3B2952D69DE4E294616F1554AB95824DAF0
          SHA-512:C76620999A293FA3A93CA4615AB78F19395F12CC08C242F56BFD4C4CAF8BC769DDEBF33FF10F7DA5A3EFD8ED18792362780188636075419014A8C099A897C43C
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit..set TZData(:America/Indiana/Knox) {. {-9223372036854775808 -20790 0 LMT}. {-2717647200 -21600 0 CST}. {-1633276800 -18000 1 CDT}. {-1615136400 -21600 0 CST}. {-1601827200 -18000 1 CDT}. {-1583686800 -21600 0 CST}. {-880214400 -18000 1 CWT}. {-769395600 -18000 1 CPT}. {-765392400 -21600 0 CST}. {-725824800 -21600 0 CST}. {-715795200 -18000 1 CDT}. {-702493200 -21600 0 CST}. {-684345600 -18000 1 CDT}. {-671043600 -21600 0 CST}. {-652896000 -18000 1 CDT}. {-639594000 -21600 0 CST}. {-620841600 -18000 1 CDT}. {-608144400 -21600 0 CST}. {-589392000 -18000 1 CDT}. {-576090000 -21600 0 CST}. {-557942400 -18000 1 CDT}. {-544640400 -21600 0 CST}. {-526492800 -18000 1 CDT}. {-513190800 -21600 0 CST}. {-495043200 -18000 1 CDT}. {-481741200 -21600 0 CST}. {-463593600 -18000 1 CDT}. {-447267600 -21600 0 CST}. {-431539200 -18000 1 CDT}. {-415818000 -21600 0 CST}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\America\Indiana\Marengo
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):7037
          Entropy (8bit):3.786429098558221
          Encrypted:false
          SSDEEP:96:FXx3knO559B18XWRh0ksHRwvOTFhP5S+ijFnRaJeaX1eyDt:FXxUnO559B2XWRh0pqvOTFhPI1jFIL
          MD5:456422A0D5BE8FBF5DBD0E75D8650894
          SHA1:737AC21F019A7E89689B9C8B465C8482FF4F403E
          SHA-256:C92D86CACFF85344453E1AFBC124CE11085DE7F6DC52CB4CBE6B89B01D5FE2F3
          SHA-512:372AEBB2F13A50536C36A025881874E5EE3162F0168B71B2083965BECBBFCA3DAC726117D205D708CC2B4F7ABE65CCC2B3FE6625F1403D97001950524D545470
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit..set TZData(:America/Indiana/Marengo) {. {-9223372036854775808 -20723 0 LMT}. {-2717647200 -21600 0 CST}. {-1633276800 -18000 1 CDT}. {-1615136400 -21600 0 CST}. {-1601827200 -18000 1 CDT}. {-1583686800 -21600 0 CST}. {-880214400 -18000 1 CWT}. {-769395600 -18000 1 CPT}. {-765392400 -21600 0 CST}. {-599594400 -21600 0 CST}. {-589392000 -18000 1 CDT}. {-576090000 -21600 0 CST}. {-495043200 -18000 1 CDT}. {-481741200 -21600 0 CST}. {-463593600 -18000 1 CDT}. {-450291600 -21600 0 CST}. {-431539200 -18000 1 CDT}. {-418237200 -21600 0 CST}. {-400089600 -18000 1 CDT}. {-386787600 -21600 0 CST}. {-368640000 -18000 1 CDT}. {-355338000 -21600 0 CST}. {-337190400 -18000 1 CDT}. {-323888400 -21600 0 CST}. {-305740800 -18000 1 CDT}. {-292438800 -21600 0 CST}. {-273686400 -18000 0 EST}. {-31518000 -18000 0 EST}. {-21488400 -14400 1 EDT}. {-5767200 -18000 0 EST}. {
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\America\Indiana\Petersburg
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:modified
          Size (bytes):7364
          Entropy (8bit):3.79636789874872
          Encrypted:false
          SSDEEP:192:pXxS559B2XW6X8x3X3D2D8IOdXkqbfkeTzlbaqvOTFhPI1jFIL:pXxS559B2XW6XU3X3D2D8IOdXkqbfNT2
          MD5:9614153F9471187A2F92B674733369A0
          SHA1:199E8D5018A374EDB9592483CE4DDB30712006E3
          SHA-256:5323EBC8D450CC1B53AED18AD209ADEB3A6EEB5A00A80D63E26DB1C85B6476ED
          SHA-512:2A1E26D711F62C51A5EE7014584FAF41C1780BD62573247D45D467500C6AB9A9EAD5A382A1986A9D768D7BB927E4D391EA1B7A4AD9A54D3B05D8AD2385156C33
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit..set TZData(:America/Indiana/Petersburg) {. {-9223372036854775808 -20947 0 LMT}. {-2717647200 -21600 0 CST}. {-1633276800 -18000 1 CDT}. {-1615136400 -21600 0 CST}. {-1601827200 -18000 1 CDT}. {-1583686800 -21600 0 CST}. {-880214400 -18000 1 CWT}. {-769395600 -18000 1 CPT}. {-765392400 -21600 0 CST}. {-473364000 -21600 0 CST}. {-462996000 -18000 1 CDT}. {-450291600 -21600 0 CST}. {-431539200 -18000 1 CDT}. {-418237200 -21600 0 CST}. {-400089600 -18000 1 CDT}. {-386787600 -21600 0 CST}. {-368640000 -18000 1 CDT}. {-355338000 -21600 0 CST}. {-337190400 -18000 1 CDT}. {-323888400 -21600 0 CST}. {-305740800 -18000 1 CDT}. {-292438800 -21600 0 CST}. {-273686400 -18000 1 CDT}. {-257965200 -21600 0 CST}. {-242236800 -18000 1 CDT}. {-226515600 -21600 0 CST}. {-210787200 -18000 1 CDT}. {-195066000 -21600 0 CST}. {-179337600 -18000 1 CDT}. {-163616400 -21600 0 CST
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\America\Indiana\Tell_City
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):6992
          Entropy (8bit):3.7768650637181533
          Encrypted:false
          SSDEEP:192:CXxjL36559B2XI6XE3X3D2E0bYkzbXwDTIRqfhXbdXvDXpVXVto//q7u379zlq3g:CXxjL36559B2XI6XE3X3D2E0bYkzbXw6
          MD5:D0F40504B578D996E93DAE6DA583116A
          SHA1:4D4D24021B826BFED2735D42A46EEC1C9EBEA8E3
          SHA-256:F4A0572288D2073D093A256984A2EFEC6DF585642EA1C4A2860B38341D376BD8
          SHA-512:BA9D994147318FF5A53D45EC432E118B5F349207D58448D568E0DB316452EF9FD620EE4623FD4EAD123BC2A6724E1BAE2809919C58223E6FD4C7A20F004155E0
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit..set TZData(:America/Indiana/Tell_City) {. {-9223372036854775808 -20823 0 LMT}. {-2717647200 -21600 0 CST}. {-1633276800 -18000 1 CDT}. {-1615136400 -21600 0 CST}. {-1601827200 -18000 1 CDT}. {-1583686800 -21600 0 CST}. {-880214400 -18000 1 CWT}. {-769395600 -18000 1 CPT}. {-765392400 -21600 0 CST}. {-757360800 -21600 0 CST}. {-747244800 -18000 1 CDT}. {-733942800 -21600 0 CST}. {-526492800 -18000 1 CDT}. {-513190800 -21600 0 CST}. {-495043200 -18000 1 CDT}. {-481741200 -21600 0 CST}. {-462996000 -18000 1 CDT}. {-450291600 -21600 0 CST}. {-431539200 -18000 1 CDT}. {-418237200 -21600 0 CST}. {-400089600 -18000 1 CDT}. {-386787600 -21600 0 CST}. {-368640000 -18000 1 CDT}. {-355338000 -21600 0 CST}. {-337190400 -18000 1 CDT}. {-323888400 -21600 0 CST}. {-305740800 -18000 1 CDT}. {-289414800 -21600 0 CST}. {-273686400 -18000 1 CDT}. {-260989200 -21600 0 CST}
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\America\Indiana\Vevay
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):6350
          Entropy (8bit):3.782861360101505
          Encrypted:false
          SSDEEP:96:K9Xx3+lsHRwvOTFhP5S+ijFnRaJeaX1eyDt:6XxuoqvOTFhPI1jFIL
          MD5:35A64C161E0083DCE8CD1E8E1D6EBE85
          SHA1:9BC295C23783C07587D82DA2CC25C1A4586284B2
          SHA-256:75E89796C6FB41D75D4DDA6D94E4D27979B0572487582DC980575AF6656A7822
          SHA-512:7BAF735DA0DE899653F60EED6EEF53DD8A1ABC6F61F052B8E37B404BC9B37355E94563827BC296D8E980C4247864A57A117B7B1CB58A2C242991BBDC8FE7174E
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit..set TZData(:America/Indiana/Vevay) {. {-9223372036854775808 -20416 0 LMT}. {-2717647200 -21600 0 CST}. {-1633276800 -18000 1 CDT}. {-1615136400 -21600 0 CST}. {-1601827200 -18000 1 CDT}. {-1583686800 -21600 0 CST}. {-880214400 -18000 1 CWT}. {-769395600 -18000 1 CPT}. {-765392400 -21600 0 CST}. {-495043200 -18000 0 EST}. {-31518000 -18000 0 EST}. {-21488400 -14400 1 EDT}. {-5767200 -18000 0 EST}. {9961200 -14400 1 EDT}. {25682400 -18000 0 EST}. {41410800 -14400 1 EDT}. {57736800 -18000 0 EST}. {73465200 -14400 1 EDT}. {89186400 -18000 0 EST}. {94712400 -18000 0 EST}. {1136091600 -18000 0 EST}. {1143961200 -14400 1 EDT}. {1162101600 -18000 0 EST}. {1173596400 -14400 1 EDT}. {1194156000 -18000 0 EST}. {1205046000 -14400 1 EDT}. {1225605600 -18000 0 EST}. {1236495600 -14400 1 EDT}. {1257055200 -18000 0 EST}. {1268550000 -14400 1 EDT}. {1289109600 -18000
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\America\Indiana\Vincennes
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):6992
          Entropy (8bit):3.795913753683276
          Encrypted:false
          SSDEEP:192:TXxjL36559B2XI6XE3X3D2E0baqvOTFhPI1jFIL:TXxjL36559B2XI6XE3X3D2E0bZ3+
          MD5:AD8B44BD0DBBEB06786B2B281736A82B
          SHA1:7480D3916F0ED66379FC534F20DC31001A3F14AF
          SHA-256:18F35F24AEF9A937CD9E91E723F611BC5D802567A03C5484FAB7AEEC1F2A0ED0
          SHA-512:7911EC3F1FD564C50DEAF074ED99A502A9B5262B63E3E0D2901E21F27E90FBD5656A53831E61B43A096BA1FF18BB4183CCCE2B903782C2189DAAFDD7A90B3083
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit..set TZData(:America/Indiana/Vincennes) {. {-9223372036854775808 -21007 0 LMT}. {-2717647200 -21600 0 CST}. {-1633276800 -18000 1 CDT}. {-1615136400 -21600 0 CST}. {-1601827200 -18000 1 CDT}. {-1583686800 -21600 0 CST}. {-880214400 -18000 1 CWT}. {-769395600 -18000 1 CPT}. {-765392400 -21600 0 CST}. {-757360800 -21600 0 CST}. {-747244800 -18000 1 CDT}. {-733942800 -21600 0 CST}. {-526492800 -18000 1 CDT}. {-513190800 -21600 0 CST}. {-495043200 -18000 1 CDT}. {-481741200 -21600 0 CST}. {-462996000 -18000 1 CDT}. {-450291600 -21600 0 CST}. {-431539200 -18000 1 CDT}. {-418237200 -21600 0 CST}. {-400089600 -18000 1 CDT}. {-386787600 -21600 0 CST}. {-368640000 -18000 1 CDT}. {-355338000 -21600 0 CST}. {-337190400 -18000 1 CDT}. {-323888400 -21600 0 CST}. {-305740800 -18000 1 CDT}. {-289414800 -21600 0 CST}. {-273686400 -18000 1 CDT}. {-260989200 -21600 0 CST}
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\America\Indiana\Winamac
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):7170
          Entropy (8bit):3.7942292979267767
          Encrypted:false
          SSDEEP:192:YXxjJ2eQzURWu3Oab9B2XWR0/qvOTFhPI1jFIL:YXxjJ2eQzUwu3Oab9B2XWR0M3+
          MD5:40D8E05D8794C9D11DF018E3C8B8D7C0
          SHA1:58161F320CB46EC72B9AA6BAD9086F18B2E0141B
          SHA-256:A13D6158CCD4283FE94389FD341853AD90EA4EC505D37CE23BD7A6E7740F03F6
          SHA-512:BC45B6EFF1B879B01F517D4A4012D0AFBA0F6A9D92E862EF9A960FE07CBE216C8C929FE790044C566DC95981EC4BEAB3DCBD45A1FE597606CF601214A78AEA08
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit..set TZData(:America/Indiana/Winamac) {. {-9223372036854775808 -20785 0 LMT}. {-2717647200 -21600 0 CST}. {-1633276800 -18000 1 CDT}. {-1615136400 -21600 0 CST}. {-1601827200 -18000 1 CDT}. {-1583686800 -21600 0 CST}. {-880214400 -18000 1 CWT}. {-769395600 -18000 1 CPT}. {-765392400 -21600 0 CST}. {-757360800 -21600 0 CST}. {-747244800 -18000 1 CDT}. {-733942800 -21600 0 CST}. {-715795200 -18000 1 CDT}. {-702493200 -21600 0 CST}. {-684345600 -18000 1 CDT}. {-671043600 -21600 0 CST}. {-652896000 -18000 1 CDT}. {-639594000 -21600 0 CST}. {-620841600 -18000 1 CDT}. {-608144400 -21600 0 CST}. {-589392000 -18000 1 CDT}. {-576090000 -21600 0 CST}. {-557942400 -18000 1 CDT}. {-544640400 -21600 0 CST}. {-526492800 -18000 1 CDT}. {-513190800 -21600 0 CST}. {-495043200 -18000 1 CDT}. {-481741200 -21600 0 CST}. {-463593600 -18000 1 CDT}. {-447267600 -21600 0 CST}.
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\America\Indianapolis
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):228
          Entropy (8bit):4.655121947675421
          Encrypted:false
          SSDEEP:6:SlSWB9IZaM3y73GK7mFVAIgp3GKBL2903GfJ4903GK1:MBaIMY3GK7Hp3GKBL2903GfJ4903GK1
          MD5:CB79BE371FAB0B0A5EBEB1BA101AA8BA
          SHA1:6A24348AB24D6D55A8ABDEE1500ED03D5D1357F3
          SHA-256:6AABF28AC5A766828DD91F2EE2783F50E9C6C6307D8942FCD4DFAE21DB2F1855
          SHA-512:156E1E7046D7A0938FE4BF40BC586F0A7BEF1B0ED7B887665E9C6041980B511F079AA739B7BD42A89794CB9E82DB6629E81DD39D2F8161DFABDED539E272FB6E
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Indiana/Indianapolis)]} {. LoadTimeZoneFile America/Indiana/Indianapolis.}.set TZData(:America/Indianapolis) $TZData(:America/Indiana/Indianapolis).
          C:\Users\user\AppData\Local\Temp\_MEI59442\tcl\tzdata\America\Inuvik
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):7389
          Entropy (8bit):3.778898781146325
          Encrypted:false
          SSDEEP:96:/ZGm+4I1zXN+C2mWBNQMsmNTxf6AeO+cblX:/EVUC2mWBNwWTxyWR
          MD5:EFEFB694C4F54583C0ED45A955E823AF
          SHA1:6FF35D151E8E1DED0DC362671FFF904B3CFF59B4
          SHA-256:72C48C0CCC1B8C1BD80E5BB5B8879A07A2DBE82317667568523BBE1F855E4883
          SHA-512:52BDACF02C5A595927FF9B7DC0151367C81B259C8831A91F66A0C10D5271DCDF834763F44868CCF7EDA497295D9D55C49C8F8FD43EEC383C29BC3CABAA4B6B0F
          Malicious:false
          Preview: # created by tools/tclZIC.tcl - do not edit..set TZData(:America/Inuvik) {. {-9223372036854775808 0 0 -00}. {-536457600 -28800 0 PST}. {-147888000 -21600 1 PDDT}. {-131558400 -28800 0 PST}. {315558000 -25200 0 MST}. {325674000 -21600 1 MDT}. {341395200 -25200 0 MST}. {357123600 -21600 1 MDT}. {372844800 -25200 0 MST}. {388573200 -21600 1 MDT}. {404899200 -25200 0 MST}. {420022800 -21600 1 MDT}. {436348800 -25200 0 MST}. {452077200 -21600 1 MDT}. {467798400 -25200 0 MST}. {483526800 -21600 1 MDT}. {499248000 -25200 0 MST}. {514976400 -21600 1 MDT}. {530697600 -25200 0 MST}. {544611600 -21600 1 MDT}. {562147200 -25200 0 MST}. {576061200 -21600 1 MDT}. {594201600 -25200 0 MST}. {607510800 -21600 1 MDT}. {625651200 -25200 0 MST}. {638960400 -21600 1 MDT}. {657100800 -25200 0 MST}. {671014800 -21600 1 MDT}. {688550400 -25200 0 MST}. {702464400 -21600 1 MDT}. {720000000 -25200 0 MST}. {733914000 -
          C:\Users\user\AppData\Local\Temp\_MEI59442\tk86t.dll
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
          Category:dropped
          Size (bytes):1468064
          Entropy (8bit):6.165850680457804
          Encrypted:false
          SSDEEP:24576:J7+Vm6O8hbcrckTNrkhaJVQhWnmb7u/DSe9qT03ZjLmFMoERDY5TUT/tXzddGyIK:JCQ69cYY9JVQWx/DSe9qTqJLUMPsJUT/
          MD5:FDC8A5D96F9576BD70AA1CADC2F21748
          SHA1:BAE145525A18CE7E5BC69C5F43C6044DE7B6E004
          SHA-256:1A6D0871BE2FA7153DE22BE008A20A5257B721657E6D4B24DA8B1F940345D0D5
          SHA-512:816ADA61C1FD941D10E6BB4350BAA77F520E2476058249B269802BE826BAB294A9C18EDC5D590F5ED6F8DAFED502AB7FFB29DB2F44292CB5BEDF2F5FA609F49C
          Malicious:false
          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........................................B................R..................Rich..................PE..d......\.........." .........J......@........................................p.......f....`.............................................@@..P>..|........{......,....L.......0...?..`................................................ ..P............................text...c........................... ..`.rdata...?... ...@..................@..@.data........`.......N..............@....pdata..,...........................@..@.rsrc....{.......|..................@..@.reloc...?...0...@..................@..B........................................................................................................................................................................................................................................
          C:\Users\user\AppData\Local\Temp\_MEI59442\unicodedata.pyd
          Process:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
          Category:dropped
          Size (bytes):1121456
          Entropy (8bit):5.372853106294277
          Encrypted:false
          SSDEEP:12288:iIeTMmuZ63NaQCb5Pfhnzr0ql8L8kkM7IRG5eeme6VZyrIBHdQLhfFE+uBgWHb0k:iIeTudZV0m88MMREtV6Vo4uYB5N
          MD5:06092DBACF3B009AD11376DFC5ED2ACD
          SHA1:2597D23469D65936FCA20906EF41E1F999944210
          SHA-256:2F9E76A8148029ADE3E8F61D014D79A9B1C154CC9B5D6608F50FC478170FF676
          SHA-512:C782EBB9139A6B358D6E55CCA3F018E421747984245FAFBD150696B152763F2A6D08A21A0185F49DF867DFABF5F066631A55F324ABFED4E8BECE8F85EAD81C85
          Malicious:false
          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r.b~6..-6..-6..-?..-0..-...,4..-...,:..-...,>..-...,5..-...,5..-m..,4..-6..-|..-...,7..-...,7..-...-7..-...,7..-Rich6..-........PE..d...../`.........." .....L...........).......................................@....../z....`.............................................X............ .......................0......`L..T............................L..8............`...............................text...:J.......L.................. ..`.rdata.......`.......P..............@..@.data...............................@....pdata..............................@..@.rsrc........ ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................................................

          Static File Info

          General

          File type:PE32+ executable (GUI) x86-64, for MS Windows
          Entropy (8bit):7.993976322021805
          TrID:
          • Win64 Executable GUI (202006/5) 92.65%
          • Win64 Executable (generic) (12005/4) 5.51%
          • Generic Win/DOS Executable (2004/3) 0.92%
          • DOS Executable Generic (2002/1) 0.92%
          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
          File name:SnapshotLogExtractor.exe
          File size:10819301
          MD5:c6eaf09294a285b6725c282a148866d7
          SHA1:3b90aa3e3d489a783315fda8f08b08b406e0e5a7
          SHA256:f80afb7154dfba4cca720f09d67c401b75adc28f6df6c4e64bfdb31a59904ffc
          SHA512:6911ddaea4afc3133ccf719254aa87353cd61a052b5585eb47b60a562f6afc5540e2c002fb50b9bc0e21b4b8208059d4aa8bc433b293fba712152657d3a408b0
          SSDEEP:196608:qQ6DDLyI0MhC+BTX1QFhjwt25Hnuz48RmU/3ZlsPvXfn2TvN8COvSB9:VSaIlAuOHuztN3ZWXf2Te
          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Td..............................................+[......+[......+[........".........h....[.......[.......[......Rich...........

          File Icon

          Icon Hash:c6c2ccd6f2e0e0f8

          Static PE Info

          General

          Entrypoint:0x140008948
          Entrypoint Section:.text
          Digitally signed:false
          Imagebase:0x140000000
          Subsystem:windows gui
          Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
          DLL Characteristics:TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT, HIGH_ENTROPY_VA
          Time Stamp:0x5FFEC13D [Wed Jan 13 09:45:33 2021 UTC]
          TLS Callbacks:
          CLR (.Net) Version:
          OS Version Major:5
          OS Version Minor:2
          File Version Major:5
          File Version Minor:2
          Subsystem Version Major:5
          Subsystem Version Minor:2
          Import Hash:b0d2bcfaf69e32f6189b93d5e3f439ad

          Entrypoint Preview

          Instruction
          dec eax
          sub esp, 28h
          call 00007F1B2CCAA0B4h
          dec eax
          add esp, 28h
          jmp 00007F1B2CCA99E7h
          int3
          int3
          inc eax
          push ebx
          dec eax
          sub esp, 20h
          dec eax
          mov ebx, ecx
          xor ecx, ecx
          call dword ptr [000197BBh]
          dec eax
          mov ecx, ebx
          call dword ptr [000197AAh]
          call dword ptr [00019724h]
          dec eax
          mov ecx, eax
          mov edx, C0000409h
          dec eax
          add esp, 20h
          pop ebx
          dec eax
          jmp dword ptr [000197A0h]
          dec eax
          mov dword ptr [esp+08h], ecx
          dec eax
          sub esp, 38h
          mov ecx, 00000017h
          call 00007F1B2CCC2000h
          test eax, eax
          je 00007F1B2CCA9B69h
          mov ecx, 00000002h
          int 29h
          dec eax
          lea ecx, dword ptr [000333FBh]
          call 00007F1B2CCA9D2Fh
          dec eax
          mov eax, dword ptr [esp+38h]
          dec eax
          mov dword ptr [000334E2h], eax
          dec eax
          lea eax, dword ptr [esp+38h]
          dec eax
          add eax, 08h
          dec eax
          mov dword ptr [00033472h], eax
          dec eax
          mov eax, dword ptr [000334CBh]
          dec eax
          mov dword ptr [0003333Ch], eax
          dec eax
          mov eax, dword ptr [esp+40h]
          dec eax
          mov dword ptr [00033440h], eax
          mov dword ptr [00033316h], C0000409h
          mov dword ptr [00033310h], 00000001h
          mov dword ptr [0003331Ah], 00000001h
          mov eax, 00000008h

          Rich Headers

          Programming Language:
          • [RES] VS2015 UPD3 build 24213

          Data Directories

          NameVirtual AddressVirtual Size Is in Section
          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
          IMAGE_DIRECTORY_ENTRY_IMPORT0x30c1c0x64.rdata
          IMAGE_DIRECTORY_ENTRY_RESOURCE0x410000xf4f0.rsrc
          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x3e0000x1c50.pdata
          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
          IMAGE_DIRECTORY_ENTRY_BASERELOC0x510000x690.reloc
          IMAGE_DIRECTORY_ENTRY_DEBUG0x2ecc00x1c.rdata
          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x2ece00x94.rdata
          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
          IMAGE_DIRECTORY_ENTRY_IAT0x220000x348.rdata
          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

          Sections

          NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
          .text0x10000x204600x20600False0.564098696911data6.45619152998IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          .rdata0x220000xf7960xf800False0.52595766129data5.84281674084IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
          .data0x320000xb1080xc00False0.132161458333data1.83207123021IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
          .pdata0x3e0000x1c500x1e00False0.463411458333data5.12975830646IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
          .gfids0x400000xac0x200False0.27734375data1.71945852329IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
          .rsrc0x410000xf4f00xf600False0.803750635163data7.55562791395IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
          .reloc0x510000x6900x800False0.5791015625data4.98922192223IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

          Resources

          NameRVASizeTypeLanguageCountry
          RT_ICON0x412080xea8data
          RT_ICON0x420b00x8a8data
          RT_ICON0x429580x568GLS_BINARY_LSB_FIRST
          RT_ICON0x42ec00x952cPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
          RT_ICON0x4c3ec0x25a8data
          RT_ICON0x4e9940x10a8data
          RT_ICON0x4fa3c0x468GLS_BINARY_LSB_FIRST
          RT_GROUP_ICON0x4fea40x68data
          RT_MANIFEST0x4ff0c0x5e4XML 1.0 document, ASCII text, with CRLF line terminators

          Imports

          DLLImport
          USER32.dllMessageBoxW, MessageBoxA
          KERNEL32.dllGetModuleFileNameW, GetProcAddress, GetCommandLineW, GetEnvironmentVariableW, SetEnvironmentVariableW, ExpandEnvironmentStringsW, CreateDirectoryW, GetTempPathW, WaitForSingleObject, Sleep, SetDllDirectoryW, CreateProcessW, GetStartupInfoW, LoadLibraryExW, CloseHandle, GetCurrentProcess, LocalFree, FormatMessageW, LoadLibraryA, MultiByteToWideChar, WideCharToMultiByte, GetLastError, HeapReAlloc, SetEndOfFile, GetExitCodeProcess, GetCommandLineA, HeapSize, GetTimeZoneInformation, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, GetModuleHandleW, RtlUnwindEx, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, RaiseException, ReadFile, CreateFileW, GetDriveTypeW, GetFileType, PeekNamedPipe, SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime, GetFullPathNameW, RemoveDirectoryW, FindClose, FindFirstFileExW, FindNextFileW, SetStdHandle, SetConsoleCtrlHandler, DeleteFileW, GetStdHandle, WriteFile, ExitProcess, GetModuleHandleExW, GetACP, HeapFree, HeapAlloc, GetConsoleMode, ReadConsoleW, SetFilePointerEx, GetConsoleCP, CompareStringW, LCMapStringW, GetCurrentDirectoryW, FlushFileBuffers, SetEnvironmentVariableA, GetFileAttributesExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetStringTypeW, GetProcessHeap, WriteConsoleW
          ADVAPI32.dllConvertSidToStringSidW, GetTokenInformation, OpenProcessToken, ConvertStringSecurityDescriptorToSecurityDescriptorW
          WS2_32.dllntohl

          Network Behavior

          No network behavior found

          Code Manipulations

          Statistics

          CPU Usage

          Click to jump to process

          Memory Usage

          Click to jump to process

          System Behavior

          Analysis Process: SnapshotLogExtractor.exe PID: 5944 Parent PID: 5216

          General

          Start time:06:44:58
          Start date:22/11/2021
          Path:C:\Users\user\Desktop\SnapshotLogExtractor.exe
          Wow64 process (32bit):false
          Commandline:"C:\Users\user\Desktop\SnapshotLogExtractor.exe"
          Imagebase:0x7ff7f2e30000
          File size:10819301 bytes
          MD5 hash:C6EAF09294A285B6725C282A148866D7
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:low

          Chronological Activities

          Disassembly

          Code Analysis

          Reset < >

            Analysis Process: SnapshotLogExtractor.exe PID: 5944 Parent PID: 5216 SnapshotLogExtractor.exeCOMMON

            Execution Graph

            Execution Coverage:12.7%
            Dynamic/Decrypted Code Coverage:0%
            Signature Coverage:11.6%
            Total number of Nodes:2000
            Total number of Limit Nodes:55

            Graph

            execution_graph 15329 7ff7f2e51214 15330 7ff7f2e51226 15329->15330 15331 7ff7f2e51230 15329->15331 15333 7ff7f2e482b8 LeaveCriticalSection 15330->15333 15229 7ff7f2e41214 15230 7ff7f2e41228 15229->15230 15231 7ff7f2e41231 15229->15231 15230->15231 15235 7ff7f2e412c8 15230->15235 15236 7ff7f2e4123a 15235->15236 15237 7ff7f2e412e1 15235->15237 15236->15231 15245 7ff7f2e41648 15236->15245 15254 7ff7f2e4a4d4 GetEnvironmentStringsW 15237->15254 15240 7ff7f2e412ee 15242 7ff7f2e42300 __free_lconv_num 15 API calls 15240->15242 15242->15236 15244 7ff7f2e42300 __free_lconv_num 15 API calls 15244->15240 15246 7ff7f2e41663 15245->15246 15249 7ff7f2e4168b 15245->15249 15246->15231 15247 7ff7f2e41668 MultiByteToWideChar 15247->15246 15247->15249 15248 7ff7f2e42458 pre_c_initialization 15 API calls 15248->15249 15249->15246 15249->15247 15249->15248 15250 7ff7f2e416eb 15249->15250 15251 7ff7f2e416a0 MultiByteToWideChar 15249->15251 15253 7ff7f2e42300 __free_lconv_num 15 API calls 15249->15253 15252 7ff7f2e42300 __free_lconv_num 15 API calls 15250->15252 15251->15249 15251->15250 15252->15246 15253->15249 15255 7ff7f2e4a4f8 15254->15255 15256 7ff7f2e412e6 15254->15256 15257 7ff7f2e42340 fread_s 16 API calls 15255->15257 15256->15240 15261 7ff7f2e4142c 15256->15261 15258 7ff7f2e4a52a memcpy_s 15257->15258 15259 7ff7f2e42300 __free_lconv_num 15 API calls 15258->15259 15260 7ff7f2e4a54a FreeEnvironmentStringsW 15259->15260 15260->15256 15263 7ff7f2e4144d 15261->15263 15262 7ff7f2e42458 pre_c_initialization 15 API calls 15273 7ff7f2e41481 15262->15273 15263->15262 15264 7ff7f2e414f4 15265 7ff7f2e42300 __free_lconv_num 15 API calls 15264->15265 15266 7ff7f2e412fb 15265->15266 15266->15244 15267 7ff7f2e42458 pre_c_initialization 15 API calls 15267->15273 15268 7ff7f2e414e5 15287 7ff7f2e41530 15268->15287 15272 7ff7f2e4151c 15275 7ff7f2e43150 _wfindfirst32i64 17 API calls 15272->15275 15273->15264 15273->15267 15273->15268 15273->15272 15276 7ff7f2e42300 __free_lconv_num 15 API calls 15273->15276 15278 7ff7f2e483f4 15273->15278 15274 7ff7f2e42300 __free_lconv_num 15 API calls 15274->15264 15277 7ff7f2e4152e 15275->15277 15276->15273 15279 7ff7f2e4840b 15278->15279 15280 7ff7f2e48401 15278->15280 15281 7ff7f2e3dcd4 _get_daylight 15 API calls 15279->15281 15280->15279 15282 7ff7f2e48427 15280->15282 15286 7ff7f2e48413 15281->15286 15284 7ff7f2e4841f 15282->15284 15285 7ff7f2e3dcd4 _get_daylight 15 API calls 15282->15285 15283 7ff7f2e43130 _invalid_parameter_noinfo 32 API calls 15283->15284 15284->15273 15285->15286 15286->15283 15288 7ff7f2e414ed 15287->15288 15289 7ff7f2e41535 15287->15289 15288->15274 15290 7ff7f2e4155e 15289->15290 15291 7ff7f2e42300 __free_lconv_num 15 API calls 15289->15291 15292 7ff7f2e42300 __free_lconv_num 15 API calls 15290->15292 15291->15289 15292->15288 15334 7ff7f2e40014 15339 7ff7f2e48264 EnterCriticalSection 15334->15339 12223 7ff7f2e3a9f8 12224 7ff7f2e3aa19 12223->12224 12225 7ff7f2e3aa2e 12223->12225 12237 7ff7f2e3dcd4 12224->12237 12225->12224 12227 7ff7f2e3aa33 12225->12227 12236 7ff7f2e3b5ac EnterCriticalSection 12227->12236 12243 7ff7f2e463f4 GetLastError 12237->12243 12240 7ff7f2e43130 12323 7ff7f2e43088 12240->12323 12244 7ff7f2e46418 12243->12244 12245 7ff7f2e4641d 12243->12245 12262 7ff7f2e4558c 12244->12262 12250 7ff7f2e46466 12245->12250 12267 7ff7f2e42458 12245->12267 12249 7ff7f2e4643c 12274 7ff7f2e42300 12249->12274 12252 7ff7f2e4646b SetLastError 12250->12252 12253 7ff7f2e46475 SetLastError 12250->12253 12256 7ff7f2e3aa1e 12252->12256 12253->12256 12256->12240 12257 7ff7f2e46443 12257->12252 12258 7ff7f2e4645a 12285 7ff7f2e46110 12258->12285 12290 7ff7f2e45200 12262->12290 12265 7ff7f2e455ce TlsGetValue 12266 7ff7f2e455bf 12265->12266 12266->12245 12270 7ff7f2e42469 pre_c_initialization 12267->12270 12268 7ff7f2e424ba 12272 7ff7f2e3dcd4 _get_daylight 14 API calls 12268->12272 12269 7ff7f2e4249e RtlAllocateHeap 12269->12270 12271 7ff7f2e424b8 12269->12271 12270->12268 12270->12269 12300 7ff7f2e4b044 12270->12300 12271->12249 12280 7ff7f2e455e4 12271->12280 12272->12271 12275 7ff7f2e42305 RtlReleasePrivilege 12274->12275 12279 7ff7f2e42335 __free_lconv_num 12274->12279 12276 7ff7f2e42320 12275->12276 12275->12279 12277 7ff7f2e3dcd4 _get_daylight 13 API calls 12276->12277 12278 7ff7f2e42325 GetLastError 12277->12278 12278->12279 12279->12257 12281 7ff7f2e45200 __vcrt_uninitialize_ptd 5 API calls 12280->12281 12282 7ff7f2e45617 12281->12282 12283 7ff7f2e45631 TlsSetValue 12282->12283 12284 7ff7f2e4561f 12282->12284 12283->12284 12284->12249 12284->12258 12309 7ff7f2e46090 12285->12309 12291 7ff7f2e4525c 12290->12291 12292 7ff7f2e45261 12290->12292 12291->12292 12293 7ff7f2e45289 LoadLibraryExW 12291->12293 12297 7ff7f2e4530e 12291->12297 12299 7ff7f2e452f3 FreeLibrary 12291->12299 12292->12265 12292->12266 12293->12291 12294 7ff7f2e452aa GetLastError 12293->12294 12294->12291 12296 7ff7f2e452b5 LoadLibraryExW 12294->12296 12295 7ff7f2e4531c GetProcAddress 12298 7ff7f2e4532d 12295->12298 12296->12291 12297->12292 12297->12295 12298->12292 12299->12291 12303 7ff7f2e4b084 12300->12303 12308 7ff7f2e48264 EnterCriticalSection 12303->12308 12321 7ff7f2e48264 EnterCriticalSection 12309->12321 12324 7ff7f2e463f4 _get_daylight 15 API calls 12323->12324 12325 7ff7f2e430b2 12324->12325 12330 7ff7f2e43150 IsProcessorFeaturePresent 12325->12330 12331 7ff7f2e43162 12330->12331 12334 7ff7f2e42f24 12331->12334 12335 7ff7f2e42f5e __scrt_fastfail abort 12334->12335 12336 7ff7f2e42f86 RtlCaptureContext RtlLookupFunctionEntry 12335->12336 12337 7ff7f2e42fc0 RtlVirtualUnwind 12336->12337 12338 7ff7f2e42ff6 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 12336->12338 12337->12338 12341 7ff7f2e43048 abort 12338->12341 12342 7ff7f2e38660 12341->12342 12343 7ff7f2e3866a 12342->12343 12344 7ff7f2e38676 GetCurrentProcess TerminateProcess 12343->12344 12345 7ff7f2e38990 IsProcessorFeaturePresent 12343->12345 12346 7ff7f2e389a7 12345->12346 12351 7ff7f2e38b84 RtlCaptureContext 12346->12351 12352 7ff7f2e38b9e RtlLookupFunctionEntry 12351->12352 12353 7ff7f2e389ba 12352->12353 12354 7ff7f2e38bb4 RtlVirtualUnwind 12352->12354 12355 7ff7f2e3895c SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 12353->12355 12354->12352 12354->12353 15845 7ff7f2e5116b 15847 7ff7f2e5117b 15845->15847 15849 7ff7f2e3b5b8 LeaveCriticalSection 15847->15849 12356 7ff7f2e43fe8 12357 7ff7f2e44008 12356->12357 12361 7ff7f2e44030 12356->12361 12358 7ff7f2e3dcd4 _get_daylight 15 API calls 12357->12358 12359 7ff7f2e4400d 12358->12359 12360 7ff7f2e43130 _invalid_parameter_noinfo 32 API calls 12359->12360 12370 7ff7f2e44018 12360->12370 12362 7ff7f2e4407f 12361->12362 12361->12370 12376 7ff7f2e4b298 12361->12376 12381 7ff7f2e422d8 12362->12381 12368 7ff7f2e422d8 fread_s 32 API calls 12369 7ff7f2e440e7 12368->12369 12369->12370 12371 7ff7f2e422d8 fread_s 32 API calls 12369->12371 12372 7ff7f2e440f5 12371->12372 12372->12370 12373 7ff7f2e422d8 fread_s 32 API calls 12372->12373 12374 7ff7f2e44106 12373->12374 12375 7ff7f2e422d8 fread_s 32 API calls 12374->12375 12375->12370 12416 7ff7f2e42340 12376->12416 12379 7ff7f2e42300 __free_lconv_num 15 API calls 12380 7ff7f2e4b2bc 12379->12380 12380->12362 12382 7ff7f2e422e1 12381->12382 12383 7ff7f2e422f1 12381->12383 12384 7ff7f2e3dcd4 _get_daylight 15 API calls 12382->12384 12387 7ff7f2e43a68 12383->12387 12385 7ff7f2e422e6 12384->12385 12386 7ff7f2e43130 _invalid_parameter_noinfo 32 API calls 12385->12386 12386->12383 12388 7ff7f2e43a8c 12387->12388 12389 7ff7f2e43aa4 12387->12389 12424 7ff7f2e3dcb4 12388->12424 12391 7ff7f2e43b51 12389->12391 12394 7ff7f2e43ae0 12389->12394 12392 7ff7f2e3dcb4 fread_s 15 API calls 12391->12392 12395 7ff7f2e43b56 12392->12395 12397 7ff7f2e43af0 12394->12397 12398 7ff7f2e43b05 12394->12398 12399 7ff7f2e3dcd4 _get_daylight 15 API calls 12395->12399 12396 7ff7f2e3dcd4 _get_daylight 15 API calls 12415 7ff7f2e43a99 12396->12415 12400 7ff7f2e3dcb4 fread_s 15 API calls 12397->12400 12423 7ff7f2e3fc60 EnterCriticalSection 12398->12423 12402 7ff7f2e43afd 12399->12402 12403 7ff7f2e43af5 12400->12403 12408 7ff7f2e43130 _invalid_parameter_noinfo 32 API calls 12402->12408 12405 7ff7f2e3dcd4 _get_daylight 15 API calls 12403->12405 12405->12402 12408->12415 12415->12368 12415->12370 12417 7ff7f2e4238b 12416->12417 12421 7ff7f2e4234f pre_c_initialization 12416->12421 12418 7ff7f2e3dcd4 _get_daylight 15 API calls 12417->12418 12420 7ff7f2e42389 12418->12420 12419 7ff7f2e42372 RtlAllocateHeap 12419->12420 12419->12421 12420->12379 12421->12417 12421->12419 12422 7ff7f2e4b044 pre_c_initialization 2 API calls 12421->12422 12422->12421 12425 7ff7f2e463f4 _get_daylight 15 API calls 12424->12425 12426 7ff7f2e3dcbd 12425->12426 12426->12396 15365 7ff7f2e4f2f4 15368 7ff7f2e4a040 15365->15368 15369 7ff7f2e4a04d 15368->15369 15370 7ff7f2e4a059 15368->15370 15372 7ff7f2e49e88 15369->15372 15373 7ff7f2e46360 abort 36 API calls 15372->15373 15374 7ff7f2e49ea1 15373->15374 15375 7ff7f2e4a068 36 API calls 15374->15375 15376 7ff7f2e49eaa 15375->15376 15392 7ff7f2e49b94 15376->15392 15379 7ff7f2e49ec4 15379->15370 15380 7ff7f2e42340 fread_s 16 API calls 15381 7ff7f2e49ed5 15380->15381 15391 7ff7f2e49f70 15381->15391 15399 7ff7f2e4a128 15381->15399 15382 7ff7f2e42300 __free_lconv_num 15 API calls 15382->15379 15385 7ff7f2e49f6b 15386 7ff7f2e3dcd4 _get_daylight 15 API calls 15385->15386 15386->15391 15387 7ff7f2e49fcd 15387->15391 15409 7ff7f2e49944 15387->15409 15388 7ff7f2e49f90 15388->15387 15389 7ff7f2e42300 __free_lconv_num 15 API calls 15388->15389 15389->15387 15391->15382 15393 7ff7f2e3b9e4 36 API calls 15392->15393 15394 7ff7f2e49ba8 15393->15394 15395 7ff7f2e49bb4 GetOEMCP 15394->15395 15396 7ff7f2e49bc6 15394->15396 15397 7ff7f2e49bdb 15395->15397 15396->15397 15398 7ff7f2e49bcb GetACP 15396->15398 15397->15379 15397->15380 15398->15397 15400 7ff7f2e49b94 38 API calls 15399->15400 15401 7ff7f2e4a155 15400->15401 15402 7ff7f2e4a15d 15401->15402 15403 7ff7f2e4a19f IsValidCodePage 15401->15403 15408 7ff7f2e4a1c5 __scrt_fastfail 15401->15408 15405 7ff7f2e38660 _handle_error 8 API calls 15402->15405 15403->15402 15404 7ff7f2e4a1b0 GetCPInfo 15403->15404 15404->15402 15404->15408 15406 7ff7f2e49f64 15405->15406 15406->15385 15406->15388 15416 7ff7f2e49ca4 GetCPInfo 15408->15416 15481 7ff7f2e48264 EnterCriticalSection 15409->15481 15422 7ff7f2e49ced 15416->15422 15425 7ff7f2e49dcd 15416->15425 15419 7ff7f2e38660 _handle_error 8 API calls 15421 7ff7f2e49e71 15419->15421 15421->15402 15426 7ff7f2e4a8d0 15422->15426 15424 7ff7f2e4b7b0 41 API calls 15424->15425 15425->15419 15427 7ff7f2e3b9e4 36 API calls 15426->15427 15428 7ff7f2e4a912 MultiByteToWideChar 15427->15428 15430 7ff7f2e4a957 15428->15430 15431 7ff7f2e4a950 15428->15431 15433 7ff7f2e42340 fread_s 16 API calls 15430->15433 15436 7ff7f2e4a985 __scrt_fastfail setbuf 15430->15436 15432 7ff7f2e38660 _handle_error 8 API calls 15431->15432 15434 7ff7f2e49d61 15432->15434 15433->15436 15440 7ff7f2e4b7b0 15434->15440 15435 7ff7f2e4a9f5 MultiByteToWideChar 15437 7ff7f2e4aa16 GetStringTypeW 15435->15437 15438 7ff7f2e4aa30 15435->15438 15436->15435 15436->15438 15437->15438 15438->15431 15439 7ff7f2e42300 __free_lconv_num 15 API calls 15438->15439 15439->15431 15441 7ff7f2e3b9e4 36 API calls 15440->15441 15442 7ff7f2e4b7d5 15441->15442 15445 7ff7f2e4b454 15442->15445 15446 7ff7f2e4b496 15445->15446 15447 7ff7f2e4b4ba MultiByteToWideChar 15446->15447 15448 7ff7f2e4b4ec 15447->15448 15456 7ff7f2e4b765 15447->15456 15450 7ff7f2e4b524 setbuf 15448->15450 15452 7ff7f2e42340 fread_s 16 API calls 15448->15452 15449 7ff7f2e38660 _handle_error 8 API calls 15451 7ff7f2e49d94 15449->15451 15453 7ff7f2e4b588 MultiByteToWideChar 15450->15453 15458 7ff7f2e4b639 15450->15458 15451->15424 15452->15450 15454 7ff7f2e4b5ae 15453->15454 15453->15458 15472 7ff7f2e45750 15454->15472 15456->15449 15458->15456 15459 7ff7f2e42300 __free_lconv_num 15 API calls 15458->15459 15459->15456 15460 7ff7f2e4b648 15462 7ff7f2e42340 fread_s 16 API calls 15460->15462 15466 7ff7f2e4b673 setbuf 15460->15466 15461 7ff7f2e4b5f6 15461->15458 15463 7ff7f2e45750 __crtLCMapStringW 6 API calls 15461->15463 15462->15466 15463->15458 15464 7ff7f2e45750 __crtLCMapStringW 6 API calls 15465 7ff7f2e4b706 15464->15465 15467 7ff7f2e4b73c 15465->15467 15469 7ff7f2e4b730 WideCharToMultiByte 15465->15469 15466->15458 15466->15464 15467->15458 15468 7ff7f2e42300 __free_lconv_num 15 API calls 15467->15468 15468->15458 15469->15467 15470 7ff7f2e4b79c 15469->15470 15470->15458 15471 7ff7f2e42300 __free_lconv_num 15 API calls 15470->15471 15471->15458 15473 7ff7f2e45200 __vcrt_uninitialize_ptd 5 API calls 15472->15473 15474 7ff7f2e45793 15473->15474 15477 7ff7f2e4579b 15474->15477 15478 7ff7f2e45840 15474->15478 15476 7ff7f2e457fc LCMapStringW 15476->15477 15477->15458 15477->15460 15477->15461 15479 7ff7f2e45200 __vcrt_uninitialize_ptd 5 API calls 15478->15479 15480 7ff7f2e45873 __crtLCMapStringW 15479->15480 15480->15476 15293 7ff7f2e3ac74 15294 7ff7f2e3ac8a 15293->15294 15295 7ff7f2e3ac9f 15293->15295 15297 7ff7f2e3dcd4 _get_daylight 15 API calls 15294->15297 15307 7ff7f2e3b5ac EnterCriticalSection 15295->15307 15298 7ff7f2e3ac8f 15297->15298 15300 7ff7f2e43130 _invalid_parameter_noinfo 32 API calls 15298->15300 15302 7ff7f2e3ac9a 15300->15302 12512 7ff7f2e387dc 12532 7ff7f2e38c34 12512->12532 12516 7ff7f2e387fe __scrt_acquire_startup_lock 12517 7ff7f2e38823 12516->12517 12518 7ff7f2e38fcc __scrt_fastfail 7 API calls 12516->12518 12524 7ff7f2e38844 __scrt_is_nonwritable_in_current_image __scrt_release_startup_lock 12517->12524 12538 7ff7f2e41848 12517->12538 12518->12517 12520 7ff7f2e38848 12521 7ff7f2e388d2 12542 7ff7f2e39114 12521->12542 12523 7ff7f2e388d7 12545 7ff7f2e31000 12523->12545 12524->12520 12524->12521 12600 7ff7f2e41af8 12524->12600 12530 7ff7f2e388fa 12607 7ff7f2e38e0c 12530->12607 12533 7ff7f2e38c56 __isa_available_init 12532->12533 12611 7ff7f2e39eb4 12533->12611 12535 7ff7f2e38c5b __scrt_initialize_crt 12537 7ff7f2e387f0 12535->12537 12619 7ff7f2e39ee8 12535->12619 12537->12516 12593 7ff7f2e38fcc IsProcessorFeaturePresent 12537->12593 12540 7ff7f2e41860 12538->12540 12539 7ff7f2e41882 12539->12524 12540->12539 12682 7ff7f2e386f4 12540->12682 12761 7ff7f2e39470 12542->12761 12544 7ff7f2e3912b GetStartupInfoW 12544->12523 12546 7ff7f2e3100b 12545->12546 12763 7ff7f2e35390 12546->12763 12548 7ff7f2e3101d setbuf 12770 7ff7f2e3e5a0 12548->12770 12554 7ff7f2e38660 _handle_error 8 API calls 12555 7ff7f2e32a5a 12554->12555 12605 7ff7f2e39150 GetModuleHandleW 12555->12605 12556 7ff7f2e32831 12586 7ff7f2e3281c 12556->12586 12795 7ff7f2e345b0 12556->12795 12558 7ff7f2e32875 12810 7ff7f2e34c30 12558->12810 12560 7ff7f2e32884 12814 7ff7f2e317d0 12560->12814 12563 7ff7f2e328ca 12565 7ff7f2e328ec 12563->12565 12845 7ff7f2e325a0 12563->12845 12564 7ff7f2e317d0 117 API calls 12567 7ff7f2e328a5 12564->12567 12573 7ff7f2e329ba 12565->12573 12849 7ff7f2e355f0 12565->12849 12567->12563 12570 7ff7f2e328a9 12567->12570 12569 7ff7f2e32909 SetDllDirectoryW 12571 7ff7f2e3291d 12569->12571 12832 7ff7f2e31bd0 12570->12832 12571->12573 12577 7ff7f2e32926 12571->12577 12822 7ff7f2e323f0 12573->12822 12575 7ff7f2e329c2 12575->12586 12908 7ff7f2e34bc0 12575->12908 12582 7ff7f2e32969 12577->12582 12863 7ff7f2e31df0 12577->12863 12578 7ff7f2e329e7 12580 7ff7f2e345b0 58 API calls 12578->12580 12583 7ff7f2e329f3 pre_c_initialization 12580->12583 12582->12586 12867 7ff7f2e32510 12582->12867 12583->12586 12587 7ff7f2e32a05 pre_c_initialization 12583->12587 12586->12554 12915 7ff7f2e34c70 12587->12915 12594 7ff7f2e38ff1 __scrt_fastfail 12593->12594 12595 7ff7f2e3900d RtlCaptureContext RtlLookupFunctionEntry 12594->12595 12596 7ff7f2e39072 __scrt_fastfail 12595->12596 12597 7ff7f2e39036 RtlVirtualUnwind 12595->12597 12598 7ff7f2e390a4 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 12596->12598 12597->12596 12599 7ff7f2e390f6 12598->12599 12599->12516 12601 7ff7f2e41b36 12600->12601 12602 7ff7f2e41b24 12600->12602 15224 7ff7f2e42230 12601->15224 12602->12521 12606 7ff7f2e39164 12605->12606 12606->12530 12609 7ff7f2e38e1d __scrt_uninitialize_crt 12607->12609 12608 7ff7f2e38918 12608->12520 12609->12608 12610 7ff7f2e39ee8 __vcrt_uninitialize 8 API calls 12609->12610 12610->12608 12612 7ff7f2e39ebd __vcrt_initialize_pure_virtual_call_handler __vcrt_initialize_winapi_thunks 12611->12612 12627 7ff7f2e3a008 12612->12627 12618 7ff7f2e39ecb 12618->12535 12620 7ff7f2e39f01 12619->12620 12621 7ff7f2e39ef0 12619->12621 12620->12537 12622 7ff7f2e39fe4 __vcrt_uninitialize_ptd 6 API calls 12621->12622 12623 7ff7f2e39ef5 12622->12623 12624 7ff7f2e3a050 __vcrt_uninitialize_locks DeleteCriticalSection 12623->12624 12625 7ff7f2e39efa 12624->12625 12678 7ff7f2e3a424 12625->12678 12628 7ff7f2e3a010 12627->12628 12630 7ff7f2e3a041 12628->12630 12631 7ff7f2e39ec7 12628->12631 12644 7ff7f2e3a360 12628->12644 12632 7ff7f2e3a050 __vcrt_uninitialize_locks DeleteCriticalSection 12630->12632 12631->12618 12633 7ff7f2e39fa4 12631->12633 12632->12631 12659 7ff7f2e3a250 12633->12659 12635 7ff7f2e39fb4 12636 7ff7f2e39ed4 12635->12636 12664 7ff7f2e3a2f8 12635->12664 12636->12618 12640 7ff7f2e3a050 12636->12640 12638 7ff7f2e39fd1 12638->12636 12669 7ff7f2e39fe4 12638->12669 12641 7ff7f2e3a07b 12640->12641 12642 7ff7f2e3a05e DeleteCriticalSection 12641->12642 12643 7ff7f2e3a07f 12641->12643 12642->12641 12643->12618 12649 7ff7f2e3a088 12644->12649 12647 7ff7f2e3a3b7 InitializeCriticalSectionAndSpinCount 12648 7ff7f2e3a3a3 12647->12648 12648->12628 12652 7ff7f2e3a0ee 12649->12652 12655 7ff7f2e3a0e9 12649->12655 12650 7ff7f2e3a1b6 12650->12652 12653 7ff7f2e3a1c5 GetProcAddress 12650->12653 12651 7ff7f2e3a121 LoadLibraryExW 12654 7ff7f2e3a147 GetLastError 12651->12654 12651->12655 12652->12647 12652->12648 12653->12652 12656 7ff7f2e3a1dd 12653->12656 12654->12655 12657 7ff7f2e3a152 LoadLibraryExW 12654->12657 12655->12650 12655->12651 12655->12652 12658 7ff7f2e3a194 FreeLibrary 12655->12658 12656->12652 12657->12655 12658->12655 12660 7ff7f2e3a088 try_get_function 5 API calls 12659->12660 12661 7ff7f2e3a27c 12660->12661 12662 7ff7f2e3a284 12661->12662 12663 7ff7f2e3a293 TlsAlloc 12661->12663 12662->12635 12663->12662 12665 7ff7f2e3a088 try_get_function 5 API calls 12664->12665 12666 7ff7f2e3a32b 12665->12666 12667 7ff7f2e3a344 TlsSetValue 12666->12667 12668 7ff7f2e3a333 12666->12668 12667->12668 12668->12638 12670 7ff7f2e39ff8 12669->12670 12671 7ff7f2e39ff3 12669->12671 12670->12636 12673 7ff7f2e3a2a4 12671->12673 12674 7ff7f2e3a088 try_get_function 5 API calls 12673->12674 12675 7ff7f2e3a2cf 12674->12675 12676 7ff7f2e3a2e5 TlsFree 12675->12676 12677 7ff7f2e3a2d7 12675->12677 12676->12677 12677->12670 12679 7ff7f2e3a45c 12678->12679 12680 7ff7f2e3a428 12678->12680 12679->12620 12680->12679 12681 7ff7f2e3a442 FreeLibrary 12680->12681 12681->12680 12683 7ff7f2e38704 pre_c_initialization 12682->12683 12703 7ff7f2e3ec10 12683->12703 12685 7ff7f2e38710 pre_c_initialization 12709 7ff7f2e38c80 12685->12709 12687 7ff7f2e38729 12688 7ff7f2e38799 12687->12688 12689 7ff7f2e3872d _RTC_Initialize 12687->12689 12690 7ff7f2e38fcc __scrt_fastfail 7 API calls 12688->12690 12714 7ff7f2e38e88 12689->12714 12691 7ff7f2e387a3 12690->12691 12693 7ff7f2e38fcc __scrt_fastfail 7 API calls 12691->12693 12694 7ff7f2e387ae __scrt_initialize_default_local_stdio_options 12693->12694 12694->12540 12695 7ff7f2e3873e pre_c_initialization 12717 7ff7f2e41058 12695->12717 12698 7ff7f2e3874e 12739 7ff7f2e38f64 InitializeSListHead 12698->12739 12704 7ff7f2e3ec21 12703->12704 12705 7ff7f2e3ec29 12704->12705 12706 7ff7f2e3dcd4 _get_daylight 15 API calls 12704->12706 12705->12685 12707 7ff7f2e3ec38 12706->12707 12708 7ff7f2e43130 _invalid_parameter_noinfo 32 API calls 12707->12708 12708->12705 12710 7ff7f2e38d3e 12709->12710 12713 7ff7f2e38c98 __scrt_initialize_onexit_tables __scrt_release_startup_lock 12709->12713 12711 7ff7f2e38fcc __scrt_fastfail 7 API calls 12710->12711 12712 7ff7f2e38d48 12711->12712 12713->12687 12740 7ff7f2e38e38 12714->12740 12716 7ff7f2e38e91 12716->12695 12718 7ff7f2e4108c GetModuleFileNameW 12717->12718 12719 7ff7f2e41076 12717->12719 12723 7ff7f2e410b9 pre_c_initialization 12718->12723 12720 7ff7f2e3dcd4 _get_daylight 15 API calls 12719->12720 12721 7ff7f2e4107b 12720->12721 12722 7ff7f2e43130 _invalid_parameter_noinfo 32 API calls 12721->12722 12724 7ff7f2e3874a 12722->12724 12755 7ff7f2e40ff4 12723->12755 12724->12691 12724->12698 12727 7ff7f2e41101 12728 7ff7f2e3dcd4 _get_daylight 15 API calls 12727->12728 12737 7ff7f2e41106 12728->12737 12729 7ff7f2e41112 pre_c_initialization 12731 7ff7f2e41177 12729->12731 12732 7ff7f2e4115e 12729->12732 12729->12737 12730 7ff7f2e42300 __free_lconv_num 15 API calls 12730->12724 12735 7ff7f2e42300 __free_lconv_num 15 API calls 12731->12735 12733 7ff7f2e42300 __free_lconv_num 15 API calls 12732->12733 12734 7ff7f2e41167 12733->12734 12736 7ff7f2e42300 __free_lconv_num 15 API calls 12734->12736 12735->12737 12738 7ff7f2e41173 12736->12738 12737->12730 12738->12724 12741 7ff7f2e38e67 12740->12741 12743 7ff7f2e38e5d _onexit 12740->12743 12744 7ff7f2e42088 12741->12744 12743->12716 12747 7ff7f2e41c44 12744->12747 12754 7ff7f2e48264 EnterCriticalSection 12747->12754 12756 7ff7f2e4100f 12755->12756 12757 7ff7f2e41013 12755->12757 12756->12727 12756->12729 12757->12756 12758 7ff7f2e42458 pre_c_initialization 15 API calls 12757->12758 12759 7ff7f2e41042 12758->12759 12760 7ff7f2e42300 __free_lconv_num 15 API calls 12759->12760 12760->12756 12762 7ff7f2e3948e 12761->12762 12762->12544 12762->12762 12765 7ff7f2e353b2 12763->12765 12764 7ff7f2e35400 WideCharToMultiByte 12764->12765 12766 7ff7f2e3549f 12764->12766 12765->12764 12765->12766 12767 7ff7f2e35450 WideCharToMultiByte 12765->12767 12769 7ff7f2e353ba 12765->12769 12968 7ff7f2e31a80 12766->12968 12767->12765 12767->12766 12769->12548 12772 7ff7f2e3e5a5 12770->12772 12771 7ff7f2e47a8c 12773 7ff7f2e3dcd4 _get_daylight 15 API calls 12771->12773 12772->12771 12775 7ff7f2e47ac7 12772->12775 12774 7ff7f2e47a91 12773->12774 12776 7ff7f2e43130 _invalid_parameter_noinfo 32 API calls 12774->12776 13547 7ff7f2e4793c 12775->13547 12778 7ff7f2e3280d 12776->12778 12779 7ff7f2e318e0 12778->12779 12780 7ff7f2e318f5 12779->12780 12781 7ff7f2e31910 12780->12781 13555 7ff7f2e31930 12780->13555 12781->12586 12783 7ff7f2e32b30 12781->12783 12784 7ff7f2e386a0 setbuf 12783->12784 12785 7ff7f2e32b3c GetModuleFileNameW 12784->12785 12786 7ff7f2e32b6b 12785->12786 12787 7ff7f2e32b82 12785->12787 12788 7ff7f2e31a80 56 API calls 12786->12788 12789 7ff7f2e356f0 56 API calls 12787->12789 12790 7ff7f2e32b7e 12788->12790 12791 7ff7f2e32b95 12789->12791 12793 7ff7f2e38660 _handle_error 8 API calls 12790->12793 12791->12790 12792 7ff7f2e31bd0 58 API calls 12791->12792 12792->12790 12794 7ff7f2e32bbf 12793->12794 12794->12556 12796 7ff7f2e345ba setbuf 12795->12796 12797 7ff7f2e355f0 56 API calls 12796->12797 12798 7ff7f2e345dc GetEnvironmentVariableW 12797->12798 12799 7ff7f2e34646 12798->12799 12800 7ff7f2e345f4 ExpandEnvironmentStringsW 12798->12800 12801 7ff7f2e38660 _handle_error 8 API calls 12799->12801 12802 7ff7f2e356f0 56 API calls 12800->12802 12803 7ff7f2e34658 12801->12803 12804 7ff7f2e3461c 12802->12804 12803->12558 12804->12799 12805 7ff7f2e34626 12804->12805 13595 7ff7f2e42260 12805->13595 12808 7ff7f2e38660 _handle_error 8 API calls 12809 7ff7f2e3463e 12808->12809 12809->12558 12811 7ff7f2e355f0 56 API calls 12810->12811 12812 7ff7f2e34c47 SetEnvironmentVariableW 12811->12812 12813 7ff7f2e34c5f 12812->12813 12813->12560 12815 7ff7f2e317e0 12814->12815 12815->12815 12821 7ff7f2e3187c 12815->12821 13602 7ff7f2e32ab0 12815->13602 12817 7ff7f2e3182f 13605 7ff7f2e31680 12817->13605 12819 7ff7f2e31866 12819->12821 13635 7ff7f2e3a5ec 12819->13635 12821->12563 12821->12564 12823 7ff7f2e32432 __scrt_fastfail 12822->12823 12831 7ff7f2e3246f 12823->12831 13922 7ff7f2e31390 12823->13922 13940 7ff7f2e31e50 12823->13940 13976 7ff7f2e31640 htonl 12823->13976 12824 7ff7f2e324a4 12826 7ff7f2e38660 _handle_error 8 API calls 12824->12826 12825 7ff7f2e318a0 63 API calls 12825->12831 12827 7ff7f2e324b6 12826->12827 12827->12575 12831->12824 12831->12825 12833 7ff7f2e31bf0 __scrt_initialize_default_local_stdio_options setbuf 12832->12833 12834 7ff7f2e3d7b0 47 API calls 12833->12834 12835 7ff7f2e31c3d __scrt_fastfail 12834->12835 12836 7ff7f2e355f0 56 API calls 12835->12836 12837 7ff7f2e31c6a 12836->12837 12838 7ff7f2e31ca9 MessageBoxA 12837->12838 12839 7ff7f2e31c6f 12837->12839 12841 7ff7f2e31cc3 12838->12841 12840 7ff7f2e355f0 56 API calls 12839->12840 12842 7ff7f2e31c89 MessageBoxW 12840->12842 12843 7ff7f2e38660 _handle_error 8 API calls 12841->12843 12842->12841 12844 7ff7f2e31cd3 12843->12844 12844->12586 12846 7ff7f2e325d8 12845->12846 12847 7ff7f2e325b3 12845->12847 12846->12565 12847->12846 12848 7ff7f2e31640 59 API calls 12847->12848 12848->12847 12850 7ff7f2e35697 MultiByteToWideChar 12849->12850 12851 7ff7f2e35611 MultiByteToWideChar 12849->12851 12852 7ff7f2e356b8 12850->12852 12853 7ff7f2e356dd 12850->12853 12854 7ff7f2e35637 12851->12854 12855 7ff7f2e3565c 12851->12855 12856 7ff7f2e31a80 54 API calls 12852->12856 12853->12569 12857 7ff7f2e31a80 54 API calls 12854->12857 12855->12850 12860 7ff7f2e35672 12855->12860 12858 7ff7f2e356cb 12856->12858 12859 7ff7f2e3564a 12857->12859 12858->12569 12859->12569 12861 7ff7f2e31a80 54 API calls 12860->12861 12862 7ff7f2e35685 12861->12862 12862->12569 12864 7ff7f2e31e15 __scrt_initialize_default_local_stdio_options 12863->12864 12865 7ff7f2e3d7b0 47 API calls 12864->12865 12866 7ff7f2e31e38 12865->12866 12866->12582 12868 7ff7f2e3251c setbuf 12867->12868 12869 7ff7f2e31590 59 API calls 12868->12869 12871 7ff7f2e32540 12869->12871 12870 7ff7f2e32581 12873 7ff7f2e38660 _handle_error 8 API calls 12870->12873 12871->12870 14785 7ff7f2e32cc0 12871->14785 12875 7ff7f2e32591 12873->12875 12874 7ff7f2e32559 12876 7ff7f2e32577 12874->12876 12877 7ff7f2e31bd0 58 API calls 12874->12877 12879 7ff7f2e32390 12875->12879 14788 7ff7f2e34ff0 MultiByteToWideChar 12876->14788 12877->12876 14802 7ff7f2e33b30 12879->14802 12882 7ff7f2e323a2 12882->12586 12884 7ff7f2e323bd 12884->12882 14861 7ff7f2e338b0 12884->14861 12886 7ff7f2e323c9 12886->12882 14873 7ff7f2e33a30 12886->14873 12888 7ff7f2e323d5 setbuf 12888->12882 12889 7ff7f2e32630 12888->12889 12890 7ff7f2e32644 12888->12890 12891 7ff7f2e31bd0 58 API calls 12889->12891 12892 7ff7f2e3265d 12890->12892 12902 7ff7f2e32671 12890->12902 12896 7ff7f2e3263c 12891->12896 12894 7ff7f2e31bd0 58 API calls 12892->12894 12893 7ff7f2e38660 _handle_error 8 API calls 12895 7ff7f2e32771 12893->12895 12894->12896 12895->12586 12896->12893 12897 7ff7f2e31230 116 API calls 12897->12902 12898 7ff7f2e31640 59 API calls 12898->12902 12899 7ff7f2e31df0 47 API calls 12899->12902 12900 7ff7f2e327b3 12901 7ff7f2e31bd0 58 API calls 12900->12901 12901->12896 12902->12896 12902->12897 12902->12898 12902->12899 12902->12900 12903 7ff7f2e326f7 htonl 12902->12903 12904 7ff7f2e32798 12902->12904 12906 7ff7f2e3277d 12902->12906 12903->12902 12905 7ff7f2e31bd0 58 API calls 12904->12905 12905->12896 12907 7ff7f2e31bd0 58 API calls 12906->12907 12907->12896 12909 7ff7f2e355f0 56 API calls 12908->12909 12910 7ff7f2e34bdf 12909->12910 12911 7ff7f2e355f0 56 API calls 12910->12911 12912 7ff7f2e34bef 12911->12912 12913 7ff7f2e3f728 36 API calls 12912->12913 12914 7ff7f2e34bfd 12913->12914 12914->12578 12916 7ff7f2e34c80 setbuf 12915->12916 12917 7ff7f2e355f0 56 API calls 12916->12917 12918 7ff7f2e34cb1 12917->12918 15167 7ff7f2e403e4 12918->15167 12921 7ff7f2e403e4 18 API calls 12922 7ff7f2e34cca 12921->12922 12923 7ff7f2e403e4 18 API calls 12922->12923 12924 7ff7f2e34cd4 12923->12924 12925 7ff7f2e403e4 18 API calls 12924->12925 12926 7ff7f2e34cde GetStartupInfoW 12925->12926 12927 7ff7f2e34d2b 12926->12927 12928 7ff7f2e422d8 fread_s 32 API calls 12927->12928 12929 7ff7f2e34d33 12928->12929 15185 7ff7f2e3ff54 12929->15185 12931 7ff7f2e34d3a 12932 7ff7f2e422d8 fread_s 32 API calls 12931->12932 12933 7ff7f2e34d51 12932->12933 12934 7ff7f2e3ff54 32 API calls 12933->12934 12935 7ff7f2e34d58 12934->12935 12936 7ff7f2e422d8 fread_s 32 API calls 12935->12936 12937 7ff7f2e34d70 12936->12937 12938 7ff7f2e3ff54 32 API calls 12937->12938 12987 7ff7f2e386a0 12968->12987 12971 7ff7f2e31ac9 __scrt_initialize_default_local_stdio_options 12989 7ff7f2e3d7b0 12971->12989 12975 7ff7f2e31b00 12976 7ff7f2e31df0 47 API calls 12975->12976 12977 7ff7f2e31b28 __scrt_fastfail 12976->12977 12978 7ff7f2e355f0 53 API calls 12977->12978 12979 7ff7f2e31b55 12978->12979 12980 7ff7f2e31b5a 12979->12980 12981 7ff7f2e31b94 MessageBoxA 12979->12981 12983 7ff7f2e355f0 53 API calls 12980->12983 12982 7ff7f2e31bae 12981->12982 12984 7ff7f2e38660 _handle_error 8 API calls 12982->12984 12985 7ff7f2e31b74 MessageBoxW 12983->12985 12986 7ff7f2e31bbe 12984->12986 12985->12982 12986->12769 12988 7ff7f2e31a9c GetLastError 12987->12988 12988->12971 12990 7ff7f2e3d80e 12989->12990 12991 7ff7f2e3d7f6 12989->12991 12990->12991 12993 7ff7f2e3d818 12990->12993 12992 7ff7f2e3dcd4 _get_daylight 15 API calls 12991->12992 12994 7ff7f2e3d7fb 12992->12994 13030 7ff7f2e3b9e4 12993->13030 12996 7ff7f2e43130 _invalid_parameter_noinfo 32 API calls 12994->12996 13015 7ff7f2e3d806 12996->13015 12997 7ff7f2e38660 _handle_error 8 API calls 12999 7ff7f2e31af9 12997->12999 12998 7ff7f2e3d829 __scrt_fastfail 13038 7ff7f2e3b8e8 12998->13038 13016 7ff7f2e35180 12999->13016 13004 7ff7f2e3d8a5 13006 7ff7f2e42300 __free_lconv_num 15 API calls 13004->13006 13005 7ff7f2e3d8d4 13007 7ff7f2e3d92c 13005->13007 13008 7ff7f2e3d950 13005->13008 13009 7ff7f2e3d8e3 13005->13009 13010 7ff7f2e3d8da 13005->13010 13006->13015 13011 7ff7f2e42300 __free_lconv_num 15 API calls 13007->13011 13008->13007 13012 7ff7f2e3d95a 13008->13012 13013 7ff7f2e42300 __free_lconv_num 15 API calls 13009->13013 13010->13007 13010->13009 13011->13015 13014 7ff7f2e42300 __free_lconv_num 15 API calls 13012->13014 13013->13015 13014->13015 13015->12997 13017 7ff7f2e3518a setbuf 13016->13017 13018 7ff7f2e351ab FormatMessageW 13017->13018 13019 7ff7f2e351a5 GetLastError 13017->13019 13020 7ff7f2e35212 13018->13020 13021 7ff7f2e351e0 13018->13021 13019->13018 13536 7ff7f2e356f0 13020->13536 13022 7ff7f2e31a80 54 API calls 13021->13022 13024 7ff7f2e351f3 13022->13024 13026 7ff7f2e38660 _handle_error 8 API calls 13024->13026 13027 7ff7f2e3520a 13026->13027 13027->12975 13028 7ff7f2e38660 _handle_error 8 API calls 13029 7ff7f2e3524c 13028->13029 13029->12975 13031 7ff7f2e3b9fa 13030->13031 13032 7ff7f2e3b9ff 13030->13032 13031->12998 13032->13031 13057 7ff7f2e46360 GetLastError 13032->13057 13034 7ff7f2e3ba1c 13077 7ff7f2e464f4 13034->13077 13039 7ff7f2e3dcd4 _get_daylight 15 API calls 13038->13039 13040 7ff7f2e3b957 13039->13040 13041 7ff7f2e3bbe8 13040->13041 13042 7ff7f2e3bc1c 13041->13042 13043 7ff7f2e3bc04 13041->13043 13042->13043 13045 7ff7f2e3bc23 13042->13045 13044 7ff7f2e3dcd4 _get_daylight 15 API calls 13043->13044 13046 7ff7f2e3bc09 13044->13046 13048 7ff7f2e3bdd6 13045->13048 13053 7ff7f2e3bc14 13045->13053 13153 7ff7f2e3c494 13045->13153 13169 7ff7f2e3c174 13045->13169 13191 7ff7f2e3bae4 13045->13191 13194 7ff7f2e3c068 13045->13194 13047 7ff7f2e43130 _invalid_parameter_noinfo 32 API calls 13046->13047 13047->13053 13049 7ff7f2e3dcd4 _get_daylight 15 API calls 13048->13049 13051 7ff7f2e3bddb 13049->13051 13052 7ff7f2e43130 _invalid_parameter_noinfo 32 API calls 13051->13052 13052->13053 13053->13004 13053->13005 13058 7ff7f2e46382 13057->13058 13059 7ff7f2e4637d 13057->13059 13060 7ff7f2e42458 pre_c_initialization 15 API calls 13058->13060 13063 7ff7f2e463cb 13058->13063 13061 7ff7f2e4558c abort 6 API calls 13059->13061 13062 7ff7f2e46399 13060->13062 13061->13058 13064 7ff7f2e463a1 13062->13064 13065 7ff7f2e455e4 abort 6 API calls 13062->13065 13066 7ff7f2e463d0 SetLastError 13063->13066 13067 7ff7f2e463e6 SetLastError 13063->13067 13069 7ff7f2e42300 __free_lconv_num 15 API calls 13064->13069 13070 7ff7f2e463b8 13065->13070 13066->13034 13085 7ff7f2e42400 13067->13085 13072 7ff7f2e463a8 13069->13072 13070->13064 13073 7ff7f2e463bf 13070->13073 13072->13067 13074 7ff7f2e46110 abort 15 API calls 13073->13074 13075 7ff7f2e463c4 13074->13075 13076 7ff7f2e42300 __free_lconv_num 15 API calls 13075->13076 13076->13063 13078 7ff7f2e46509 13077->13078 13079 7ff7f2e3ba40 13077->13079 13078->13079 13129 7ff7f2e4adb8 13078->13129 13081 7ff7f2e46528 13079->13081 13082 7ff7f2e4653d 13081->13082 13083 7ff7f2e46550 13081->13083 13082->13083 13141 7ff7f2e4a068 13082->13141 13083->13031 13094 7ff7f2e400f8 13085->13094 13120 7ff7f2e3ffcc 13094->13120 13125 7ff7f2e48264 EnterCriticalSection 13120->13125 13130 7ff7f2e46360 abort 36 API calls 13129->13130 13131 7ff7f2e4adc7 13130->13131 13139 7ff7f2e4ae19 13131->13139 13140 7ff7f2e48264 EnterCriticalSection 13131->13140 13139->13079 13142 7ff7f2e46360 abort 36 API calls 13141->13142 13143 7ff7f2e4a077 13142->13143 13144 7ff7f2e4a092 13143->13144 13152 7ff7f2e48264 EnterCriticalSection 13143->13152 13146 7ff7f2e4a118 13144->13146 13149 7ff7f2e42400 abort 36 API calls 13144->13149 13146->13083 13149->13146 13154 7ff7f2e3c51b 13153->13154 13165 7ff7f2e3c4be 13153->13165 13155 7ff7f2e3c520 13154->13155 13156 7ff7f2e3c59f 13154->13156 13159 7ff7f2e3c585 13155->13159 13162 7ff7f2e3c52a 13155->13162 13217 7ff7f2e3cadc 13156->13217 13158 7ff7f2e3c4fc 13161 7ff7f2e3c5a8 13158->13161 13201 7ff7f2e3cf3c 13158->13201 13205 7ff7f2e3d238 13159->13205 13161->13045 13162->13161 13167 7ff7f2e3c50c 13162->13167 13211 7ff7f2e3d098 13162->13211 13165->13156 13165->13158 13165->13161 13165->13162 13166 7ff7f2e3c4ee 13165->13166 13165->13167 13166->13156 13166->13158 13166->13167 13167->13161 13225 7ff7f2e3d46c 13167->13225 13170 7ff7f2e3c198 13169->13170 13171 7ff7f2e3c17f 13169->13171 13173 7ff7f2e3dcd4 _get_daylight 15 API calls 13170->13173 13174 7ff7f2e3c1bc 13170->13174 13172 7ff7f2e3c51b 13171->13172 13171->13174 13186 7ff7f2e3c4be 13171->13186 13175 7ff7f2e3c520 13172->13175 13176 7ff7f2e3c59f 13172->13176 13177 7ff7f2e3c1b1 13173->13177 13174->13045 13181 7ff7f2e3c585 13175->13181 13183 7ff7f2e3c52a 13175->13183 13179 7ff7f2e3cadc 45 API calls 13176->13179 13178 7ff7f2e43130 _invalid_parameter_noinfo 32 API calls 13177->13178 13178->13174 13188 7ff7f2e3c50c 13179->13188 13180 7ff7f2e3c4fc 13184 7ff7f2e3cf3c 38 API calls 13180->13184 13190 7ff7f2e3c5a8 13180->13190 13182 7ff7f2e3d238 32 API calls 13181->13182 13182->13188 13185 7ff7f2e3d098 32 API calls 13183->13185 13183->13188 13183->13190 13184->13188 13185->13188 13186->13176 13186->13180 13186->13183 13187 7ff7f2e3c4ee 13186->13187 13186->13188 13186->13190 13187->13176 13187->13180 13187->13188 13189 7ff7f2e3d46c 38 API calls 13188->13189 13188->13190 13189->13190 13190->13045 13505 7ff7f2e45ca0 13191->13505 13530 7ff7f2e3c0dc 13194->13530 13197 7ff7f2e3dcd4 _get_daylight 15 API calls 13198 7ff7f2e3c0c9 13197->13198 13200 7ff7f2e43130 _invalid_parameter_noinfo 32 API calls 13198->13200 13199 7ff7f2e3c07c 13199->13045 13200->13199 13203 7ff7f2e3cf58 13201->13203 13202 7ff7f2e3cfa1 13202->13167 13203->13202 13231 7ff7f2e45fd4 13203->13231 13209 7ff7f2e3d260 13205->13209 13206 7ff7f2e3dcd4 _get_daylight 15 API calls 13207 7ff7f2e3d269 13206->13207 13208 7ff7f2e43130 _invalid_parameter_noinfo 32 API calls 13207->13208 13210 7ff7f2e3d274 13208->13210 13209->13206 13209->13210 13210->13167 13212 7ff7f2e3d0b9 13211->13212 13213 7ff7f2e3dcd4 _get_daylight 15 API calls 13212->13213 13216 7ff7f2e3d104 13212->13216 13214 7ff7f2e3d0f9 13213->13214 13215 7ff7f2e43130 _invalid_parameter_noinfo 32 API calls 13214->13215 13215->13216 13216->13167 13218 7ff7f2e3caf4 13217->13218 13253 7ff7f2e3b5c4 13218->13253 13224 7ff7f2e3cc2f 13224->13167 13226 7ff7f2e3d4f9 13225->13226 13227 7ff7f2e3d493 13225->13227 13228 7ff7f2e38660 _handle_error 8 API calls 13226->13228 13227->13226 13229 7ff7f2e45fd4 38 API calls 13227->13229 13230 7ff7f2e3d531 13228->13230 13229->13227 13230->13161 13234 7ff7f2e45e50 13231->13234 13235 7ff7f2e45e73 13234->13235 13236 7ff7f2e45e78 13235->13236 13237 7ff7f2e45eaa 13235->13237 13238 7ff7f2e45e97 13235->13238 13236->13202 13240 7ff7f2e3b9e4 36 API calls 13237->13240 13239 7ff7f2e3dcd4 _get_daylight 15 API calls 13238->13239 13241 7ff7f2e45e9c 13239->13241 13242 7ff7f2e45ebc 13240->13242 13243 7ff7f2e43130 _invalid_parameter_noinfo 32 API calls 13241->13243 13244 7ff7f2e45ecb 13242->13244 13245 7ff7f2e45f44 WideCharToMultiByte 13242->13245 13243->13236 13246 7ff7f2e45f27 __scrt_fastfail 13244->13246 13247 7ff7f2e45edd __scrt_fastfail 13244->13247 13245->13247 13248 7ff7f2e45f98 GetLastError 13245->13248 13246->13236 13250 7ff7f2e3dcd4 _get_daylight 15 API calls 13246->13250 13247->13236 13249 7ff7f2e3dcd4 _get_daylight 15 API calls 13247->13249 13248->13246 13248->13247 13249->13236 13251 7ff7f2e45fc3 13250->13251 13252 7ff7f2e43130 _invalid_parameter_noinfo 32 API calls 13251->13252 13252->13236 13254 7ff7f2e3b5f1 13253->13254 13255 7ff7f2e3b600 13253->13255 13256 7ff7f2e3dcd4 _get_daylight 15 API calls 13254->13256 13257 7ff7f2e3b5f6 13255->13257 13258 7ff7f2e42340 fread_s 16 API calls 13255->13258 13256->13257 13263 7ff7f2e46f94 13257->13263 13259 7ff7f2e3b62c 13258->13259 13260 7ff7f2e3b640 13259->13260 13261 7ff7f2e42300 __free_lconv_num 15 API calls 13259->13261 13262 7ff7f2e42300 __free_lconv_num 15 API calls 13260->13262 13261->13260 13262->13257 13264 7ff7f2e46fd9 13263->13264 13265 7ff7f2e46fc1 13263->13265 13264->13265 13270 7ff7f2e46ff0 13264->13270 13266 7ff7f2e3dcd4 _get_daylight 15 API calls 13265->13266 13267 7ff7f2e46fc6 13266->13267 13268 7ff7f2e43130 _invalid_parameter_noinfo 32 API calls 13267->13268 13269 7ff7f2e3cc12 13268->13269 13269->13224 13288 7ff7f2e3ba74 13269->13288 13274 7ff7f2e47023 13270->13274 13276 7ff7f2e47044 13270->13276 13271 7ff7f2e47180 13414 7ff7f2e465c4 13271->13414 13272 7ff7f2e47147 13407 7ff7f2e46924 13272->13407 13295 7ff7f2e46e50 13274->13295 13275 7ff7f2e470bd 13338 7ff7f2e4bde0 13275->13338 13276->13271 13276->13272 13276->13275 13280 7ff7f2e47081 13276->13280 13283 7ff7f2e47073 13276->13283 13328 7ff7f2e46d18 13280->13328 13283->13272 13285 7ff7f2e4707c 13283->13285 13285->13275 13285->13280 13286 7ff7f2e47114 13286->13269 13404 7ff7f2e46bd0 13286->13404 13474 7ff7f2e45c74 13288->13474 13290 7ff7f2e3ba8c 13291 7ff7f2e3baa0 13290->13291 13478 7ff7f2e45a70 13290->13478 13293 7ff7f2e45c74 44 API calls 13291->13293 13294 7ff7f2e3baa8 13293->13294 13294->13224 13296 7ff7f2e46e7e 13295->13296 13299 7ff7f2e46e9c 13295->13299 13297 7ff7f2e38660 _handle_error 8 API calls 13296->13297 13298 7ff7f2e46e93 13297->13298 13298->13269 13424 7ff7f2e423a0 13299->13424 13302 7ff7f2e46f7c 13303 7ff7f2e43150 _wfindfirst32i64 17 API calls 13302->13303 13306 7ff7f2e46f91 13303->13306 13304 7ff7f2e46fc1 13305 7ff7f2e3dcd4 _get_daylight 15 API calls 13304->13305 13307 7ff7f2e46fc6 13305->13307 13306->13304 13309 7ff7f2e46ff0 13306->13309 13308 7ff7f2e43130 _invalid_parameter_noinfo 32 API calls 13307->13308 13320 7ff7f2e46fd2 13308->13320 13312 7ff7f2e47044 13309->13312 13314 7ff7f2e47023 13309->13314 13310 7ff7f2e47180 13313 7ff7f2e465c4 37 API calls 13310->13313 13311 7ff7f2e47147 13316 7ff7f2e46924 37 API calls 13311->13316 13312->13310 13312->13311 13315 7ff7f2e470bd 13312->13315 13319 7ff7f2e47081 13312->13319 13323 7ff7f2e47073 13312->13323 13313->13320 13318 7ff7f2e46e50 37 API calls 13314->13318 13317 7ff7f2e4bde0 33 API calls 13315->13317 13316->13320 13322 7ff7f2e470e7 13317->13322 13318->13320 13321 7ff7f2e46d18 37 API calls 13319->13321 13320->13269 13321->13320 13324 7ff7f2e4b848 32 API calls 13322->13324 13323->13311 13325 7ff7f2e4707c 13323->13325 13326 7ff7f2e47114 13324->13326 13325->13315 13325->13319 13326->13320 13327 7ff7f2e46bd0 36 API calls 13326->13327 13327->13320 13329 7ff7f2e4bde0 33 API calls 13328->13329 13330 7ff7f2e46d5c 13329->13330 13331 7ff7f2e4b848 32 API calls 13330->13331 13334 7ff7f2e46d95 13331->13334 13332 7ff7f2e46d99 13332->13269 13333 7ff7f2e46df7 13433 7ff7f2e469f4 13333->13433 13334->13332 13334->13333 13335 7ff7f2e46dbb 13334->13335 13337 7ff7f2e46bd0 36 API calls 13335->13337 13337->13332 13339 7ff7f2e4be2e fegetenv 13338->13339 13340 7ff7f2e4be9b 13339->13340 13343 7ff7f2e4bec2 13339->13343 13341 7ff7f2e423a0 32 API calls 13340->13341 13342 7ff7f2e4beb5 13341->13342 13344 7ff7f2e4bebd 13342->13344 13345 7ff7f2e4d02e 13342->13345 13346 7ff7f2e4d090 13343->13346 13347 7ff7f2e4bee1 13343->13347 13355 7ff7f2e43150 _wfindfirst32i64 17 API calls 13344->13355 13352 7ff7f2e38660 _handle_error 8 API calls 13345->13352 13348 7ff7f2e423a0 32 API calls 13346->13348 13349 7ff7f2e4beea 13347->13349 13350 7ff7f2e4d071 13347->13350 13351 7ff7f2e4d0a6 13348->13351 13353 7ff7f2e4bef3 13349->13353 13354 7ff7f2e4d052 13349->13354 13356 7ff7f2e423a0 32 API calls 13350->13356 13351->13345 13358 7ff7f2e4d135 13351->13358 13359 7ff7f2e470e7 13352->13359 13360 7ff7f2e4befc 13353->13360 13361 7ff7f2e4d033 13353->13361 13362 7ff7f2e423a0 32 API calls 13354->13362 13363 7ff7f2e4d04d 13355->13363 13357 7ff7f2e4d087 13356->13357 13357->13345 13364 7ff7f2e4d08b 13357->13364 13366 7ff7f2e43150 _wfindfirst32i64 17 API calls 13358->13366 13395 7ff7f2e4b848 13359->13395 13446 7ff7f2e4f5c0 13360->13446 13365 7ff7f2e423a0 32 API calls 13361->13365 13368 7ff7f2e4d068 13362->13368 13372 7ff7f2e43150 _wfindfirst32i64 17 API calls 13363->13372 13373 7ff7f2e43150 _wfindfirst32i64 17 API calls 13364->13373 13369 7ff7f2e4d049 13365->13369 13370 7ff7f2e4d14a 13366->13370 13368->13345 13371 7ff7f2e4d06c 13368->13371 13369->13345 13369->13363 13374 7ff7f2e43150 _wfindfirst32i64 17 API calls 13371->13374 13372->13371 13373->13358 13374->13364 13375 7ff7f2e4bf6e __scrt_fastfail 13376 7ff7f2e3dcd4 _get_daylight 15 API calls 13375->13376 13377 7ff7f2e4bff8 memcpy_s 13375->13377 13379 7ff7f2e4c49c 13376->13379 13378 7ff7f2e4c97a __scrt_fastfail memcpy_s 13377->13378 13386 7ff7f2e4c4bc __scrt_fastfail memcpy_s 13377->13386 13380 7ff7f2e4cdb5 13378->13380 13383 7ff7f2e4c8aa 13378->13383 13388 7ff7f2e3dcd4 15 API calls _get_daylight 13378->13388 13390 7ff7f2e43130 32 API calls _invalid_parameter_noinfo 13378->13390 13382 7ff7f2e43130 _invalid_parameter_noinfo 32 API calls 13379->13382 13464 7ff7f2e4b910 13380->13464 13382->13377 13383->13380 13455 7ff7f2e4d14c 13383->13455 13385 7ff7f2e4ce64 13385->13385 13387 7ff7f2e4d14c memcpy_s 32 API calls 13385->13387 13393 7ff7f2e4cebc 13385->13393 13386->13383 13389 7ff7f2e3dcd4 15 API calls _get_daylight 13386->13389 13391 7ff7f2e43130 32 API calls _invalid_parameter_noinfo 13386->13391 13387->13393 13388->13378 13389->13386 13390->13378 13391->13386 13392 7ff7f2e4b910 32 API calls 13392->13393 13393->13345 13393->13392 13394 7ff7f2e4d14c memcpy_s 32 API calls 13393->13394 13394->13393 13396 7ff7f2e4b86d 13395->13396 13397 7ff7f2e4b855 13395->13397 13396->13397 13400 7ff7f2e4b886 13396->13400 13398 7ff7f2e3dcd4 _get_daylight 15 API calls 13397->13398 13403 7ff7f2e4b866 memcpy_s 13397->13403 13399 7ff7f2e4b85a 13398->13399 13402 7ff7f2e43130 _invalid_parameter_noinfo 32 API calls 13399->13402 13401 7ff7f2e3dcd4 _get_daylight 15 API calls 13400->13401 13401->13399 13402->13403 13403->13286 13405 7ff7f2e3b9e4 36 API calls 13404->13405 13406 7ff7f2e46c00 __scrt_fastfail memcpy_s 13405->13406 13406->13269 13408 7ff7f2e4bde0 33 API calls 13407->13408 13409 7ff7f2e46960 13408->13409 13410 7ff7f2e4b848 32 API calls 13409->13410 13411 7ff7f2e46996 13410->13411 13412 7ff7f2e4699a 13411->13412 13413 7ff7f2e469f4 36 API calls 13411->13413 13412->13269 13413->13412 13415 7ff7f2e3b9e4 36 API calls 13414->13415 13416 7ff7f2e46611 13415->13416 13417 7ff7f2e4661c 13416->13417 13418 7ff7f2e46632 13416->13418 13419 7ff7f2e3dcd4 _get_daylight 15 API calls 13417->13419 13420 7ff7f2e46924 37 API calls 13418->13420 13423 7ff7f2e4662d __scrt_fastfail strrchr 13418->13423 13421 7ff7f2e46621 13419->13421 13420->13423 13422 7ff7f2e43130 _invalid_parameter_noinfo 32 API calls 13421->13422 13422->13423 13423->13269 13425 7ff7f2e423b7 13424->13425 13426 7ff7f2e423ad 13424->13426 13427 7ff7f2e3dcd4 _get_daylight 15 API calls 13425->13427 13426->13425 13431 7ff7f2e423d2 13426->13431 13428 7ff7f2e423be 13427->13428 13429 7ff7f2e43130 _invalid_parameter_noinfo 32 API calls 13428->13429 13430 7ff7f2e423ca 13429->13430 13430->13296 13430->13302 13431->13430 13432 7ff7f2e3dcd4 _get_daylight 15 API calls 13431->13432 13432->13428 13434 7ff7f2e46a59 13433->13434 13435 7ff7f2e46a2b 13433->13435 13436 7ff7f2e3b9e4 36 API calls 13434->13436 13437 7ff7f2e3dcd4 _get_daylight 15 API calls 13435->13437 13441 7ff7f2e46a6b memcpy_s 13436->13441 13438 7ff7f2e46a30 13437->13438 13439 7ff7f2e43130 _invalid_parameter_noinfo 32 API calls 13438->13439 13440 7ff7f2e46a3c 13439->13440 13440->13332 13441->13441 13442 7ff7f2e423a0 32 API calls 13441->13442 13443 7ff7f2e46b0d memcpy_s 13442->13443 13444 7ff7f2e43150 _wfindfirst32i64 17 API calls 13443->13444 13445 7ff7f2e46bce 13444->13445 13447 7ff7f2e4f8c0 13446->13447 13449 7ff7f2e4f5d7 13446->13449 13448 7ff7f2e4f870 13453 7ff7f2e508f0 _log10_special 24 API calls 13448->13453 13454 7ff7f2e4f866 13448->13454 13449->13448 13450 7ff7f2e4f852 13449->13450 13451 7ff7f2e4f63f 13449->13451 13452 7ff7f2e508f0 _log10_special 24 API calls 13450->13452 13451->13375 13452->13454 13453->13454 13454->13375 13458 7ff7f2e4d169 memcpy_s 13455->13458 13459 7ff7f2e4d16d __scrt_fastfail 13455->13459 13456 7ff7f2e4d172 13457 7ff7f2e3dcd4 _get_daylight 15 API calls 13456->13457 13460 7ff7f2e4d177 13457->13460 13458->13380 13459->13456 13459->13458 13461 7ff7f2e4d1ad 13459->13461 13462 7ff7f2e43130 _invalid_parameter_noinfo 32 API calls 13460->13462 13461->13458 13463 7ff7f2e3dcd4 _get_daylight 15 API calls 13461->13463 13462->13458 13463->13460 13465 7ff7f2e4b938 13464->13465 13473 7ff7f2e4b92c 13464->13473 13466 7ff7f2e4b9a7 13465->13466 13467 7ff7f2e4b97f 13465->13467 13465->13473 13469 7ff7f2e4b9ac 13466->13469 13470 7ff7f2e4b9e5 13466->13470 13468 7ff7f2e4d14c memcpy_s 32 API calls 13467->13468 13468->13473 13471 7ff7f2e4d14c memcpy_s 32 API calls 13469->13471 13472 7ff7f2e4d14c memcpy_s 32 API calls 13470->13472 13471->13473 13472->13473 13473->13385 13475 7ff7f2e45c82 13474->13475 13477 7ff7f2e45c89 13474->13477 13484 7ff7f2e45b34 13475->13484 13477->13290 13479 7ff7f2e45a83 13478->13479 13480 7ff7f2e45aab 13478->13480 13481 7ff7f2e3b9e4 36 API calls 13479->13481 13480->13290 13482 7ff7f2e45a8f 13481->13482 13482->13480 13496 7ff7f2e4b128 13482->13496 13485 7ff7f2e3b9e4 36 API calls 13484->13485 13486 7ff7f2e45b52 13485->13486 13487 7ff7f2e45b5a 13486->13487 13488 7ff7f2e45b92 13486->13488 13489 7ff7f2e45ae4 40 API calls 13487->13489 13490 7ff7f2e481dc 36 API calls 13488->13490 13492 7ff7f2e45bb7 13488->13492 13495 7ff7f2e45b65 13489->13495 13490->13492 13491 7ff7f2e3dcd4 _get_daylight 15 API calls 13493 7ff7f2e45bbb 13491->13493 13492->13491 13492->13493 13494 7ff7f2e4b7b0 41 API calls 13493->13494 13494->13495 13495->13477 13497 7ff7f2e3b9e4 36 API calls 13496->13497 13498 7ff7f2e4b162 13497->13498 13499 7ff7f2e4b16c 13498->13499 13500 7ff7f2e481dc 36 API calls 13498->13500 13502 7ff7f2e38660 _handle_error 8 API calls 13499->13502 13501 7ff7f2e4b18e 13500->13501 13504 7ff7f2e4a8d0 40 API calls 13501->13504 13503 7ff7f2e4b21e 13502->13503 13503->13480 13504->13499 13506 7ff7f2e45cb9 13505->13506 13509 7ff7f2e42510 13506->13509 13510 7ff7f2e4253e 13509->13510 13511 7ff7f2e42564 13509->13511 13512 7ff7f2e3dcd4 _get_daylight 15 API calls 13510->13512 13511->13510 13513 7ff7f2e42572 13511->13513 13514 7ff7f2e42543 13512->13514 13515 7ff7f2e3b9e4 36 API calls 13513->13515 13516 7ff7f2e43130 _invalid_parameter_noinfo 32 API calls 13514->13516 13518 7ff7f2e4257e 13515->13518 13529 7ff7f2e3bb25 13516->13529 13517 7ff7f2e4b128 40 API calls 13517->13518 13518->13517 13519 7ff7f2e425d4 13518->13519 13520 7ff7f2e4264e 13519->13520 13521 7ff7f2e3dcd4 _get_daylight 15 API calls 13519->13521 13522 7ff7f2e3dcd4 _get_daylight 15 API calls 13520->13522 13525 7ff7f2e42740 13520->13525 13523 7ff7f2e42686 13521->13523 13524 7ff7f2e42735 13522->13524 13526 7ff7f2e43130 _invalid_parameter_noinfo 32 API calls 13523->13526 13527 7ff7f2e43130 _invalid_parameter_noinfo 32 API calls 13524->13527 13528 7ff7f2e3dcd4 _get_daylight 15 API calls 13525->13528 13525->13529 13526->13520 13527->13525 13528->13529 13529->13045 13531 7ff7f2e3c078 13530->13531 13532 7ff7f2e3c102 13530->13532 13531->13197 13531->13199 13532->13531 13533 7ff7f2e3dcd4 _get_daylight 15 API calls 13532->13533 13534 7ff7f2e3c15b 13533->13534 13535 7ff7f2e43130 _invalid_parameter_noinfo 32 API calls 13534->13535 13535->13531 13537 7ff7f2e35782 WideCharToMultiByte 13536->13537 13538 7ff7f2e35714 WideCharToMultiByte 13536->13538 13539 7ff7f2e357ad 13537->13539 13544 7ff7f2e35229 13537->13544 13540 7ff7f2e3573e 13538->13540 13543 7ff7f2e35755 13538->13543 13541 7ff7f2e31a80 54 API calls 13539->13541 13542 7ff7f2e31a80 54 API calls 13540->13542 13541->13544 13542->13544 13543->13537 13545 7ff7f2e3576b 13543->13545 13544->13028 13546 7ff7f2e31a80 54 API calls 13545->13546 13546->13544 13554 7ff7f2e3b5ac EnterCriticalSection 13547->13554 13556 7ff7f2e3194c __scrt_initialize_default_local_stdio_options setbuf 13555->13556 13557 7ff7f2e3d7b0 47 API calls 13556->13557 13558 7ff7f2e3199f 13557->13558 13559 7ff7f2e3dcd4 _get_daylight 15 API calls 13558->13559 13560 7ff7f2e319a4 13559->13560 13574 7ff7f2e3dcf4 13560->13574 13563 7ff7f2e31df0 47 API calls 13564 7ff7f2e319d3 __scrt_fastfail 13563->13564 13565 7ff7f2e355f0 56 API calls 13564->13565 13566 7ff7f2e31a00 13565->13566 13567 7ff7f2e31a3f MessageBoxA 13566->13567 13568 7ff7f2e31a05 13566->13568 13570 7ff7f2e31a59 13567->13570 13569 7ff7f2e355f0 56 API calls 13568->13569 13572 7ff7f2e31a1f MessageBoxW 13569->13572 13571 7ff7f2e38660 _handle_error 8 API calls 13570->13571 13573 7ff7f2e31a69 13571->13573 13572->13570 13573->12781 13575 7ff7f2e463f4 _get_daylight 15 API calls 13574->13575 13576 7ff7f2e3dd06 13575->13576 13577 7ff7f2e42458 pre_c_initialization 15 API calls 13576->13577 13580 7ff7f2e3dd41 13576->13580 13583 7ff7f2e319ab 13576->13583 13578 7ff7f2e3dd36 13577->13578 13579 7ff7f2e42300 __free_lconv_num 15 API calls 13578->13579 13579->13580 13580->13583 13586 7ff7f2e471f0 13580->13586 13583->13563 13584 7ff7f2e43150 _wfindfirst32i64 17 API calls 13585 7ff7f2e3dd97 13584->13585 13590 7ff7f2e47205 13586->13590 13587 7ff7f2e4720a 13588 7ff7f2e3dd78 13587->13588 13589 7ff7f2e3dcd4 _get_daylight 15 API calls 13587->13589 13588->13583 13588->13584 13591 7ff7f2e47214 13589->13591 13590->13587 13590->13588 13593 7ff7f2e4724f 13590->13593 13592 7ff7f2e43130 _invalid_parameter_noinfo 32 API calls 13591->13592 13592->13588 13593->13588 13594 7ff7f2e3dcd4 _get_daylight 15 API calls 13593->13594 13594->13591 13596 7ff7f2e3462e 13595->13596 13597 7ff7f2e42289 13595->13597 13596->12808 13597->13596 13598 7ff7f2e423a0 32 API calls 13597->13598 13599 7ff7f2e422b6 13598->13599 13599->13596 13600 7ff7f2e43150 _wfindfirst32i64 17 API calls 13599->13600 13601 7ff7f2e422d4 13600->13601 13603 7ff7f2e31df0 47 API calls 13602->13603 13604 7ff7f2e32acd strrchr 13603->13604 13604->12817 13606 7ff7f2e3168f 13605->13606 13609 7ff7f2e3169f 13605->13609 13647 7ff7f2e32c40 13606->13647 13610 7ff7f2e31738 13609->13610 13656 7ff7f2e31130 13609->13656 13610->12819 13613 7ff7f2e316b3 13667 7ff7f2e31480 13613->13667 13614 7ff7f2e316dd htonl htonl 13673 7ff7f2e3ac6c 13614->13673 13636 7ff7f2e3a60a 13635->13636 13637 7ff7f2e3a61f 13635->13637 13638 7ff7f2e3dcd4 _get_daylight 15 API calls 13636->13638 13646 7ff7f2e3a61a 13637->13646 13921 7ff7f2e3b5ac EnterCriticalSection 13637->13921 13639 7ff7f2e3a60f 13638->13639 13641 7ff7f2e43130 _invalid_parameter_noinfo 32 API calls 13639->13641 13641->13646 13646->12821 13648 7ff7f2e355f0 56 API calls 13647->13648 13649 7ff7f2e32c71 13648->13649 13650 7ff7f2e355f0 56 API calls 13649->13650 13651 7ff7f2e32c84 13650->13651 13674 7ff7f2e3e9dc 13651->13674 13654 7ff7f2e38660 _handle_error 8 API calls 13655 7ff7f2e32ca3 13654->13655 13655->13609 13657 7ff7f2e3114e 13656->13657 13904 7ff7f2e3a930 13657->13904 13659 7ff7f2e31220 13659->13613 13660 7ff7f2e31164 13660->13659 13661 7ff7f2e3a930 _fread_nolock 46 API calls 13660->13661 13662 7ff7f2e3119f 13661->13662 13663 7ff7f2e3a930 _fread_nolock 46 API calls 13662->13663 13664 7ff7f2e311c7 13663->13664 13664->13659 13665 7ff7f2e3a930 _fread_nolock 46 API calls 13664->13665 13666 7ff7f2e3120e 13665->13666 13666->13613 13668 7ff7f2e314bc 13667->13668 13669 7ff7f2e3a930 _fread_nolock 46 API calls 13668->13669 13672 7ff7f2e314d4 13668->13672 13669->13672 13670 7ff7f2e38660 _handle_error 8 API calls 13671 7ff7f2e31571 13670->13671 13671->13610 13671->13614 13672->13670 13675 7ff7f2e3e8f8 13674->13675 13676 7ff7f2e3e926 13675->13676 13678 7ff7f2e3e958 13675->13678 13677 7ff7f2e3dcd4 _get_daylight 15 API calls 13676->13677 13679 7ff7f2e3e92b 13677->13679 13680 7ff7f2e3e95e 13678->13680 13681 7ff7f2e3e96b 13678->13681 13682 7ff7f2e43130 _invalid_parameter_noinfo 32 API calls 13679->13682 13683 7ff7f2e3dcd4 _get_daylight 15 API calls 13680->13683 13693 7ff7f2e4336c 13681->13693 13692 7ff7f2e32c93 13682->13692 13683->13692 13692->13654 13706 7ff7f2e48264 EnterCriticalSection 13693->13706 13907 7ff7f2e3a950 13904->13907 13908 7ff7f2e3a948 13907->13908 13909 7ff7f2e3a97a 13907->13909 13908->13660 13909->13908 13910 7ff7f2e3a989 __scrt_fastfail 13909->13910 13911 7ff7f2e3a9ab 13909->13911 13913 7ff7f2e3dcd4 _get_daylight 15 API calls 13910->13913 13920 7ff7f2e3b5ac EnterCriticalSection 13911->13920 13915 7ff7f2e3a99e 13913->13915 13917 7ff7f2e43130 _invalid_parameter_noinfo 32 API calls 13915->13917 13917->13908 13980 7ff7f2e31230 13922->13980 13924 7ff7f2e313aa 14009 7ff7f2e34340 13924->14009 13926 7ff7f2e313b5 13927 7ff7f2e313ba 13926->13927 14018 7ff7f2e34660 13926->14018 13927->12823 13930 7ff7f2e31411 14038 7ff7f2e3b398 13930->14038 13931 7ff7f2e313f6 13932 7ff7f2e31930 58 API calls 13931->13932 13939 7ff7f2e3140c 13932->13939 13935 7ff7f2e3144b 13937 7ff7f2e3a5ec 63 API calls 13935->13937 13936 7ff7f2e31430 13938 7ff7f2e31930 58 API calls 13936->13938 13937->13939 13938->13939 13939->12823 13941 7ff7f2e31e66 setbuf 13940->13941 13942 7ff7f2e31df0 47 API calls 13941->13942 13944 7ff7f2e31e9b strchr 13942->13944 13943 7ff7f2e32152 13944->13943 13945 7ff7f2e32ab0 47 API calls 13944->13945 13946 7ff7f2e31f17 13945->13946 14541 7ff7f2e32300 13946->14541 13949 7ff7f2e31f5a 13951 7ff7f2e34340 97 API calls 13949->13951 13950 7ff7f2e32300 73 API calls 13952 7ff7f2e3200f 13950->13952 13953 7ff7f2e31f62 13951->13953 13952->13949 13954 7ff7f2e32017 13952->13954 13965 7ff7f2e31f7f 13953->13965 14549 7ff7f2e34220 13953->14549 13956 7ff7f2e32300 73 API calls 13954->13956 13958 7ff7f2e32040 13956->13958 13957 7ff7f2e31bd0 58 API calls 13975 7ff7f2e31f99 13957->13975 13959 7ff7f2e3209a 13958->13959 13960 7ff7f2e32300 73 API calls 13958->13960 13959->13965 14573 7ff7f2e32160 13959->14573 13962 7ff7f2e3206d 13960->13962 13962->13959 13967 7ff7f2e32300 73 API calls 13962->13967 13963 7ff7f2e320ad 13963->13965 13970 7ff7f2e320c8 13963->13970 13964 7ff7f2e38660 _handle_error 8 API calls 13966 7ff7f2e31fbb 13964->13966 13965->13957 13965->13975 13966->12823 13967->13959 13968 7ff7f2e31390 163 API calls 13968->13970 13969 7ff7f2e31640 59 API calls 13969->13970 13970->13968 13970->13969 13971 7ff7f2e32134 13970->13971 13970->13975 13972 7ff7f2e31bd0 58 API calls 13971->13972 13973 7ff7f2e32145 13972->13973 13974 7ff7f2e318a0 63 API calls 13973->13974 13974->13975 13975->13964 13977 7ff7f2e31662 13976->13977 13979 7ff7f2e3166e 13976->13979 13978 7ff7f2e31bd0 58 API calls 13977->13978 13978->13979 13979->12823 13981 7ff7f2e31277 htonl 13980->13981 13982 7ff7f2e31246 13980->13982 14047 7ff7f2e3ac6c 13981->14047 13983 7ff7f2e32c40 108 API calls 13982->13983 13985 7ff7f2e31256 13983->13985 13985->13981 13988 7ff7f2e3125e 13985->13988 14048 7ff7f2e31ce0 13988->14048 14010 7ff7f2e34352 14009->14010 14011 7ff7f2e34386 14009->14011 14061 7ff7f2e31590 14010->14061 14011->13926 14016 7ff7f2e31bd0 58 API calls 14017 7ff7f2e3437d 14016->14017 14017->13926 14019 7ff7f2e3466c setbuf 14018->14019 14020 7ff7f2e31df0 47 API calls 14019->14020 14021 7ff7f2e3469d 14020->14021 14022 7ff7f2e31df0 47 API calls 14021->14022 14029 7ff7f2e347d9 14021->14029 14025 7ff7f2e346c4 14022->14025 14023 7ff7f2e38660 _handle_error 8 API calls 14024 7ff7f2e313e4 htonl 14023->14024 14024->13930 14024->13931 14025->14029 14511 7ff7f2e3e768 14025->14511 14027 7ff7f2e347fc 14028 7ff7f2e355f0 56 API calls 14027->14028 14030 7ff7f2e34814 14028->14030 14029->14023 14031 7ff7f2e3483b 14030->14031 14032 7ff7f2e31ce0 58 API calls 14030->14032 14033 7ff7f2e32c40 108 API calls 14031->14033 14032->14031 14033->14029 14034 7ff7f2e346fd 14034->14027 14034->14029 14035 7ff7f2e3e768 40 API calls 14034->14035 14036 7ff7f2e355f0 56 API calls 14034->14036 14037 7ff7f2e35520 57 API calls 14034->14037 14035->14034 14036->14034 14037->14034 14039 7ff7f2e3b3b8 14038->14039 14040 7ff7f2e31425 14038->14040 14039->14040 14041 7ff7f2e3b3da 14039->14041 14042 7ff7f2e3b3c2 14039->14042 14040->13935 14040->13936 14533 7ff7f2e3b158 14041->14533 14043 7ff7f2e3dcd4 _get_daylight 15 API calls 14042->14043 14045 7ff7f2e3b3c7 14043->14045 14046 7ff7f2e43130 _invalid_parameter_noinfo 32 API calls 14045->14046 14046->14040 14049 7ff7f2e31d00 __scrt_initialize_default_local_stdio_options setbuf 14048->14049 14050 7ff7f2e3d7b0 47 API calls 14049->14050 14051 7ff7f2e31d4d __scrt_fastfail 14050->14051 14052 7ff7f2e355f0 56 API calls 14051->14052 14053 7ff7f2e31d7a 14052->14053 14054 7ff7f2e31db9 MessageBoxA 14053->14054 14055 7ff7f2e31d7f 14053->14055 14056 7ff7f2e31dd3 14054->14056 14057 7ff7f2e355f0 56 API calls 14055->14057 14058 7ff7f2e38660 _handle_error 8 API calls 14056->14058 14059 7ff7f2e31d99 MessageBoxW 14057->14059 14060 7ff7f2e3126a 14058->14060 14059->14056 14060->13924 14064 7ff7f2e315b2 14061->14064 14062 7ff7f2e31605 14066 7ff7f2e343a0 14062->14066 14063 7ff7f2e315da htonl 14063->14064 14064->14062 14064->14063 14065 7ff7f2e31bd0 58 API calls 14064->14065 14065->14064 14067 7ff7f2e343b8 setbuf 14066->14067 14068 7ff7f2e34427 14067->14068 14069 7ff7f2e343d8 14067->14069 14070 7ff7f2e3442c GetTempPathW 14068->14070 14071 7ff7f2e345b0 58 API calls 14069->14071 14072 7ff7f2e34441 14070->14072 14073 7ff7f2e343e4 14071->14073 14105 7ff7f2e34f90 14072->14105 14123 7ff7f2e340d0 14073->14123 14078 7ff7f2e38660 _handle_error 8 API calls 14081 7ff7f2e3436d 14078->14081 14080 7ff7f2e34406 14080->14070 14081->14011 14081->14016 14084 7ff7f2e3445a 14085 7ff7f2e34506 14084->14085 14089 7ff7f2e34491 14084->14089 14109 7ff7f2e409cc 14084->14109 14112 7ff7f2e35520 14084->14112 14087 7ff7f2e356f0 56 API calls 14085->14087 14088 7ff7f2e34517 14087->14088 14091 7ff7f2e355f0 56 API calls 14088->14091 14104 7ff7f2e34420 14088->14104 14090 7ff7f2e355f0 56 API calls 14089->14090 14089->14104 14092 7ff7f2e344a7 14090->14092 14093 7ff7f2e34535 14091->14093 14094 7ff7f2e344e9 SetEnvironmentVariableW 14092->14094 14095 7ff7f2e344ac 14092->14095 14094->14104 14098 7ff7f2e355f0 56 API calls 14095->14098 14104->14078 14106 7ff7f2e34fb5 __scrt_initialize_default_local_stdio_options 14105->14106 14154 7ff7f2e3d9e4 14106->14154 14264 7ff7f2e405f8 14109->14264 14113 7ff7f2e35530 setbuf 14112->14113 14388 7ff7f2e35260 GetCurrentProcess OpenProcessToken 14113->14388 14124 7ff7f2e340dc setbuf 14123->14124 14125 7ff7f2e355f0 56 API calls 14124->14125 14126 7ff7f2e340fe 14125->14126 14127 7ff7f2e34119 ExpandEnvironmentStringsW 14126->14127 14128 7ff7f2e34106 14126->14128 14130 7ff7f2e34142 14127->14130 14129 7ff7f2e31bd0 58 API calls 14128->14129 14136 7ff7f2e34112 14129->14136 14131 7ff7f2e34159 14130->14131 14132 7ff7f2e34146 14130->14132 14401 7ff7f2e3e814 14131->14401 14133 7ff7f2e31bd0 58 API calls 14132->14133 14133->14136 14135 7ff7f2e38660 _handle_error 8 API calls 14138 7ff7f2e34212 14135->14138 14136->14135 14137 7ff7f2e3416e 14138->14104 14144 7ff7f2e3f728 14138->14144 14145 7ff7f2e3f748 14144->14145 14146 7ff7f2e3f735 14144->14146 14503 7ff7f2e3f3b4 14145->14503 14148 7ff7f2e3dcd4 _get_daylight 15 API calls 14146->14148 14150 7ff7f2e3f73a 14148->14150 14151 7ff7f2e43130 _invalid_parameter_noinfo 32 API calls 14150->14151 14153 7ff7f2e3f746 14151->14153 14153->14080 14155 7ff7f2e3da2a 14154->14155 14156 7ff7f2e3da42 14154->14156 14157 7ff7f2e3dcd4 _get_daylight 15 API calls 14155->14157 14156->14155 14158 7ff7f2e3da4c 14156->14158 14159 7ff7f2e3da2f 14157->14159 14160 7ff7f2e3b9e4 36 API calls 14158->14160 14161 7ff7f2e43130 _invalid_parameter_noinfo 32 API calls 14159->14161 14162 7ff7f2e3da5d __scrt_fastfail 14160->14162 14180 7ff7f2e3da3a 14161->14180 14181 7ff7f2e3b964 14162->14181 14163 7ff7f2e38660 _handle_error 8 API calls 14164 7ff7f2e34fd4 14163->14164 14164->14084 14169 7ff7f2e3dad9 14171 7ff7f2e42300 __free_lconv_num 15 API calls 14169->14171 14170 7ff7f2e3db08 14171->14180 14180->14163 14182 7ff7f2e3dcd4 _get_daylight 15 API calls 14181->14182 14183 7ff7f2e3b9d6 14182->14183 14184 7ff7f2e3bdec 14183->14184 14185 7ff7f2e3be2b 14184->14185 14186 7ff7f2e3be13 14184->14186 14185->14186 14191 7ff7f2e3be31 14185->14191 14187 7ff7f2e3dcd4 _get_daylight 15 API calls 14186->14187 14188 7ff7f2e3be18 14187->14188 14190 7ff7f2e43130 _invalid_parameter_noinfo 32 API calls 14188->14190 14189 7ff7f2e3be23 14189->14169 14189->14170 14190->14189 14191->14189 14192 7ff7f2e3c051 14191->14192 14199 7ff7f2e3c710 14191->14199 14217 7ff7f2e3c2f0 14191->14217 14241 7ff7f2e3bb68 14191->14241 14193 7ff7f2e3dcd4 _get_daylight 15 API calls 14192->14193 14200 7ff7f2e3c7ae 14199->14200 14206 7ff7f2e3c753 14199->14206 14218 7ff7f2e3c2fb 14217->14218 14219 7ff7f2e3c314 14217->14219 14220 7ff7f2e3c7ae 14218->14220 14222 7ff7f2e3c33b 14218->14222 14234 7ff7f2e3c753 14218->14234 14221 7ff7f2e3dcd4 _get_daylight 15 API calls 14219->14221 14219->14222 14222->14191 14260 7ff7f2e45cd0 14241->14260 14317 7ff7f2e4908c 14264->14317 14366 7ff7f2e48d68 14317->14366 14389 7ff7f2e35295 GetTokenInformation 14388->14389 14392 7ff7f2e3530b 14388->14392 14402 7ff7f2e3e839 14401->14402 14403 7ff7f2e3e8cb 14401->14403 14402->14403 14404 7ff7f2e3e842 14402->14404 14430 7ff7f2e47e54 14403->14430 14406 7ff7f2e3e847 14404->14406 14407 7ff7f2e3e851 GetFullPathNameW 14404->14407 14417 7ff7f2e3e798 14406->14417 14409 7ff7f2e3e866 GetLastError 14407->14409 14410 7ff7f2e3e875 14407->14410 14411 7ff7f2e3dc64 fread_s 15 API calls 14409->14411 14412 7ff7f2e3e8a7 14410->14412 14413 7ff7f2e3e893 14410->14413 14416 7ff7f2e3e84c 14411->14416 14414 7ff7f2e3e798 34 API calls 14412->14414 14415 7ff7f2e3dcd4 _get_daylight 15 API calls 14413->14415 14414->14416 14415->14416 14416->14137 14418 7ff7f2e3e7b0 14417->14418 14419 7ff7f2e3e7c4 14417->14419 14422 7ff7f2e3dcd4 _get_daylight 15 API calls 14418->14422 14420 7ff7f2e3e7ce 14419->14420 14421 7ff7f2e3e7db GetFullPathNameW 14419->14421 14424 7ff7f2e3dcd4 _get_daylight 15 API calls 14420->14424 14421->14420 14425 7ff7f2e3e7f3 14421->14425 14423 7ff7f2e3e7b5 14422->14423 14426 7ff7f2e43130 _invalid_parameter_noinfo 32 API calls 14423->14426 14428 7ff7f2e3e7c0 14424->14428 14427 7ff7f2e3e7f7 GetLastError 14425->14427 14425->14428 14426->14428 14428->14416 14433 7ff7f2e47c14 14430->14433 14434 7ff7f2e47c3e 14433->14434 14435 7ff7f2e47c55 14433->14435 14438 7ff7f2e3dcd4 _get_daylight 15 API calls 14434->14438 14436 7ff7f2e47c7a 14435->14436 14437 7ff7f2e47c59 14435->14437 14477 7ff7f2e472c4 14436->14477 14465 7ff7f2e47dd4 14437->14465 14454 7ff7f2e47c43 14438->14454 14443 7ff7f2e43130 _invalid_parameter_noinfo 32 API calls 14454->14443 14466 7ff7f2e47dee 14465->14466 14467 7ff7f2e47e0d 14465->14467 14468 7ff7f2e3dcb4 fread_s 15 API calls 14466->14468 14469 7ff7f2e47e18 GetDriveTypeW 14467->14469 14470 7ff7f2e47e09 14467->14470 14469->14470 14478 7ff7f2e39470 __scrt_fastfail 14477->14478 14479 7ff7f2e47301 GetCurrentDirectoryW 14478->14479 14510 7ff7f2e48264 EnterCriticalSection 14503->14510 14512 7ff7f2e46360 abort 36 API calls 14511->14512 14513 7ff7f2e3e77d 14512->14513 14514 7ff7f2e47c0b 14513->14514 14517 7ff7f2e47b48 14513->14517 14520 7ff7f2e38a64 14514->14520 14518 7ff7f2e38660 _handle_error 8 API calls 14517->14518 14519 7ff7f2e47c05 14518->14519 14519->14034 14523 7ff7f2e38a78 IsProcessorFeaturePresent 14520->14523 14524 7ff7f2e38a8e 14523->14524 14529 7ff7f2e38b14 RtlCaptureContext RtlLookupFunctionEntry 14524->14529 14530 7ff7f2e38aa2 14529->14530 14531 7ff7f2e38b44 RtlVirtualUnwind 14529->14531 14532 7ff7f2e3895c SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 14530->14532 14531->14530 14540 7ff7f2e3b5ac EnterCriticalSection 14533->14540 14542 7ff7f2e32334 __scrt_initialize_default_local_stdio_options 14541->14542 14543 7ff7f2e3d7b0 47 API calls 14542->14543 14544 7ff7f2e3235a 14543->14544 14545 7ff7f2e32369 14544->14545 14594 7ff7f2e3e540 14544->14594 14547 7ff7f2e38660 _handle_error 8 API calls 14545->14547 14548 7ff7f2e31f56 14547->14548 14548->13949 14548->13950 14550 7ff7f2e3422e setbuf 14549->14550 14551 7ff7f2e32c40 108 API calls 14550->14551 14552 7ff7f2e34255 14551->14552 14553 7ff7f2e34660 125 API calls 14552->14553 14554 7ff7f2e34263 14553->14554 14555 7ff7f2e34311 14554->14555 14557 7ff7f2e3427d 14554->14557 14556 7ff7f2e3430d 14555->14556 14558 7ff7f2e3a5ec 63 API calls 14555->14558 14560 7ff7f2e38660 _handle_error 8 API calls 14556->14560 14759 7ff7f2e3a658 14557->14759 14558->14556 14561 7ff7f2e34331 14560->14561 14561->13965 14562 7ff7f2e3a5ec 63 API calls 14564 7ff7f2e34305 14562->14564 14563 7ff7f2e3a930 _fread_nolock 46 API calls 14566 7ff7f2e34282 14563->14566 14565 7ff7f2e3a5ec 63 API calls 14564->14565 14565->14556 14566->14563 14567 7ff7f2e3b398 61 API calls 14566->14567 14568 7ff7f2e342b9 14566->14568 14569 7ff7f2e3a658 32 API calls 14566->14569 14570 7ff7f2e3a684 32 API calls 14566->14570 14572 7ff7f2e342f0 14566->14572 14567->14566 14765 7ff7f2e409e8 14568->14765 14569->14566 14570->14566 14572->14562 14574 7ff7f2e34340 97 API calls 14573->14574 14575 7ff7f2e32178 14574->14575 14576 7ff7f2e318e0 58 API calls 14575->14576 14579 7ff7f2e3217d 14575->14579 14577 7ff7f2e321f5 14576->14577 14578 7ff7f2e322bc 14577->14578 14580 7ff7f2e31df0 47 API calls 14577->14580 14578->13963 14579->13963 14581 7ff7f2e32219 14580->14581 14582 7ff7f2e322c8 14581->14582 14584 7ff7f2e31df0 47 API calls 14581->14584 14583 7ff7f2e31bd0 58 API calls 14582->14583 14585 7ff7f2e322a7 14583->14585 14586 7ff7f2e32246 14584->14586 14587 7ff7f2e318a0 63 API calls 14585->14587 14586->14582 14588 7ff7f2e31df0 47 API calls 14586->14588 14587->14578 14589 7ff7f2e3226f 14588->14589 14589->14582 14590 7ff7f2e32276 14589->14590 14591 7ff7f2e31680 117 API calls 14590->14591 14592 7ff7f2e3228d 14591->14592 14592->14578 14593 7ff7f2e31930 58 API calls 14592->14593 14593->14585 14595 7ff7f2e3e557 14594->14595 14596 7ff7f2e3e54e 14594->14596 14636 7ff7f2e47574 14595->14636 14607 7ff7f2e3dd98 14596->14607 14600 7ff7f2e3e57a 14603 7ff7f2e3dd98 59 API calls 14600->14603 14601 7ff7f2e3e570 14602 7ff7f2e42300 __free_lconv_num 15 API calls 14601->14602 14604 7ff7f2e3e553 14602->14604 14605 7ff7f2e3e582 14603->14605 14604->14545 14606 7ff7f2e42300 __free_lconv_num 15 API calls 14605->14606 14606->14604 14608 7ff7f2e3ddbe 14607->14608 14609 7ff7f2e3dddd __scrt_fastfail 14607->14609 14610 7ff7f2e3dcb4 fread_s 15 API calls 14608->14610 14609->14608 14612 7ff7f2e3de0d 14609->14612 14611 7ff7f2e3ddc3 14610->14611 14613 7ff7f2e3dcd4 _get_daylight 15 API calls 14611->14613 14617 7ff7f2e3de39 CreateFileW 14612->14617 14618 7ff7f2e3de21 14612->14618 14614 7ff7f2e3ddca 14613->14614 14615 7ff7f2e43130 _invalid_parameter_noinfo 32 API calls 14614->14615 14616 7ff7f2e3ddd5 14615->14616 14616->14604 14620 7ff7f2e3de6f 14617->14620 14621 7ff7f2e3ded3 14617->14621 14619 7ff7f2e3dcd4 _get_daylight 15 API calls 14618->14619 14623 7ff7f2e3de26 14619->14623 14656 7ff7f2e3df58 GetFileType 14620->14656 14685 7ff7f2e3e434 14621->14685 14627 7ff7f2e3dcb4 fread_s 15 API calls 14623->14627 14625 7ff7f2e3de7d __scrt_fastfail 14625->14616 14630 7ff7f2e3deaf CloseHandle 14625->14630 14627->14616 14628 7ff7f2e3dee8 14706 7ff7f2e3e1f8 14628->14706 14629 7ff7f2e3dedc 14631 7ff7f2e3dc64 fread_s 15 API calls 14629->14631 14630->14616 14635 7ff7f2e3dee6 14631->14635 14635->14625 14637 7ff7f2e47599 14636->14637 14638 7ff7f2e475b0 14636->14638 14640 7ff7f2e3dcd4 _get_daylight 15 API calls 14637->14640 14638->14637 14639 7ff7f2e475b5 14638->14639 14756 7ff7f2e453a0 14639->14756 14642 7ff7f2e4759e 14640->14642 14644 7ff7f2e43130 _invalid_parameter_noinfo 32 API calls 14642->14644 14645 7ff7f2e3e567 14644->14645 14645->14600 14645->14601 14646 7ff7f2e475e8 GetLastError 14648 7ff7f2e3dc64 fread_s 15 API calls 14646->14648 14647 7ff7f2e475f7 14649 7ff7f2e42340 fread_s 16 API calls 14647->14649 14648->14645 14650 7ff7f2e47602 14649->14650 14651 7ff7f2e4760a MultiByteToWideChar 14650->14651 14652 7ff7f2e47637 14650->14652 14651->14652 14654 7ff7f2e4762a GetLastError 14651->14654 14653 7ff7f2e42300 __free_lconv_num 15 API calls 14652->14653 14653->14645 14655 7ff7f2e3dc64 fread_s 15 API calls 14654->14655 14655->14652 14657 7ff7f2e3e0a2 14656->14657 14658 7ff7f2e3dfa5 14656->14658 14659 7ff7f2e3e0aa 14657->14659 14660 7ff7f2e3e0cc 14657->14660 14661 7ff7f2e3dfbf __scrt_fastfail 14658->14661 14664 7ff7f2e3e324 25 API calls 14658->14664 14662 7ff7f2e3e0ae 14659->14662 14663 7ff7f2e3e0bd GetLastError 14659->14663 14665 7ff7f2e3e0ed PeekNamedPipe 14660->14665 14684 7ff7f2e3e08d 14660->14684 14661->14684 14723 7ff7f2e4564c 14661->14723 14666 7ff7f2e3dcd4 _get_daylight 15 API calls 14662->14666 14667 7ff7f2e3dc64 fread_s 15 API calls 14663->14667 14664->14661 14665->14684 14666->14684 14667->14684 14668 7ff7f2e38660 _handle_error 8 API calls 14670 7ff7f2e3e126 14668->14670 14670->14625 14672 7ff7f2e3e1f8 38 API calls 14673 7ff7f2e3e008 14672->14673 14728 7ff7f2e3e140 14673->14728 14676 7ff7f2e3e140 26 API calls 14677 7ff7f2e3e031 14676->14677 14678 7ff7f2e3e140 26 API calls 14677->14678 14677->14684 14679 7ff7f2e3e048 14678->14679 14680 7ff7f2e4564c 6 API calls 14679->14680 14679->14684 14681 7ff7f2e3e073 14680->14681 14681->14663 14682 7ff7f2e3e077 14681->14682 14683 7ff7f2e3dcd4 _get_daylight 15 API calls 14682->14683 14682->14684 14683->14684 14684->14668 14686 7ff7f2e3e46a 14685->14686 14687 7ff7f2e3dcd4 _get_daylight 15 API calls 14686->14687 14700 7ff7f2e3e507 14686->14700 14690 7ff7f2e3e47e 14687->14690 14688 7ff7f2e38660 _handle_error 8 API calls 14689 7ff7f2e3ded8 14688->14689 14689->14628 14689->14629 14691 7ff7f2e3dcd4 _get_daylight 15 API calls 14690->14691 14692 7ff7f2e3e485 14691->14692 14693 7ff7f2e3e814 43 API calls 14692->14693 14694 7ff7f2e3e49b 14693->14694 14695 7ff7f2e3e4ac 14694->14695 14696 7ff7f2e3e4a3 14694->14696 14698 7ff7f2e3dcd4 _get_daylight 15 API calls 14695->14698 14697 7ff7f2e3dcd4 _get_daylight 15 API calls 14696->14697 14704 7ff7f2e3e4a8 14697->14704 14699 7ff7f2e3e4b1 14698->14699 14699->14700 14701 7ff7f2e3dcd4 _get_daylight 15 API calls 14699->14701 14700->14688 14702 7ff7f2e3e4bb 14701->14702 14703 7ff7f2e3e814 43 API calls 14702->14703 14703->14704 14704->14700 14705 7ff7f2e3e4f5 GetDriveTypeW 14704->14705 14705->14700 14708 7ff7f2e3e21c 14706->14708 14707 7ff7f2e3def5 14716 7ff7f2e3e324 14707->14716 14708->14707 14739 7ff7f2e473fc 14708->14739 14710 7ff7f2e3e2b7 14710->14707 14711 7ff7f2e473fc 38 API calls 14710->14711 14712 7ff7f2e3e2ca 14711->14712 14712->14707 14713 7ff7f2e473fc 38 API calls 14712->14713 14714 7ff7f2e3e2dd 14713->14714 14714->14707 14715 7ff7f2e473fc 38 API calls 14714->14715 14715->14707 14717 7ff7f2e3e33e 14716->14717 14718 7ff7f2e3e366 14717->14718 14719 7ff7f2e3e358 14717->14719 14722 7ff7f2e3e362 14717->14722 14720 7ff7f2e472c4 25 API calls 14718->14720 14721 7ff7f2e3dc64 fread_s 15 API calls 14719->14721 14720->14722 14721->14722 14722->14635 14724 7ff7f2e45200 __vcrt_uninitialize_ptd 5 API calls 14723->14724 14725 7ff7f2e4568f 14724->14725 14726 7ff7f2e456af SetLastError 14725->14726 14727 7ff7f2e3dff5 14725->14727 14726->14727 14727->14663 14727->14672 14729 7ff7f2e3e16c FileTimeToSystemTime 14728->14729 14730 7ff7f2e3e15f 14728->14730 14732 7ff7f2e3e17e SystemTimeToTzSpecificLocalTime 14729->14732 14733 7ff7f2e3e1d5 GetLastError 14729->14733 14730->14729 14731 7ff7f2e3e167 14730->14731 14735 7ff7f2e38660 _handle_error 8 API calls 14731->14735 14732->14733 14737 7ff7f2e3e192 14732->14737 14734 7ff7f2e3dc64 fread_s 15 API calls 14733->14734 14734->14731 14736 7ff7f2e3e017 14735->14736 14736->14676 14736->14684 14737->14731 14738 7ff7f2e3dcd4 _get_daylight 15 API calls 14737->14738 14738->14731 14740 7ff7f2e47478 14739->14740 14741 7ff7f2e47413 14739->14741 14742 7ff7f2e3b9e4 36 API calls 14740->14742 14743 7ff7f2e3dcd4 _get_daylight 15 API calls 14741->14743 14748 7ff7f2e47437 14741->14748 14744 7ff7f2e474aa 14742->14744 14745 7ff7f2e4741d 14743->14745 14746 7ff7f2e474b6 14744->14746 14754 7ff7f2e474cd 14744->14754 14747 7ff7f2e43130 _invalid_parameter_noinfo 32 API calls 14745->14747 14749 7ff7f2e3dcd4 _get_daylight 15 API calls 14746->14749 14750 7ff7f2e47428 14747->14750 14748->14710 14751 7ff7f2e474bb 14749->14751 14750->14710 14753 7ff7f2e43130 _invalid_parameter_noinfo 32 API calls 14751->14753 14752 7ff7f2e4d1d4 38 API calls 14752->14754 14755 7ff7f2e474c6 14753->14755 14754->14752 14754->14755 14755->14710 14757 7ff7f2e45200 __vcrt_uninitialize_ptd 5 API calls 14756->14757 14758 7ff7f2e453c2 MultiByteToWideChar 14757->14758 14758->14646 14758->14647 14760 7ff7f2e3a661 14759->14760 14761 7ff7f2e3a671 14759->14761 14762 7ff7f2e3dcd4 _get_daylight 15 API calls 14760->14762 14761->14566 14763 7ff7f2e3a666 14762->14763 14764 7ff7f2e43130 _invalid_parameter_noinfo 32 API calls 14763->14764 14764->14761 14766 7ff7f2e409f0 14765->14766 14767 7ff7f2e40a28 14766->14767 14768 7ff7f2e40a13 14766->14768 14784 7ff7f2e3b5ac EnterCriticalSection 14767->14784 14769 7ff7f2e3dcd4 _get_daylight 15 API calls 14768->14769 14771 7ff7f2e40a18 14769->14771 14773 7ff7f2e43130 _invalid_parameter_noinfo 32 API calls 14771->14773 14775 7ff7f2e40a24 14773->14775 14775->14572 14786 7ff7f2e31df0 47 API calls 14785->14786 14787 7ff7f2e32ceb 14786->14787 14787->12874 14789 7ff7f2e3502d 14788->14789 14790 7ff7f2e35042 14788->14790 14791 7ff7f2e31a80 56 API calls 14789->14791 14793 7ff7f2e35058 14790->14793 14794 7ff7f2e3506d MultiByteToWideChar 14790->14794 14799 7ff7f2e35040 LoadLibraryA GetProcAddress GetProcAddress 14791->14799 14796 7ff7f2e31a80 56 API calls 14793->14796 14795 7ff7f2e3508e 14794->14795 14794->14799 14797 7ff7f2e31a80 56 API calls 14795->14797 14796->14799 14797->14799 14798 7ff7f2e3514f 14798->12870 14799->14798 14800 7ff7f2e350e5 14799->14800 14800->14798 14801 7ff7f2e35180 56 API calls 14800->14801 14801->14798 14803 7ff7f2e33b40 setbuf 14802->14803 14804 7ff7f2e31df0 47 API calls 14803->14804 14805 7ff7f2e33b72 14804->14805 14806 7ff7f2e33b99 14805->14806 14807 7ff7f2e33b7b 14805->14807 14809 7ff7f2e33bf0 14806->14809 14811 7ff7f2e32cc0 47 API calls 14806->14811 14808 7ff7f2e31bd0 58 API calls 14807->14808 14829 7ff7f2e33b91 14808->14829 14810 7ff7f2e32cc0 47 API calls 14809->14810 14816 7ff7f2e33c09 14810->14816 14812 7ff7f2e33bba 14811->14812 14813 7ff7f2e33bd8 14812->14813 14817 7ff7f2e31bd0 58 API calls 14812->14817 14879 7ff7f2e32bd0 14813->14879 14814 7ff7f2e38660 _handle_error 8 API calls 14819 7ff7f2e3239e 14814->14819 14815 7ff7f2e33c27 14821 7ff7f2e34e30 57 API calls 14815->14821 14816->14815 14820 7ff7f2e31bd0 58 API calls 14816->14820 14817->14813 14819->12882 14830 7ff7f2e33f30 14819->14830 14820->14815 14823 7ff7f2e33c34 14821->14823 14824 7ff7f2e33c59 14823->14824 14825 7ff7f2e33c39 14823->14825 14889 7ff7f2e32d90 GetProcAddress 14824->14889 14826 7ff7f2e31a80 56 API calls 14825->14826 14826->14829 14829->14814 14831 7ff7f2e355f0 56 API calls 14830->14831 14832 7ff7f2e33f4f 14831->14832 14833 7ff7f2e33f69 14832->14833 14834 7ff7f2e33f54 14832->14834 14837 7ff7f2e355f0 56 API calls 14833->14837 14835 7ff7f2e31bd0 58 API calls 14834->14835 14836 7ff7f2e33f60 14835->14836 14836->12884 14838 7ff7f2e33f97 14837->14838 14839 7ff7f2e33f9c 14838->14839 14840 7ff7f2e33fb6 14838->14840 14841 7ff7f2e31bd0 58 API calls 14839->14841 14843 7ff7f2e31df0 47 API calls 14840->14843 14842 7ff7f2e33fa8 14841->14842 14842->12884 14844 7ff7f2e33ff3 14843->14844 14845 7ff7f2e34022 14844->14845 14846 7ff7f2e33fff 14844->14846 14848 7ff7f2e355f0 56 API calls 14845->14848 14847 7ff7f2e31bd0 58 API calls 14846->14847 14849 7ff7f2e34014 14847->14849 14850 7ff7f2e3403b 14848->14850 14849->12884 14851 7ff7f2e3405a 14850->14851 14852 7ff7f2e34040 14850->14852 15090 7ff7f2e33c90 14851->15090 14853 7ff7f2e31bd0 58 API calls 14852->14853 14854 7ff7f2e3404c 14853->14854 14854->12884 14862 7ff7f2e338c4 14861->14862 14862->14862 14863 7ff7f2e338e6 14862->14863 14872 7ff7f2e338fb 14862->14872 14864 7ff7f2e31bd0 58 API calls 14863->14864 14865 7ff7f2e338f2 14864->14865 14865->12886 14866 7ff7f2e33a14 14866->12886 14867 7ff7f2e31640 59 API calls 14867->14872 14868 7ff7f2e31230 116 API calls 14868->14872 14869 7ff7f2e33999 htonl 14869->14872 14870 7ff7f2e3398a htonl 14870->14872 14871 7ff7f2e31bd0 58 API calls 14871->14872 14872->14866 14872->14867 14872->14868 14872->14869 14872->14870 14872->14871 14874 7ff7f2e33b11 14873->14874 14876 7ff7f2e33a4b 14873->14876 14874->12888 14875 7ff7f2e33a5f htonl 14875->14876 14876->14874 14876->14875 14876->14876 14877 7ff7f2e31640 59 API calls 14876->14877 14878 7ff7f2e31bd0 58 API calls 14876->14878 14877->14876 14878->14876 14880 7ff7f2e32bda setbuf 14879->14880 14881 7ff7f2e355f0 56 API calls 14880->14881 14882 7ff7f2e32c02 14881->14882 14883 7ff7f2e38660 _handle_error 8 API calls 14882->14883 14884 7ff7f2e32c2a 14883->14884 14884->14809 14885 7ff7f2e34e30 14884->14885 14886 7ff7f2e355f0 56 API calls 14885->14886 14887 7ff7f2e34e47 LoadLibraryExW 14886->14887 14888 7ff7f2e34e64 14887->14888 14888->14809 14890 7ff7f2e32dce GetProcAddress 14889->14890 14891 7ff7f2e32db2 14889->14891 14893 7ff7f2e32dea 14890->14893 14894 7ff7f2e32e06 GetProcAddress 14890->14894 14892 7ff7f2e31a80 56 API calls 14891->14892 14895 7ff7f2e32dc5 14892->14895 14896 7ff7f2e31a80 56 API calls 14893->14896 14897 7ff7f2e32e3e GetProcAddress 14894->14897 14898 7ff7f2e32e22 14894->14898 14895->14829 14899 7ff7f2e32dfd 14896->14899 14901 7ff7f2e32e5a 14897->14901 14902 7ff7f2e32e76 GetProcAddress 14897->14902 14900 7ff7f2e31a80 56 API calls 14898->14900 14899->14829 14905 7ff7f2e32e35 14900->14905 14906 7ff7f2e31a80 56 API calls 14901->14906 14903 7ff7f2e32eae GetProcAddress 14902->14903 14904 7ff7f2e32e92 14902->14904 14908 7ff7f2e32eca 14903->14908 14909 7ff7f2e32ee6 GetProcAddress 14903->14909 14907 7ff7f2e31a80 56 API calls 14904->14907 14905->14829 14910 7ff7f2e32e6d 14906->14910 14911 7ff7f2e32ea5 14907->14911 14912 7ff7f2e31a80 56 API calls 14908->14912 14913 7ff7f2e32f1e GetProcAddress 14909->14913 14914 7ff7f2e32f02 14909->14914 14910->14829 14911->14829 14915 7ff7f2e32edd 14912->14915 14917 7ff7f2e32f3a 14913->14917 14918 7ff7f2e32f56 GetProcAddress 14913->14918 14916 7ff7f2e31a80 56 API calls 14914->14916 14915->14829 14921 7ff7f2e32f15 14916->14921 14922 7ff7f2e31a80 56 API calls 14917->14922 14919 7ff7f2e32f8e GetProcAddress 14918->14919 14920 7ff7f2e32f72 14918->14920 14924 7ff7f2e32faa 14919->14924 14925 7ff7f2e32fc6 GetProcAddress 14919->14925 14923 7ff7f2e31a80 56 API calls 14920->14923 14921->14829 14926 7ff7f2e32f4d 14922->14926 14927 7ff7f2e32f85 14923->14927 14928 7ff7f2e31a80 56 API calls 14924->14928 14929 7ff7f2e32ffe GetProcAddress 14925->14929 14930 7ff7f2e32fe2 14925->14930 14926->14829 14927->14829 14931 7ff7f2e32fbd 14928->14931 14933 7ff7f2e3301a 14929->14933 14934 7ff7f2e33036 GetProcAddress 14929->14934 14932 7ff7f2e31a80 56 API calls 14930->14932 14931->14829 14937 7ff7f2e32ff5 14932->14937 14938 7ff7f2e31a80 56 API calls 14933->14938 14935 7ff7f2e3306e GetProcAddress 14934->14935 14936 7ff7f2e33052 14934->14936 14940 7ff7f2e3308a 14935->14940 14941 7ff7f2e330a6 GetProcAddress 14935->14941 14939 7ff7f2e31a80 56 API calls 14936->14939 14937->14829 14942 7ff7f2e3302d 14938->14942 14943 7ff7f2e33065 14939->14943 14944 7ff7f2e31a80 56 API calls 14940->14944 14945 7ff7f2e330de GetProcAddress 14941->14945 14946 7ff7f2e330c2 14941->14946 14942->14829 14943->14829 14947 7ff7f2e3309d 14944->14947 14949 7ff7f2e330fa 14945->14949 14950 7ff7f2e33116 GetProcAddress 14945->14950 14948 7ff7f2e31a80 56 API calls 14946->14948 14947->14829 14953 7ff7f2e330d5 14948->14953 14954 7ff7f2e31a80 56 API calls 14949->14954 14951 7ff7f2e3314e GetProcAddress 14950->14951 14952 7ff7f2e33132 14950->14952 14953->14829 15094 7ff7f2e33caa setbuf 15090->15094 15091 7ff7f2e38660 _handle_error 8 API calls 15093 7ff7f2e33e68 15091->15093 15092 7ff7f2e31640 59 API calls 15092->15094 15116 7ff7f2e33ea0 15093->15116 15094->15092 15095 7ff7f2e33db8 15094->15095 15097 7ff7f2e33e81 15094->15097 15101 7ff7f2e33e56 15094->15101 15096 7ff7f2e422d8 fread_s 32 API calls 15095->15096 15095->15101 15098 7ff7f2e33dcf 15096->15098 15099 7ff7f2e31bd0 58 API calls 15097->15099 15122 7ff7f2e3ec50 15098->15122 15099->15101 15101->15091 15160 7ff7f2e357e0 15116->15160 15123 7ff7f2e3eca2 15122->15123 15125 7ff7f2e3ec72 15122->15125 15124 7ff7f2e3eca7 15123->15124 15127 7ff7f2e3ecb4 15123->15127 15126 7ff7f2e3dcd4 _get_daylight 15 API calls 15124->15126 15125->15123 15130 7ff7f2e3ec92 15125->15130 15128 7ff7f2e3ed21 15127->15128 15132 7ff7f2e3ece8 15127->15132 15133 7ff7f2e3dcd4 _get_daylight 15 API calls 15130->15133 15162 7ff7f2e35802 15160->15162 15169 7ff7f2e4040c 15167->15169 15181 7ff7f2e404bf memcpy_s 15167->15181 15168 7ff7f2e404e1 15174 7ff7f2e463f4 _get_daylight 15 API calls 15168->15174 15168->15181 15169->15168 15171 7ff7f2e40423 15169->15171 15170 7ff7f2e3dcd4 _get_daylight 15 API calls 15184 7ff7f2e34cc0 15170->15184 15197 7ff7f2e48264 EnterCriticalSection 15171->15197 15175 7ff7f2e404fd 15174->15175 15178 7ff7f2e42340 fread_s 16 API calls 15175->15178 15175->15181 15178->15181 15181->15170 15181->15184 15184->12921 15186 7ff7f2e3ff5d 15185->15186 15187 7ff7f2e3ff72 15185->15187 15188 7ff7f2e3dcb4 fread_s 15 API calls 15186->15188 15189 7ff7f2e3dcb4 fread_s 15 API calls 15187->15189 15193 7ff7f2e3ff6a 15187->15193 15190 7ff7f2e3ff62 15188->15190 15191 7ff7f2e3ffad 15189->15191 15192 7ff7f2e3dcd4 _get_daylight 15 API calls 15190->15192 15194 7ff7f2e3dcd4 _get_daylight 15 API calls 15191->15194 15192->15193 15193->12931 15195 7ff7f2e3ffb5 15194->15195 15196 7ff7f2e43130 _invalid_parameter_noinfo 32 API calls 15195->15196 15196->15193 15225 7ff7f2e46360 abort 36 API calls 15224->15225 15226 7ff7f2e4223b 15225->15226 15227 7ff7f2e42400 abort 36 API calls 15226->15227 15228 7ff7f2e42256 15227->15228 15482 7ff7f2e461e0 15483 7ff7f2e461fa 15482->15483 15484 7ff7f2e461e5 15482->15484 15488 7ff7f2e46200 15484->15488 15489 7ff7f2e4624a 15488->15489 15490 7ff7f2e46242 15488->15490 15492 7ff7f2e42300 __free_lconv_num 15 API calls 15489->15492 15491 7ff7f2e42300 __free_lconv_num 15 API calls 15490->15491 15491->15489 15493 7ff7f2e46257 15492->15493 15494 7ff7f2e42300 __free_lconv_num 15 API calls 15493->15494 15495 7ff7f2e46264 15494->15495 15496 7ff7f2e42300 __free_lconv_num 15 API calls 15495->15496 15497 7ff7f2e46271 15496->15497 15498 7ff7f2e42300 __free_lconv_num 15 API calls 15497->15498 15499 7ff7f2e4627e 15498->15499 15500 7ff7f2e42300 __free_lconv_num 15 API calls 15499->15500 15501 7ff7f2e4628b 15500->15501 15502 7ff7f2e42300 __free_lconv_num 15 API calls 15501->15502 15503 7ff7f2e46298 15502->15503 15504 7ff7f2e42300 __free_lconv_num 15 API calls 15503->15504 15505 7ff7f2e462a5 15504->15505 15506 7ff7f2e42300 __free_lconv_num 15 API calls 15505->15506 15507 7ff7f2e462b5 15506->15507 15508 7ff7f2e42300 __free_lconv_num 15 API calls 15507->15508 15509 7ff7f2e462c5 15508->15509 15514 7ff7f2e45fe8 15509->15514 15528 7ff7f2e48264 EnterCriticalSection 15514->15528 15530 7ff7f2e491e0 15541 7ff7f2e4ee90 15530->15541 15542 7ff7f2e4eead 15541->15542 15543 7ff7f2e42300 __free_lconv_num 15 API calls 15542->15543 15544 7ff7f2e4eec3 15542->15544 15543->15542 15545 7ff7f2e42300 __free_lconv_num 15 API calls 15544->15545 15546 7ff7f2e491e9 15544->15546 15545->15544 15547 7ff7f2e48264 EnterCriticalSection 15546->15547 16140 7ff7f2e48360 16141 7ff7f2e4837d 16140->16141 16142 7ff7f2e48370 16140->16142 16144 7ff7f2e483d9 16141->16144 16146 7ff7f2e483ac 16141->16146 16143 7ff7f2e3dcd4 _get_daylight 15 API calls 16142->16143 16149 7ff7f2e48375 16143->16149 16145 7ff7f2e3dcd4 _get_daylight 15 API calls 16144->16145 16147 7ff7f2e483de 16145->16147 16151 7ff7f2e482d4 16146->16151 16148 7ff7f2e43130 _invalid_parameter_noinfo 32 API calls 16147->16148 16148->16149 16164 7ff7f2e3fc60 EnterCriticalSection 16151->16164 12427 7ff7f2e476c8 12428 7ff7f2e478c4 12427->12428 12431 7ff7f2e47707 _isindst 12427->12431 12429 7ff7f2e3dcd4 _get_daylight 15 API calls 12428->12429 12449 7ff7f2e47887 12429->12449 12430 7ff7f2e38660 _handle_error 8 API calls 12432 7ff7f2e478df 12430->12432 12431->12428 12433 7ff7f2e47794 _isindst 12431->12433 12452 7ff7f2e4ddb4 12433->12452 12438 7ff7f2e4791c 12439 7ff7f2e43150 _wfindfirst32i64 17 API calls 12438->12439 12441 7ff7f2e47931 12439->12441 12443 7ff7f2e47907 12445 7ff7f2e43150 _wfindfirst32i64 17 API calls 12443->12445 12445->12438 12447 7ff7f2e478f3 12448 7ff7f2e43150 _wfindfirst32i64 17 API calls 12447->12448 12448->12443 12449->12430 12450 7ff7f2e477ed 12450->12449 12478 7ff7f2e4ddf0 12450->12478 12453 7ff7f2e477af 12452->12453 12454 7ff7f2e4ddc2 12452->12454 12460 7ff7f2e4d2e8 12453->12460 12485 7ff7f2e48264 EnterCriticalSection 12454->12485 12461 7ff7f2e477c3 12460->12461 12462 7ff7f2e4d2f1 12460->12462 12461->12438 12466 7ff7f2e4d318 12461->12466 12463 7ff7f2e3dcd4 _get_daylight 15 API calls 12462->12463 12464 7ff7f2e4d2f6 12463->12464 12465 7ff7f2e43130 _invalid_parameter_noinfo 32 API calls 12464->12465 12465->12461 12467 7ff7f2e477d4 12466->12467 12468 7ff7f2e4d321 12466->12468 12467->12443 12472 7ff7f2e4d348 12467->12472 12469 7ff7f2e3dcd4 _get_daylight 15 API calls 12468->12469 12470 7ff7f2e4d326 12469->12470 12471 7ff7f2e43130 _invalid_parameter_noinfo 32 API calls 12470->12471 12471->12467 12473 7ff7f2e4d351 12472->12473 12475 7ff7f2e477e5 12472->12475 12474 7ff7f2e3dcd4 _get_daylight 15 API calls 12473->12474 12476 7ff7f2e4d356 12474->12476 12475->12447 12475->12450 12477 7ff7f2e43130 _invalid_parameter_noinfo 32 API calls 12476->12477 12477->12475 12486 7ff7f2e48264 EnterCriticalSection 12478->12486 16171 7ff7f2e3b550 16172 7ff7f2e3b55b 16171->16172 16180 7ff7f2e459ac 16172->16180 16193 7ff7f2e48264 EnterCriticalSection 16180->16193 15618 7ff7f2e419d4 15619 7ff7f2e42230 36 API calls 15618->15619 15620 7ff7f2e419d9 15619->15620 15625 7ff7f2e482b8 LeaveCriticalSection 15620->15625 16194 7ff7f2e41b54 16195 7ff7f2e41b6a 16194->16195 16196 7ff7f2e41b95 16194->16196 16202 7ff7f2e48264 EnterCriticalSection 16195->16202 16209 7ff7f2e51136 16212 7ff7f2e3b5b8 LeaveCriticalSection 16209->16212 12487 7ff7f2e44198 12488 7ff7f2e441d9 12487->12488 12489 7ff7f2e441c1 12487->12489 12490 7ff7f2e44254 12488->12490 12494 7ff7f2e4420c 12488->12494 12491 7ff7f2e3dcb4 fread_s 15 API calls 12489->12491 12492 7ff7f2e3dcb4 fread_s 15 API calls 12490->12492 12493 7ff7f2e441c6 12491->12493 12495 7ff7f2e44259 12492->12495 12496 7ff7f2e3dcd4 _get_daylight 15 API calls 12493->12496 12511 7ff7f2e3fc60 EnterCriticalSection 12494->12511 12498 7ff7f2e3dcd4 _get_daylight 15 API calls 12495->12498 12510 7ff7f2e441ce 12496->12510 12500 7ff7f2e44261 12498->12500 12503 7ff7f2e43130 _invalid_parameter_noinfo 32 API calls 12500->12503 12503->12510

            Executed Functions

            Function 00007FF7F2E4D888, Relevance: 16.1, APIs: 8, Strings: 1, Instructions: 366timeCOMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 39 7ff7f2e4d888-7ff7f2e4d8bc call 7ff7f2e4d2e0 call 7ff7f2e4d348 44 7ff7f2e4dac1-7ff7f2e4db02 call 7ff7f2e43150 call 7ff7f2e4d2e0 call 7ff7f2e4d348 39->44 45 7ff7f2e4d8c2-7ff7f2e4d8cd call 7ff7f2e4d2e8 39->45 68 7ff7f2e4dc97-7ff7f2e4dd05 call 7ff7f2e43150 call 7ff7f2e490ac 44->68 69 7ff7f2e4db08-7ff7f2e4db13 call 7ff7f2e4d2e8 44->69 50 7ff7f2e4daac-7ff7f2e4dac0 call 7ff7f2e43150 45->50 51 7ff7f2e4d8d3-7ff7f2e4d8dd 45->51 50->44 53 7ff7f2e4d905-7ff7f2e4d90e call 7ff7f2e42300 51->53 54 7ff7f2e4d8df-7ff7f2e4d8e5 51->54 67 7ff7f2e4d911-7ff7f2e4d918 53->67 58 7ff7f2e4d8e8-7ff7f2e4d8f3 54->58 62 7ff7f2e4d8fd-7ff7f2e4d8ff 58->62 63 7ff7f2e4d8f5-7ff7f2e4d8fb 58->63 62->53 66 7ff7f2e4da5c-7ff7f2e4da6c 62->66 63->58 63->62 67->67 70 7ff7f2e4d91a-7ff7f2e4d93a call 7ff7f2e42340 call 7ff7f2e42300 67->70 90 7ff7f2e4dd0e-7ff7f2e4dd11 68->90 91 7ff7f2e4dd07-7ff7f2e4dd0c 68->91 78 7ff7f2e4db19-7ff7f2e4db24 call 7ff7f2e4d318 69->78 79 7ff7f2e4dc82-7ff7f2e4dc96 call 7ff7f2e43150 69->79 70->66 85 7ff7f2e4d940-7ff7f2e4d947 70->85 92 7ff7f2e4dc6d-7ff7f2e4dc81 call 7ff7f2e43150 78->92 93 7ff7f2e4db2a-7ff7f2e4db4d call 7ff7f2e42300 GetTimeZoneInformation 78->93 79->68 85->85 89 7ff7f2e4d949-7ff7f2e4d957 call 7ff7f2e423a0 85->89 106 7ff7f2e4d95d-7ff7f2e4d977 call 7ff7f2e471f0 89->106 107 7ff7f2e4da97-7ff7f2e4daab call 7ff7f2e43150 89->107 97 7ff7f2e4dd18-7ff7f2e4dd28 call 7ff7f2e42340 90->97 98 7ff7f2e4dd13-7ff7f2e4dd16 90->98 96 7ff7f2e4dd5c-7ff7f2e4dd6e 91->96 92->79 111 7ff7f2e4db53-7ff7f2e4db75 93->111 112 7ff7f2e4dc46-7ff7f2e4dc6c call 7ff7f2e4d2d8 call 7ff7f2e4d2c8 call 7ff7f2e4d2d0 93->112 102 7ff7f2e4dd7f call 7ff7f2e4dad8 96->102 103 7ff7f2e4dd70-7ff7f2e4dd73 96->103 116 7ff7f2e4dd2a 97->116 117 7ff7f2e4dd33-7ff7f2e4dd4e call 7ff7f2e490ac 97->117 98->96 118 7ff7f2e4dd84-7ff7f2e4ddb0 call 7ff7f2e42300 call 7ff7f2e38660 102->118 103->102 108 7ff7f2e4dd75-7ff7f2e4dd7d call 7ff7f2e4d888 103->108 134 7ff7f2e4d97d-7ff7f2e4d980 106->134 135 7ff7f2e4da82-7ff7f2e4da96 call 7ff7f2e43150 106->135 107->50 108->118 119 7ff7f2e4db77-7ff7f2e4db7c 111->119 120 7ff7f2e4db7f-7ff7f2e4db86 111->120 126 7ff7f2e4dd2c-7ff7f2e4dd31 call 7ff7f2e42300 116->126 141 7ff7f2e4dd55-7ff7f2e4dd57 call 7ff7f2e42300 117->141 142 7ff7f2e4dd50-7ff7f2e4dd53 117->142 119->120 129 7ff7f2e4db88-7ff7f2e4db90 120->129 130 7ff7f2e4dba0-7ff7f2e4dba3 120->130 126->98 129->130 131 7ff7f2e4db92-7ff7f2e4db9e 129->131 133 7ff7f2e4dba6-7ff7f2e4dbe2 call 7ff7f2e4a56c WideCharToMultiByte 130->133 131->133 156 7ff7f2e4dbe4-7ff7f2e4dbe7 133->156 157 7ff7f2e4dbf2-7ff7f2e4dbf5 133->157 145 7ff7f2e4d98b-7ff7f2e4d995 134->145 146 7ff7f2e4d982-7ff7f2e4d989 134->146 135->107 141->96 142->126 153 7ff7f2e4d997 145->153 154 7ff7f2e4d99a-7ff7f2e4d9a8 call 7ff7f2e42ef8 145->154 146->134 146->145 153->154 162 7ff7f2e4d9ab-7ff7f2e4d9af 154->162 156->157 159 7ff7f2e4dbe9-7ff7f2e4dbf0 156->159 160 7ff7f2e4dbf8-7ff7f2e4dc2e WideCharToMultiByte 157->160 159->160 163 7ff7f2e4dc3f-7ff7f2e4dc43 160->163 164 7ff7f2e4dc30-7ff7f2e4dc33 160->164 165 7ff7f2e4d9b7-7ff7f2e4d9ba 162->165 166 7ff7f2e4d9b1-7ff7f2e4d9b5 162->166 163->112 164->163 167 7ff7f2e4dc35-7ff7f2e4dc3d 164->167 165->162 166->165 168 7ff7f2e4d9bc-7ff7f2e4d9bf 166->168 167->112 169 7ff7f2e4da0d-7ff7f2e4da10 168->169 170 7ff7f2e4d9c1-7ff7f2e4d9d7 call 7ff7f2e42ef8 168->170 171 7ff7f2e4da17-7ff7f2e4da25 169->171 172 7ff7f2e4da12-7ff7f2e4da14 169->172 178 7ff7f2e4d9e0-7ff7f2e4d9e4 170->178 174 7ff7f2e4da27-7ff7f2e4da3d call 7ff7f2e471f0 171->174 175 7ff7f2e4da41-7ff7f2e4da45 171->175 172->171 179 7ff7f2e4da48-7ff7f2e4da5a call 7ff7f2e4d2d8 call 7ff7f2e4d2c8 174->179 184 7ff7f2e4da3f-7ff7f2e4da81 call 7ff7f2e43150 174->184 175->179 181 7ff7f2e4d9d9-7ff7f2e4d9db 178->181 182 7ff7f2e4d9e6-7ff7f2e4d9e9 178->182 179->66 181->182 185 7ff7f2e4d9dd 181->185 182->169 186 7ff7f2e4d9eb-7ff7f2e4d9fe call 7ff7f2e42ef8 182->186 184->135 185->178 195 7ff7f2e4da07-7ff7f2e4da0b 186->195 195->169 196 7ff7f2e4da00-7ff7f2e4da02 195->196 196->169 197 7ff7f2e4da04 196->197 197->195
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.556431856.00007FF7F2E31000.00000020.00020000.sdmp, Offset: 00007FF7F2E30000, based on PE: true
            • Associated: 00000000.00000002.556406944.00007FF7F2E30000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556542572.00007FF7F2E52000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556600117.00007FF7F2E62000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556612333.00007FF7F2E6C000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556633512.00007FF7F2E6E000.00000002.00020000.sdmp Download File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7ff7f2e30000_SnapshotLogExtractor.jbxd
            Similarity
            • API ID: _get_daylight$ByteCharMultiWide_invalid_parameter_noinfo$InformationTimeZone
            • String ID: ?
            • API String ID: 3440502458-1684325040
            • Opcode ID: d64c05bb304664cf2b97b98281f8744eeb50fac2c7b3dc6a088d22b6b6b33a88
            • Instruction ID: 7232a38c1c189a831240754f93a62d2b801b50480e90ee9dead678b19f588fb6
            • Opcode Fuzzy Hash: d64c05bb304664cf2b97b98281f8744eeb50fac2c7b3dc6a088d22b6b6b33a88
            • Instruction Fuzzy Hash: 29E1F936A1C24286E720AF7194495B9BB90FB84784FE4513DEA6F43AC9CFBCD441C7A0
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00007FF7F2E343A0, Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 140COMMON
            Download Yara Rule

            Control-flow Graph

            APIs
            • GetTempPathW.KERNEL32(?,00000000,?,00007FF7F2E3436D), ref: 00007FF7F2E34436
              • Part of subcall function 00007FF7F2E345B0: GetEnvironmentVariableW.KERNEL32(00007FF7F2E32875), ref: 00007FF7F2E345EA
              • Part of subcall function 00007FF7F2E345B0: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF7F2E34607
              • Part of subcall function 00007FF7F2E3F728: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7F2E3F741
            • SetEnvironmentVariableW.KERNEL32(?,00000000,?,00007FF7F2E3436D), ref: 00007FF7F2E344F1
              • Part of subcall function 00007FF7F2E31BD0: MessageBoxW.USER32 ref: 00007FF7F2E31CA1
              • Part of subcall function 00007FF7F2E356F0: WideCharToMultiByte.KERNEL32 ref: 00007FF7F2E35731
              • Part of subcall function 00007FF7F2E355F0: MultiByteToWideChar.KERNEL32 ref: 00007FF7F2E3562A
            • SetEnvironmentVariableW.KERNEL32(?,00000000,?,00007FF7F2E3436D), ref: 00007FF7F2E34575
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.556431856.00007FF7F2E31000.00000020.00020000.sdmp, Offset: 00007FF7F2E30000, based on PE: true
            • Associated: 00000000.00000002.556406944.00007FF7F2E30000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556542572.00007FF7F2E52000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556600117.00007FF7F2E62000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556612333.00007FF7F2E6C000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556633512.00007FF7F2E6E000.00000002.00020000.sdmp Download File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7ff7f2e30000_SnapshotLogExtractor.jbxd
            Similarity
            • API ID: Environment$Variable$ByteCharMultiWide$ExpandMessagePathStringsTemp_invalid_parameter_noinfo
            • String ID: LOADER: Failed to set the TMP environment variable.$TMP$TMP$_MEI%d
            • API String ID: 758056525-1116378104
            • Opcode ID: 2d2bdefcacb6aadbbb480397837f96bc9c3d0cbe0330d54ad09c3fd6f65abb12
            • Instruction ID: db47c70f7a48e79b1ed534bdc57b14198815189c22bf852f5c288109a5e4871c
            • Opcode Fuzzy Hash: 2d2bdefcacb6aadbbb480397837f96bc9c3d0cbe0330d54ad09c3fd6f65abb12
            • Instruction Fuzzy Hash: 2B51C112B1D64651EB14B722651E1B9D6519F49FC2FE40038EC2F8B7D6EDACE805E3A0
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00007FF7F2E476C8, Relevance: 6.2, APIs: 4, Instructions: 179COMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.556431856.00007FF7F2E31000.00000020.00020000.sdmp, Offset: 00007FF7F2E30000, based on PE: true
            • Associated: 00000000.00000002.556406944.00007FF7F2E30000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556542572.00007FF7F2E52000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556600117.00007FF7F2E62000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556612333.00007FF7F2E6C000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556633512.00007FF7F2E6E000.00000002.00020000.sdmp Download File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7ff7f2e30000_SnapshotLogExtractor.jbxd
            Similarity
            • API ID: _get_daylight$_isindst
            • String ID:
            • API String ID: 4170891091-0
            • Opcode ID: e1520a55cf3b2ad4e7bdf04d44ded2f311aff5919dfb14f0c6bddabfd898c018
            • Instruction ID: 81e40e832d3213f7b736fc1c23cb4d7e4897b3e4faf4af894ddaa21937555392
            • Opcode Fuzzy Hash: e1520a55cf3b2ad4e7bdf04d44ded2f311aff5919dfb14f0c6bddabfd898c018
            • Instruction Fuzzy Hash: 87613776F0C6118AFB28EB7494497BCA351AB54358FA0023DDE2F42AC9DE7CA415C3D0
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00007FF7F2E31680, Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 91COMMON
            Download Yara Rule

            Control-flow Graph

            APIs
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.556431856.00007FF7F2E31000.00000020.00020000.sdmp, Offset: 00007FF7F2E30000, based on PE: true
            • Associated: 00000000.00000002.556406944.00007FF7F2E30000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556542572.00007FF7F2E52000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556600117.00007FF7F2E62000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556612333.00007FF7F2E6C000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556633512.00007FF7F2E6E000.00000002.00020000.sdmp Download File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7ff7f2e30000_SnapshotLogExtractor.jbxd
            Similarity
            • API ID: htonl$Message_fread_nolock_invalid_parameter_noinfo
            • String ID: Could not allocate buffer for TOC.$Could not read from file.$Error on file.$fread$malloc
            • API String ID: 85531343-2332847760
            • Opcode ID: 8befb3990a95daa580086caa848ebde3c91217c00f8e0eb034354560a534b400
            • Instruction ID: 2d551902b2c2c90a25d97f9f0d1e098b48c6000fb4380556140bd613d943af7c
            • Opcode Fuzzy Hash: 8befb3990a95daa580086caa848ebde3c91217c00f8e0eb034354560a534b400
            • Instruction Fuzzy Hash: 4B315162E1C50242EB04FB34D4692B866A0AF44F55FA4453CD53F8A2D6DEBCEC51D7A0
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00007FF7F2E387DC, Relevance: 15.1, APIs: 10, Instructions: 89COMMON
            Download Yara Rule

            Control-flow Graph

            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.556431856.00007FF7F2E31000.00000020.00020000.sdmp, Offset: 00007FF7F2E30000, based on PE: true
            • Associated: 00000000.00000002.556406944.00007FF7F2E30000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556542572.00007FF7F2E52000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556600117.00007FF7F2E62000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556612333.00007FF7F2E6C000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556633512.00007FF7F2E6E000.00000002.00020000.sdmp Download File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7ff7f2e30000_SnapshotLogExtractor.jbxd
            Similarity
            • API ID: ExceptionFilterPresentUnhandled__scrt_fastfail__scrt_is_nonwritable_in_current_image$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual__isa_available_init__scrt_acquire_startup_lock__scrt_get_show_window_mode__scrt_initialize_crt__scrt_is_managed_app__scrt_release_startup_lock__scrt_uninitialize_crt__vcrt_initialize
            • String ID:
            • API String ID: 3844032932-0
            • Opcode ID: 6af3aff750d3ff324845cc41392849d80b3bf59bea8a2c24649fe7e90d24dcc7
            • Instruction ID: 97a3bbfd078a6c8223fdaca213517f9ee15d95502db85332c0090ff6bd579859
            • Opcode Fuzzy Hash: 6af3aff750d3ff324845cc41392849d80b3bf59bea8a2c24649fe7e90d24dcc7
            • Instruction Fuzzy Hash: 68313820E0D24741FB50FB65941E3B99A916F51B85FE4003CE96F4A2D3CEAEAC04E2F1
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00007FF7F2E31230, Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 95COMMON
            Download Yara Rule

            Control-flow Graph

            APIs
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.556431856.00007FF7F2E31000.00000020.00020000.sdmp, Offset: 00007FF7F2E30000, based on PE: true
            • Associated: 00000000.00000002.556406944.00007FF7F2E30000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556542572.00007FF7F2E52000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556600117.00007FF7F2E62000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556612333.00007FF7F2E6C000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556633512.00007FF7F2E6E000.00000002.00020000.sdmp Download File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7ff7f2e30000_SnapshotLogExtractor.jbxd
            Similarity
            • API ID: htonl$Message_fread_nolock
            • String ID: Cannot open archive file$Could not allocate read buffer$Could not read from file$Error decompressing %s
            • API String ID: 1396920196-3387914768
            • Opcode ID: 47a323f9b5e6e6ecdb425a5513a6b7ce0682b0d78d8007ea1e5c8578585c2c3e
            • Instruction ID: 41ac6502e746a0ba614f4392a82384472c67e86261bf55ab9dd1b1eee11312bc
            • Opcode Fuzzy Hash: 47a323f9b5e6e6ecdb425a5513a6b7ce0682b0d78d8007ea1e5c8578585c2c3e
            • Instruction Fuzzy Hash: 63319422B1C54185EB44FB25E4452A9A760AF44BC1F940438EA2E4B7C6DF6CEC91D790
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00007FF7F2E4E78C, Relevance: 13.8, APIs: 9, Instructions: 272fileCOMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 292 7ff7f2e4e78c-7ff7f2e4e7fe call 7ff7f2e4e4bc 295 7ff7f2e4e817-7ff7f2e4e821 call 7ff7f2e3fd68 292->295 296 7ff7f2e4e800-7ff7f2e4e808 call 7ff7f2e3dcb4 292->296 302 7ff7f2e4e83b-7ff7f2e4e8a7 CreateFileW 295->302 303 7ff7f2e4e823-7ff7f2e4e839 call 7ff7f2e3dcb4 call 7ff7f2e3dcd4 295->303 301 7ff7f2e4e80b-7ff7f2e4e812 call 7ff7f2e3dcd4 296->301 316 7ff7f2e4eb5e-7ff7f2e4eb7a 301->316 306 7ff7f2e4e8ad-7ff7f2e4e8b4 302->306 307 7ff7f2e4e92f-7ff7f2e4e93a GetFileType 302->307 303->301 308 7ff7f2e4e8fc-7ff7f2e4e92a GetLastError call 7ff7f2e3dc64 306->308 309 7ff7f2e4e8b6-7ff7f2e4e8ba 306->309 311 7ff7f2e4e93c-7ff7f2e4e977 GetLastError call 7ff7f2e3dc64 CloseHandle 307->311 312 7ff7f2e4e98d-7ff7f2e4e993 307->312 308->301 309->308 314 7ff7f2e4e8bc-7ff7f2e4e8fa CreateFileW 309->314 311->301 327 7ff7f2e4e97d-7ff7f2e4e988 call 7ff7f2e3dcd4 311->327 319 7ff7f2e4e99a-7ff7f2e4e99d 312->319 320 7ff7f2e4e995-7ff7f2e4e998 312->320 314->307 314->308 324 7ff7f2e4e9a2-7ff7f2e4e9f0 call 7ff7f2e3fc84 319->324 325 7ff7f2e4e99f 319->325 320->324 330 7ff7f2e4ea04-7ff7f2e4ea2e call 7ff7f2e4e228 324->330 331 7ff7f2e4e9f2-7ff7f2e4e9fe call 7ff7f2e4e6c8 324->331 325->324 327->301 339 7ff7f2e4ea30 330->339 340 7ff7f2e4ea42-7ff7f2e4ea87 330->340 337 7ff7f2e4ea33-7ff7f2e4ea3d call 7ff7f2e432b0 331->337 338 7ff7f2e4ea00 331->338 337->316 338->330 339->337 342 7ff7f2e4eaa9-7ff7f2e4eab5 340->342 343 7ff7f2e4ea89-7ff7f2e4ea8d 340->343 345 7ff7f2e4eabb-7ff7f2e4eabf 342->345 346 7ff7f2e4eb5c 342->346 343->342 344 7ff7f2e4ea8f-7ff7f2e4eaa4 343->344 344->342 345->346 348 7ff7f2e4eac5-7ff7f2e4eb0d CloseHandle CreateFileW 345->348 346->316 349 7ff7f2e4eb0f-7ff7f2e4eb3d GetLastError call 7ff7f2e3dc64 call 7ff7f2e3fe98 348->349 350 7ff7f2e4eb42-7ff7f2e4eb57 348->350 349->350 350->346
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.556431856.00007FF7F2E31000.00000020.00020000.sdmp, Offset: 00007FF7F2E30000, based on PE: true
            • Associated: 00000000.00000002.556406944.00007FF7F2E30000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556542572.00007FF7F2E52000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556600117.00007FF7F2E62000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556612333.00007FF7F2E6C000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556633512.00007FF7F2E6E000.00000002.00020000.sdmp Download File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7ff7f2e30000_SnapshotLogExtractor.jbxd
            Similarity
            • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type_get_daylight
            • String ID:
            • API String ID: 1330151763-0
            • Opcode ID: ccf72d37bd61845afd040019ad1e9b3b9528364bda2de6505aaabc8e3a523526
            • Instruction ID: 878ee60be993a10b9381b554d97d39e57761962a363980eab485e59588a562bd
            • Opcode Fuzzy Hash: ccf72d37bd61845afd040019ad1e9b3b9528364bda2de6505aaabc8e3a523526
            • Instruction Fuzzy Hash: 06C1DF37B28A418AEB109BB4D4493AC7761FB48B98F590229CA6F577D5CF78E411C390
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00007FF7F2E4DAD8, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 155timeCOMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 355 7ff7f2e4dad8-7ff7f2e4db02 call 7ff7f2e4d2e0 call 7ff7f2e4d348 360 7ff7f2e4dc97-7ff7f2e4dd05 call 7ff7f2e43150 call 7ff7f2e490ac 355->360 361 7ff7f2e4db08-7ff7f2e4db13 call 7ff7f2e4d2e8 355->361 375 7ff7f2e4dd0e-7ff7f2e4dd11 360->375 376 7ff7f2e4dd07-7ff7f2e4dd0c 360->376 366 7ff7f2e4db19-7ff7f2e4db24 call 7ff7f2e4d318 361->366 367 7ff7f2e4dc82-7ff7f2e4dc96 call 7ff7f2e43150 361->367 377 7ff7f2e4dc6d-7ff7f2e4dc81 call 7ff7f2e43150 366->377 378 7ff7f2e4db2a-7ff7f2e4db4d call 7ff7f2e42300 GetTimeZoneInformation 366->378 367->360 381 7ff7f2e4dd18-7ff7f2e4dd28 call 7ff7f2e42340 375->381 382 7ff7f2e4dd13-7ff7f2e4dd16 375->382 380 7ff7f2e4dd5c-7ff7f2e4dd6e 376->380 377->367 392 7ff7f2e4db53-7ff7f2e4db75 378->392 393 7ff7f2e4dc46-7ff7f2e4dc6c call 7ff7f2e4d2d8 call 7ff7f2e4d2c8 call 7ff7f2e4d2d0 378->393 385 7ff7f2e4dd7f call 7ff7f2e4dad8 380->385 386 7ff7f2e4dd70-7ff7f2e4dd73 380->386 395 7ff7f2e4dd2a 381->395 396 7ff7f2e4dd33-7ff7f2e4dd4e call 7ff7f2e490ac 381->396 382->380 397 7ff7f2e4dd84-7ff7f2e4ddb0 call 7ff7f2e42300 call 7ff7f2e38660 385->397 386->385 389 7ff7f2e4dd75-7ff7f2e4dd7d call 7ff7f2e4d888 386->389 389->397 398 7ff7f2e4db77-7ff7f2e4db7c 392->398 399 7ff7f2e4db7f-7ff7f2e4db86 392->399 403 7ff7f2e4dd2c-7ff7f2e4dd31 call 7ff7f2e42300 395->403 416 7ff7f2e4dd55-7ff7f2e4dd57 call 7ff7f2e42300 396->416 417 7ff7f2e4dd50-7ff7f2e4dd53 396->417 398->399 406 7ff7f2e4db88-7ff7f2e4db90 399->406 407 7ff7f2e4dba0-7ff7f2e4dba3 399->407 403->382 406->407 408 7ff7f2e4db92-7ff7f2e4db9e 406->408 410 7ff7f2e4dba6-7ff7f2e4dbe2 call 7ff7f2e4a56c WideCharToMultiByte 407->410 408->410 425 7ff7f2e4dbe4-7ff7f2e4dbe7 410->425 426 7ff7f2e4dbf2-7ff7f2e4dbf5 410->426 416->380 417->403 425->426 427 7ff7f2e4dbe9-7ff7f2e4dbf0 425->427 428 7ff7f2e4dbf8-7ff7f2e4dc2e WideCharToMultiByte 426->428 427->428 429 7ff7f2e4dc3f-7ff7f2e4dc43 428->429 430 7ff7f2e4dc30-7ff7f2e4dc33 428->430 429->393 430->429 431 7ff7f2e4dc35-7ff7f2e4dc3d 430->431 431->393
            APIs
            • _get_daylight.LIBCMT ref: 00007FF7F2E4DAFB
              • Part of subcall function 00007FF7F2E4D348: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7F2E4D35C
            • _get_daylight.LIBCMT ref: 00007FF7F2E4DB0C
              • Part of subcall function 00007FF7F2E4D2E8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7F2E4D2FC
            • _get_daylight.LIBCMT ref: 00007FF7F2E4DB1D
              • Part of subcall function 00007FF7F2E4D318: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7F2E4D32C
              • Part of subcall function 00007FF7F2E42300: RtlReleasePrivilege.NTDLL(?,?,00000000,00007FF7F2E46443,?,?,?,00007FF7F2E3DCDD,?,?,?,?,00007FF7F2E424BF,?,?,00000000), ref: 00007FF7F2E42316
              • Part of subcall function 00007FF7F2E42300: GetLastError.KERNEL32(?,?,00000000,00007FF7F2E46443,?,?,?,00007FF7F2E3DCDD,?,?,?,?,00007FF7F2E424BF,?,?,00000000), ref: 00007FF7F2E42328
            • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7F2E4DD7D), ref: 00007FF7F2E4DB44
            • WideCharToMultiByte.KERNEL32 ref: 00007FF7F2E4DBDA
            • WideCharToMultiByte.KERNEL32 ref: 00007FF7F2E4DC26
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.556431856.00007FF7F2E31000.00000020.00020000.sdmp, Offset: 00007FF7F2E30000, based on PE: true
            • Associated: 00000000.00000002.556406944.00007FF7F2E30000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556542572.00007FF7F2E52000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556600117.00007FF7F2E62000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556612333.00007FF7F2E6C000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556633512.00007FF7F2E6E000.00000002.00020000.sdmp Download File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7ff7f2e30000_SnapshotLogExtractor.jbxd
            Similarity
            • API ID: _get_daylight_invalid_parameter_noinfo$ByteCharMultiWide$ErrorInformationLastPrivilegeReleaseTimeZone
            • String ID: ?
            • API String ID: 382489769-1684325040
            • Opcode ID: 0294d86039e233d624ece887b26062259f76b298054f1b05f1664de00bf3233e
            • Instruction ID: 76aa3be4fb468b7963f3812a2e4c2725b2d22b0592fc4d31d13d9b819721f4cd
            • Opcode Fuzzy Hash: 0294d86039e233d624ece887b26062259f76b298054f1b05f1664de00bf3233e
            • Instruction Fuzzy Hash: 7A61C236A1C6428AE750EF71E8481A9B7A4FB84794FE40139E92F426D4DFBCD441C7A0
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00007FF7F2E35390, Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 103COMMON
            Download Yara Rule

            Control-flow Graph

            APIs
            • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF7F2E3101D), ref: 00007FF7F2E3542D
            • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF7F2E3101D), ref: 00007FF7F2E35477
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.556431856.00007FF7F2E31000.00000020.00020000.sdmp, Offset: 00007FF7F2E30000, based on PE: true
            • Associated: 00000000.00000002.556406944.00007FF7F2E30000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556542572.00007FF7F2E52000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556600117.00007FF7F2E62000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556612333.00007FF7F2E6C000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556633512.00007FF7F2E6E000.00000002.00020000.sdmp Download File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7ff7f2e30000_SnapshotLogExtractor.jbxd
            Similarity
            • API ID: ByteCharMultiWide
            • String ID: Failed to encode wchar_t as UTF-8.$Failed to get UTF-8 buffer size.$Out of memory.$WideCharToMultiByte$win32_utils_to_utf8
            • API String ID: 626452242-3595433791
            • Opcode ID: b3b1779adbc10282857d4bb48cae9f6640fb4d19d430c009711353babc8ff76b
            • Instruction ID: 29930d08ca12915f2c6ab80a7df66dea199cc20a872622d01205ca7aed7b909b
            • Opcode Fuzzy Hash: b3b1779adbc10282857d4bb48cae9f6640fb4d19d430c009711353babc8ff76b
            • Instruction Fuzzy Hash: 8341E53261CB8281D720EF05A44416AFBA4FB84BA1FA40039DA9F47BD4DF7CD441D750
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00007FF7F2E31040, Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 56COMMON
            Download Yara Rule

            Control-flow Graph

            APIs
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.556431856.00007FF7F2E31000.00000020.00020000.sdmp, Offset: 00007FF7F2E30000, based on PE: true
            • Associated: 00000000.00000002.556406944.00007FF7F2E30000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556542572.00007FF7F2E52000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556600117.00007FF7F2E62000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556612333.00007FF7F2E6C000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556633512.00007FF7F2E6E000.00000002.00020000.sdmp Download File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7ff7f2e30000_SnapshotLogExtractor.jbxd
            Similarity
            • API ID: htonl$Message
            • String ID: 1.2.11$Error %d from inflate: %s$Error %d from inflateInit: %s$Error allocating decompression buffer
            • API String ID: 1405971334-3188157777
            • Opcode ID: c19b0ed438316fe5263d127ef1996eccb7fc7717a78e96b947245da2fe1a68d4
            • Instruction ID: a1c65dcb7d696cea8fd8e1c64e81695dc10ae4e8a7cb1c5555da499b5b71c0b9
            • Opcode Fuzzy Hash: c19b0ed438316fe5263d127ef1996eccb7fc7717a78e96b947245da2fe1a68d4
            • Instruction Fuzzy Hash: 1A214622A1C68191E750E711E8452AAF760FB84B81FE0413DE66E877D5DF7CE910DBA0
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00007FF7F2E43B80, Relevance: 10.8, APIs: 7, Instructions: 294COMMONLIBRARYCODE
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 553 7ff7f2e43b80-7ff7f2e43ba6 554 7ff7f2e43ba8-7ff7f2e43bbc call 7ff7f2e3dcb4 call 7ff7f2e3dcd4 553->554 555 7ff7f2e43bc1-7ff7f2e43bc5 553->555 573 7ff7f2e43fca 554->573 557 7ff7f2e43bcb-7ff7f2e43bd2 555->557 558 7ff7f2e43fb3-7ff7f2e43fbf call 7ff7f2e3dcb4 call 7ff7f2e3dcd4 555->558 557->558 560 7ff7f2e43bd8-7ff7f2e43c07 557->560 575 7ff7f2e43fc5 call 7ff7f2e43130 558->575 560->558 563 7ff7f2e43c0d-7ff7f2e43c14 560->563 567 7ff7f2e43c2d-7ff7f2e43c30 563->567 568 7ff7f2e43c16-7ff7f2e43c28 call 7ff7f2e3dcb4 call 7ff7f2e3dcd4 563->568 571 7ff7f2e43faf-7ff7f2e43fb1 567->571 572 7ff7f2e43c36-7ff7f2e43c3b 567->572 568->575 576 7ff7f2e43fcd-7ff7f2e43fe4 571->576 572->571 577 7ff7f2e43c41-7ff7f2e43c44 572->577 573->576 575->573 577->568 580 7ff7f2e43c46-7ff7f2e43c6c 577->580 582 7ff7f2e43c88-7ff7f2e43c90 580->582 583 7ff7f2e43c6e-7ff7f2e43c71 580->583 586 7ff7f2e43cae-7ff7f2e43cda call 7ff7f2e42340 call 7ff7f2e42300 * 2 582->586 587 7ff7f2e43c92-7ff7f2e43ca9 call 7ff7f2e3dcb4 call 7ff7f2e3dcd4 call 7ff7f2e43130 582->587 584 7ff7f2e43c7d-7ff7f2e43c83 583->584 585 7ff7f2e43c73-7ff7f2e43c7b 583->585 589 7ff7f2e43d28-7ff7f2e43d3e 584->589 585->584 585->587 616 7ff7f2e43cf7-7ff7f2e43d23 call 7ff7f2e4432c 586->616 617 7ff7f2e43cdc-7ff7f2e43cf2 call 7ff7f2e3dcd4 call 7ff7f2e3dcb4 586->617 614 7ff7f2e43e34 587->614 591 7ff7f2e43dbd-7ff7f2e43dc7 call 7ff7f2e4b238 589->591 592 7ff7f2e43d40-7ff7f2e43d47 589->592 606 7ff7f2e43dcd-7ff7f2e43de2 591->606 607 7ff7f2e43e52 591->607 592->591 595 7ff7f2e43d49-7ff7f2e43d4c 592->595 595->591 600 7ff7f2e43d4e-7ff7f2e43d66 595->600 600->591 604 7ff7f2e43d68-7ff7f2e43d73 600->604 604->591 610 7ff7f2e43d75-7ff7f2e43d78 604->610 606->607 608 7ff7f2e43de4-7ff7f2e43df6 GetConsoleMode 606->608 612 7ff7f2e43e57-7ff7f2e43e77 ReadFile 607->612 608->607 613 7ff7f2e43df8-7ff7f2e43e00 608->613 610->591 615 7ff7f2e43d7a-7ff7f2e43d93 610->615 618 7ff7f2e43f79-7ff7f2e43f82 GetLastError 612->618 619 7ff7f2e43e7d-7ff7f2e43e85 612->619 613->612 621 7ff7f2e43e02-7ff7f2e43e25 ReadConsoleW 613->621 624 7ff7f2e43e37-7ff7f2e43e41 call 7ff7f2e42300 614->624 615->591 625 7ff7f2e43d95-7ff7f2e43da0 615->625 616->589 617->614 622 7ff7f2e43f9f-7ff7f2e43fa2 618->622 623 7ff7f2e43f84-7ff7f2e43f9a call 7ff7f2e3dcd4 call 7ff7f2e3dcb4 618->623 619->618 627 7ff7f2e43e8b 619->627 629 7ff7f2e43e27 GetLastError 621->629 630 7ff7f2e43e46-7ff7f2e43e50 621->630 634 7ff7f2e43fa8-7ff7f2e43faa 622->634 635 7ff7f2e43e2d-7ff7f2e43e2f call 7ff7f2e3dc64 622->635 623->614 624->576 625->591 633 7ff7f2e43da2-7ff7f2e43da5 625->633 637 7ff7f2e43e92-7ff7f2e43ea7 627->637 629->635 630->637 633->591 642 7ff7f2e43da7-7ff7f2e43db8 633->642 634->624 635->614 637->624 638 7ff7f2e43ea9-7ff7f2e43eb1 637->638 644 7ff7f2e43edb-7ff7f2e43ee2 638->644 645 7ff7f2e43eb3-7ff7f2e43ecf call 7ff7f2e43768 638->645 642->591 649 7ff7f2e43f61-7ff7f2e43f74 call 7ff7f2e43538 644->649 650 7ff7f2e43ee4-7ff7f2e43efc 644->650 653 7ff7f2e43ed4-7ff7f2e43ed6 645->653 649->653 654 7ff7f2e43efe-7ff7f2e43f02 650->654 655 7ff7f2e43f54-7ff7f2e43f5c 650->655 653->624 657 7ff7f2e43f07-7ff7f2e43f10 654->657 655->624 658 7ff7f2e43f4b-7ff7f2e43f4f 657->658 659 7ff7f2e43f12-7ff7f2e43f17 657->659 658->655 660 7ff7f2e43f19-7ff7f2e43f1c 659->660 661 7ff7f2e43f34-7ff7f2e43f40 659->661 660->661 662 7ff7f2e43f1e-7ff7f2e43f21 660->662 663 7ff7f2e43f44-7ff7f2e43f47 661->663 662->661 664 7ff7f2e43f23-7ff7f2e43f32 662->664 663->657 665 7ff7f2e43f49 663->665 664->663 665->655
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.556431856.00007FF7F2E31000.00000020.00020000.sdmp, Offset: 00007FF7F2E30000, based on PE: true
            • Associated: 00000000.00000002.556406944.00007FF7F2E30000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556542572.00007FF7F2E52000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556600117.00007FF7F2E62000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556612333.00007FF7F2E6C000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556633512.00007FF7F2E6E000.00000002.00020000.sdmp Download File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7ff7f2e30000_SnapshotLogExtractor.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo
            • String ID:
            • API String ID: 3215553584-0
            • Opcode ID: cf64dc837402a59bae540c829a1da98823ee11fd6dc34813a754cbf481a68133
            • Instruction ID: 3404a5949cc9de27052f8294858039fb5b8c2b761f720d10cd87c455ed4de447
            • Opcode Fuzzy Hash: cf64dc837402a59bae540c829a1da98823ee11fd6dc34813a754cbf481a68133
            • Instruction Fuzzy Hash: 97C1B526A1C78241EB60AF7594482BDEB61BB60B84FB50139DA6F077D5CFBCD844C3A1
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00007FF7F2E31130, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 67COMMON
            Download Yara Rule

            Control-flow Graph

            APIs
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.556431856.00007FF7F2E31000.00000020.00020000.sdmp, Offset: 00007FF7F2E30000, based on PE: true
            • Associated: 00000000.00000002.556406944.00007FF7F2E30000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556542572.00007FF7F2E52000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556600117.00007FF7F2E62000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556612333.00007FF7F2E6C000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556633512.00007FF7F2E6E000.00000002.00020000.sdmp Download File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7ff7f2e30000_SnapshotLogExtractor.jbxd
            Similarity
            • API ID: _fread_nolock$fread_s
            • String ID: M$Z
            • API String ID: 184871262-4250246861
            • Opcode ID: 60f743e0604cc57c217d03e7b68787738f8a9ce3b6160d2b72a6a207a35e0335
            • Instruction ID: 5b9b3b12d4aba803339c40faea96d8ce548d4de4cf55013528662327f28b7bad
            • Opcode Fuzzy Hash: 60f743e0604cc57c217d03e7b68787738f8a9ce3b6160d2b72a6a207a35e0335
            • Instruction Fuzzy Hash: 2C210322B2C04142E750EA21E0447AEBB10EB84B40FA45139F69F8BAC9CF7CDC81DF91
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00007FF7F2E35260, Relevance: 10.6, APIs: 7, Instructions: 53COMMON
            Download Yara Rule

            Control-flow Graph

            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.556431856.00007FF7F2E31000.00000020.00020000.sdmp, Offset: 00007FF7F2E30000, based on PE: true
            • Associated: 00000000.00000002.556406944.00007FF7F2E30000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556542572.00007FF7F2E52000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556600117.00007FF7F2E62000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556612333.00007FF7F2E6C000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556633512.00007FF7F2E6E000.00000002.00020000.sdmp Download File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7ff7f2e30000_SnapshotLogExtractor.jbxd
            Similarity
            • API ID: Token$InformationProcess$CloseConvertCurrentErrorHandleLastOpenString
            • String ID:
            • API String ID: 995526605-0
            • Opcode ID: 1c4133c0b1fc0f31f8a8f7e361b844a7deb7ac71fbd98a63a9d6b697b25c80be
            • Instruction ID: a27b4c80426386f2616cf992adb8c42ab0a27652fdebaad5a73e78a6515b0fbc
            • Opcode Fuzzy Hash: 1c4133c0b1fc0f31f8a8f7e361b844a7deb7ac71fbd98a63a9d6b697b25c80be
            • Instruction Fuzzy Hash: F721513260CB4282E710AB14E44816AA761FF85B65FA40238DA7F477D8DFBDD844CB50
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00007FF7F2E31390, Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 61COMMON
            Download Yara Rule

            Control-flow Graph

            APIs
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.556431856.00007FF7F2E31000.00000020.00020000.sdmp, Offset: 00007FF7F2E30000, based on PE: true
            • Associated: 00000000.00000002.556406944.00007FF7F2E30000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556542572.00007FF7F2E52000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556600117.00007FF7F2E62000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556612333.00007FF7F2E6C000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556633512.00007FF7F2E6E000.00000002.00020000.sdmp Download File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7ff7f2e30000_SnapshotLogExtractor.jbxd
            Similarity
            • API ID: htonl
            • String ID: %s could not be extracted!$Failed to write all bytes for %s$fopen$fwrite
            • API String ID: 2009864989-741305175
            • Opcode ID: bb671d16402fe9de2b7ad14124fa1354f25e0b39ea32e4ee815a5eb1bc295eec
            • Instruction ID: 36d0539821079a0167d01324620d20a74f2c3c741fe4b7094d49293a1ca1bd68
            • Opcode Fuzzy Hash: bb671d16402fe9de2b7ad14124fa1354f25e0b39ea32e4ee815a5eb1bc295eec
            • Instruction Fuzzy Hash: 1421A421E1C64281EB10B725B4191A9EB209F41FE1FA40539EA7F4B7D6DEACE841D7A0
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00007FF7F2E44C24, Relevance: 7.7, APIs: 5, Instructions: 203COMMONLIBRARYCODE
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 729 7ff7f2e44c24-7ff7f2e44c49 730 7ff7f2e44c4b-7ff7f2e44c4d 729->730 731 7ff7f2e44c52-7ff7f2e44c55 729->731 732 7ff7f2e44eed-7ff7f2e44f04 730->732 733 7ff7f2e44c57-7ff7f2e44c71 call 7ff7f2e3dcb4 call 7ff7f2e3dcd4 call 7ff7f2e43130 731->733 734 7ff7f2e44c76-7ff7f2e44ca1 731->734 733->732 735 7ff7f2e44cac-7ff7f2e44cb2 734->735 736 7ff7f2e44ca3-7ff7f2e44caa 734->736 738 7ff7f2e44cc2-7ff7f2e44cd0 call 7ff7f2e4b238 735->738 739 7ff7f2e44cb4-7ff7f2e44cbd call 7ff7f2e4432c 735->739 736->733 736->735 747 7ff7f2e44dd7-7ff7f2e44de8 738->747 748 7ff7f2e44cd6-7ff7f2e44ce7 738->748 739->738 750 7ff7f2e44dea-7ff7f2e44def 747->750 751 7ff7f2e44e37-7ff7f2e44e5c WriteFile 747->751 748->747 752 7ff7f2e44ced-7ff7f2e44d00 call 7ff7f2e46360 748->752 755 7ff7f2e44df1-7ff7f2e44df4 750->755 756 7ff7f2e44e23-7ff7f2e44e35 call 7ff7f2e447a0 750->756 753 7ff7f2e44e67 751->753 754 7ff7f2e44e5e-7ff7f2e44e64 GetLastError 751->754 768 7ff7f2e44d18-7ff7f2e44d34 GetConsoleMode 752->768 769 7ff7f2e44d02-7ff7f2e44d12 752->769 758 7ff7f2e44e6a 753->758 754->753 759 7ff7f2e44e0f-7ff7f2e44e21 call 7ff7f2e449c4 755->759 760 7ff7f2e44df6-7ff7f2e44df9 755->760 770 7ff7f2e44dcb-7ff7f2e44dd2 756->770 763 7ff7f2e44e6f 758->763 759->770 764 7ff7f2e44dfb-7ff7f2e44e0d call 7ff7f2e448a8 760->764 765 7ff7f2e44e74-7ff7f2e44e7e 760->765 763->765 764->770 772 7ff7f2e44ee8-7ff7f2e44eeb 765->772 773 7ff7f2e44e80-7ff7f2e44e85 765->773 768->747 771 7ff7f2e44d3a-7ff7f2e44d3c 768->771 769->747 769->768 770->763 776 7ff7f2e44db9-7ff7f2e44dc6 call 7ff7f2e44598 771->776 777 7ff7f2e44d3e-7ff7f2e44d43 771->777 772->732 778 7ff7f2e44e87-7ff7f2e44e8a 773->778 779 7ff7f2e44eb4-7ff7f2e44ec5 773->779 776->770 777->765 782 7ff7f2e44d49-7ff7f2e44d5b 777->782 785 7ff7f2e44ea7-7ff7f2e44eaf call 7ff7f2e3dc64 778->785 786 7ff7f2e44e8c-7ff7f2e44e9c call 7ff7f2e3dcd4 call 7ff7f2e3dcb4 778->786 783 7ff7f2e44ec7-7ff7f2e44eca 779->783 784 7ff7f2e44ed0-7ff7f2e44ee0 call 7ff7f2e3dcd4 call 7ff7f2e3dcb4 779->784 782->758 787 7ff7f2e44d61-7ff7f2e44d72 call 7ff7f2e4b2fc 782->787 783->730 783->784 784->772 785->779 786->785 798 7ff7f2e44da7-7ff7f2e44dad GetLastError 787->798 799 7ff7f2e44d74-7ff7f2e44d7f 787->799 804 7ff7f2e44db0-7ff7f2e44db4 798->804 802 7ff7f2e44d9c-7ff7f2e44da3 799->802 803 7ff7f2e44d81-7ff7f2e44d93 call 7ff7f2e4b2fc 799->803 802->804 806 7ff7f2e44da5 802->806 803->798 808 7ff7f2e44d95-7ff7f2e44d9a 803->808 804->758 806->787 808->802
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.556431856.00007FF7F2E31000.00000020.00020000.sdmp, Offset: 00007FF7F2E30000, based on PE: true
            • Associated: 00000000.00000002.556406944.00007FF7F2E30000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556542572.00007FF7F2E52000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556600117.00007FF7F2E62000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556612333.00007FF7F2E6C000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556633512.00007FF7F2E6E000.00000002.00020000.sdmp Download File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7ff7f2e30000_SnapshotLogExtractor.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo
            • String ID:
            • API String ID: 3215553584-0
            • Opcode ID: 6bccb5a6544e8b0980e97cebc78e654a13f358c9890dbf8b5668d307f045dff3
            • Instruction ID: 8c042dd272573762a10c0fc9ac4d16e467909ac6fb8a327f3e7c86989446bae4
            • Opcode Fuzzy Hash: 6bccb5a6544e8b0980e97cebc78e654a13f358c9890dbf8b5668d307f045dff3
            • Instruction Fuzzy Hash: E681D32AF1C65286F710AB7194486FDA6A0BB45B48FA44139CE2F176D9CFBCE449C370
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00007FF7F2E31000, Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 175COMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 809 7ff7f2e31000-7ff7f2e3281a call 7ff7f2e3a4b8 call 7ff7f2e3a4b0 call 7ff7f2e35390 call 7ff7f2e3a4b0 call 7ff7f2e386a0 call 7ff7f2e3b53c call 7ff7f2e3e5a0 call 7ff7f2e318e0 827 7ff7f2e3281c-7ff7f2e3281f 809->827 828 7ff7f2e32824-7ff7f2e32833 call 7ff7f2e32b30 809->828 829 7ff7f2e32a4a-7ff7f2e32a65 call 7ff7f2e38660 827->829 828->827 833 7ff7f2e32835-7ff7f2e32849 call 7ff7f2e32a70 828->833 833->827 837 7ff7f2e3284b-7ff7f2e3285f call 7ff7f2e32cb0 833->837 837->827 840 7ff7f2e32861-7ff7f2e32893 call 7ff7f2e345b0 call 7ff7f2e34c30 call 7ff7f2e317d0 837->840 847 7ff7f2e328ca-7ff7f2e328e2 840->847 848 7ff7f2e32895-7ff7f2e328a7 call 7ff7f2e317d0 840->848 850 7ff7f2e328fc-7ff7f2e32920 call 7ff7f2e355f0 SetDllDirectoryW call 7ff7f2e3a558 847->850 851 7ff7f2e328e4-7ff7f2e328ee call 7ff7f2e325a0 847->851 848->847 856 7ff7f2e328a9-7ff7f2e328c5 call 7ff7f2e31bd0 848->856 860 7ff7f2e329ba-7ff7f2e329bd call 7ff7f2e323f0 850->860 865 7ff7f2e32926-7ff7f2e32931 850->865 851->860 861 7ff7f2e328f4 851->861 867 7ff7f2e32a42 856->867 866 7ff7f2e329c2-7ff7f2e329c4 860->866 861->850 868 7ff7f2e32934-7ff7f2e3293e 865->868 869 7ff7f2e32a00-7ff7f2e32a03 866->869 870 7ff7f2e329c6-7ff7f2e329fe call 7ff7f2e34bc0 call 7ff7f2e345b0 call 7ff7f2e38f50 866->870 867->829 871 7ff7f2e32947-7ff7f2e32949 868->871 872 7ff7f2e32940-7ff7f2e32945 868->872 874 7ff7f2e32a3a 869->874 870->869 891 7ff7f2e32a05-7ff7f2e32a26 call 7ff7f2e38f80 call 7ff7f2e34c70 870->891 875 7ff7f2e3299e-7ff7f2e329b8 call 7ff7f2e32510 call 7ff7f2e32390 call 7ff7f2e32500 871->875 876 7ff7f2e3294b-7ff7f2e3296e call 7ff7f2e31df0 871->876 872->868 872->871 874->867 895 7ff7f2e32a38 875->895 876->869 885 7ff7f2e32974-7ff7f2e32988 876->885 888 7ff7f2e32990-7ff7f2e3299c 885->888 888->875 888->888 898 7ff7f2e32a28-7ff7f2e32a2b call 7ff7f2e34860 891->898 899 7ff7f2e32a30-7ff7f2e32a33 call 7ff7f2e318a0 891->899 895->874 898->899 899->895
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.556431856.00007FF7F2E31000.00000020.00020000.sdmp, Offset: 00007FF7F2E30000, based on PE: true
            • Associated: 00000000.00000002.556406944.00007FF7F2E30000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556542572.00007FF7F2E52000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556600117.00007FF7F2E62000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556612333.00007FF7F2E6C000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556633512.00007FF7F2E6E000.00000002.00020000.sdmp Download File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7ff7f2e30000_SnapshotLogExtractor.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfosetbuf
            • String ID: Cannot open self %s or archive %s$_MEIPASS2
            • API String ID: 3262704042-930416966
            • Opcode ID: 186e1dac2e06bf15453baaf1e7b2805f947599bb85c51db2b59d9149ee77c746
            • Instruction ID: 0cd4aeaedede2b3f87f8d3c9d1d4caad6cf0716d0c0304cf5233c958df90190d
            • Opcode Fuzzy Hash: 186e1dac2e06bf15453baaf1e7b2805f947599bb85c51db2b59d9149ee77c746
            • Instruction Fuzzy Hash: 95719621E0C68251FB24B721945D2F99A91AF44F85FE04039DAAF477C6DEBCED05E3A0
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00007FF7F2E35520, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 45COMMON
            Download Yara Rule
            APIs
              • Part of subcall function 00007FF7F2E35260: GetCurrentProcess.KERNEL32 ref: 00007FF7F2E3527A
              • Part of subcall function 00007FF7F2E35260: OpenProcessToken.ADVAPI32 ref: 00007FF7F2E3528B
              • Part of subcall function 00007FF7F2E35260: GetTokenInformation.KERNELBASE ref: 00007FF7F2E352AD
              • Part of subcall function 00007FF7F2E35260: GetLastError.KERNEL32 ref: 00007FF7F2E352B7
              • Part of subcall function 00007FF7F2E35260: GetTokenInformation.KERNELBASE ref: 00007FF7F2E352F4
              • Part of subcall function 00007FF7F2E35260: ConvertSidToStringSidW.ADVAPI32 ref: 00007FF7F2E35306
              • Part of subcall function 00007FF7F2E35260: CloseHandle.KERNEL32 ref: 00007FF7F2E3531E
            • LocalFree.KERNEL32(00000000,00007FF7F2E3447A,?,00000000,?,00007FF7F2E3436D), ref: 00007FF7F2E35577
            • CreateDirectoryW.KERNELBASE(?,00000000,?,00007FF7F2E3436D), ref: 00007FF7F2E355B4
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.556431856.00007FF7F2E31000.00000020.00020000.sdmp, Offset: 00007FF7F2E30000, based on PE: true
            • Associated: 00000000.00000002.556406944.00007FF7F2E30000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556542572.00007FF7F2E52000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556600117.00007FF7F2E62000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556612333.00007FF7F2E6C000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556633512.00007FF7F2E6E000.00000002.00020000.sdmp Download File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7ff7f2e30000_SnapshotLogExtractor.jbxd
            Similarity
            • API ID: Token$InformationProcess$CloseConvertCreateCurrentDirectoryErrorFreeHandleLastLocalOpenString
            • String ID: D:(A;;FA;;;%s)$S-1-3-4
            • API String ID: 1039964830-2855260032
            • Opcode ID: 1553d2be4f22a758e848ed41aa22b07dc560a0196604348befb8cf86341a783d
            • Instruction ID: 4da664f1c370bc27c4d40eecf2931ed8df80b2ecf7a10bba8441f1af5b7fbc60
            • Opcode Fuzzy Hash: 1553d2be4f22a758e848ed41aa22b07dc560a0196604348befb8cf86341a783d
            • Instruction Fuzzy Hash: A911B63161C68281EB20EB20E80D3AAA761EF88745FD00135EA5F827D5DFBCD505CB90
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00007FF7F2E3DF58, Relevance: 4.6, APIs: 3, Instructions: 137pipeCOMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.556431856.00007FF7F2E31000.00000020.00020000.sdmp, Offset: 00007FF7F2E30000, based on PE: true
            • Associated: 00000000.00000002.556406944.00007FF7F2E30000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556542572.00007FF7F2E52000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556600117.00007FF7F2E62000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556612333.00007FF7F2E6C000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556633512.00007FF7F2E6E000.00000002.00020000.sdmp Download File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7ff7f2e30000_SnapshotLogExtractor.jbxd
            Similarity
            • API ID: ErrorFileLastNamedPeekPipeType
            • String ID:
            • API String ID: 1388729460-0
            • Opcode ID: a0aa8098ca10053d49c7ebc16147bad4190020573fdf6c74a43b5d69b72e5f03
            • Instruction ID: 8993e51d7f5c2ef50a1745e52da8d3588103bf3e49071a25d784a9de168af49b
            • Opcode Fuzzy Hash: a0aa8098ca10053d49c7ebc16147bad4190020573fdf6c74a43b5d69b72e5f03
            • Instruction Fuzzy Hash: DB51B332A0860285E714EB71D4483BDABA1BF44B69FA44638DE7E477C5DFB8D801D7A0
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00007FF7F2E3DD98, Relevance: 4.6, APIs: 3, Instructions: 122fileCOMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.556431856.00007FF7F2E31000.00000020.00020000.sdmp, Offset: 00007FF7F2E30000, based on PE: true
            • Associated: 00000000.00000002.556406944.00007FF7F2E30000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556542572.00007FF7F2E52000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556600117.00007FF7F2E62000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556612333.00007FF7F2E6C000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556633512.00007FF7F2E6E000.00000002.00020000.sdmp Download File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7ff7f2e30000_SnapshotLogExtractor.jbxd
            Similarity
            • API ID: File$CloseCreateHandleType_invalid_parameter_noinfo
            • String ID:
            • API String ID: 1405040552-0
            • Opcode ID: 07d66ce258618c36d758eeca772e8cf36f87943dbd54b4a1d13c0dcfa9d6fcbf
            • Instruction ID: a642be753e0752dfae334e813666403020e9704be2608ccde7f99850581f4a56
            • Opcode Fuzzy Hash: 07d66ce258618c36d758eeca772e8cf36f87943dbd54b4a1d13c0dcfa9d6fcbf
            • Instruction Fuzzy Hash: 8551D722D1C64146F710ABB598052F9BBA0BF547A4FA04338DEBE126D6DF7CE581D3A0
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00007FF7F2E3E140, Relevance: 4.6, APIs: 3, Instructions: 50timeCOMMON
            Download Yara Rule
            APIs
            • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7F2E3E017), ref: 00007FF7F2E3E174
            • SystemTimeToTzSpecificLocalTime.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7F2E3E017), ref: 00007FF7F2E3E188
            • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7F2E3E017), ref: 00007FF7F2E3E1D5
            Memory Dump Source
            • Source File: 00000000.00000002.556431856.00007FF7F2E31000.00000020.00020000.sdmp, Offset: 00007FF7F2E30000, based on PE: true
            • Associated: 00000000.00000002.556406944.00007FF7F2E30000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556542572.00007FF7F2E52000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556600117.00007FF7F2E62000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556612333.00007FF7F2E6C000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556633512.00007FF7F2E6E000.00000002.00020000.sdmp Download File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7ff7f2e30000_SnapshotLogExtractor.jbxd
            Similarity
            • API ID: Time$System$ErrorFileLastLocalSpecific
            • String ID:
            • API String ID: 2674341965-0
            • Opcode ID: 439f96f6e218626541593421c16f72ff1d25780c32dfc39f8fbe15ae31cacd28
            • Instruction ID: db53d136f29a25ff98c15eedbe4367bf34ed83b8e8085b482698d44c1e641737
            • Opcode Fuzzy Hash: 439f96f6e218626541593421c16f72ff1d25780c32dfc39f8fbe15ae31cacd28
            • Instruction Fuzzy Hash: 3E118031F2C60285FB146BB098091BDBAA1AF44B35BA40339EEBF555D4DF789450D670
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00007FF7F2E3A6B0, Relevance: 3.2, APIs: 2, Instructions: 187COMMONLIBRARYCODE
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.556431856.00007FF7F2E31000.00000020.00020000.sdmp, Offset: 00007FF7F2E30000, based on PE: true
            • Associated: 00000000.00000002.556406944.00007FF7F2E30000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556542572.00007FF7F2E52000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556600117.00007FF7F2E62000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556612333.00007FF7F2E6C000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556633512.00007FF7F2E6E000.00000002.00020000.sdmp Download File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7ff7f2e30000_SnapshotLogExtractor.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo
            • String ID:
            • API String ID: 3215553584-0
            • Opcode ID: b28afc6962bc007db8fa2085db7b9e2d96c24450cff86543df45b271df71f041
            • Instruction ID: f1c01320ba8f9edb2ef4cd0786e53ea2e024d9d6fb978b11498c0a93c3722ef5
            • Opcode Fuzzy Hash: b28afc6962bc007db8fa2085db7b9e2d96c24450cff86543df45b271df71f041
            • Instruction Fuzzy Hash: 3461EB61B0D24242E724FA65940C679EAD0AF84FA5FA44238DD7F477D5CEBCDC81E2A0
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00007FF7F2E432B0, Relevance: 3.1, APIs: 2, Instructions: 55COMMON
            Download Yara Rule
            APIs
            • FindCloseChangeNotification.KERNELBASE(?,?,?,00007FF7F2E431E3,?,?,00000000,00007FF7F2E4328B,?,?,?,?,?,?,00007FF7F2E3A5BA), ref: 00007FF7F2E43313
            • GetLastError.KERNEL32(?,?,?,00007FF7F2E431E3,?,?,00000000,00007FF7F2E4328B,?,?,?,?,?,?,00007FF7F2E3A5BA), ref: 00007FF7F2E4331D
            Memory Dump Source
            • Source File: 00000000.00000002.556431856.00007FF7F2E31000.00000020.00020000.sdmp, Offset: 00007FF7F2E30000, based on PE: true
            • Associated: 00000000.00000002.556406944.00007FF7F2E30000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556542572.00007FF7F2E52000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556600117.00007FF7F2E62000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556612333.00007FF7F2E6C000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556633512.00007FF7F2E6E000.00000002.00020000.sdmp Download File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7ff7f2e30000_SnapshotLogExtractor.jbxd
            Similarity
            • API ID: ChangeCloseErrorFindLastNotification
            • String ID:
            • API String ID: 1687624791-0
            • Opcode ID: 9236d338c0d6c3cf969c2c4e0b8e675f4915dcade22d31b6a3144e7340fe83ef
            • Instruction ID: 11fa986082e3d0a55ad55407c7b24b941169380e28af9a064d19a3e38555210c
            • Opcode Fuzzy Hash: 9236d338c0d6c3cf969c2c4e0b8e675f4915dcade22d31b6a3144e7340fe83ef
            • Instruction Fuzzy Hash: 76112914B0C68241FF907771A49D2BC97919F95B65FB8023CED3F422D2CEECA844C261
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00007FF7F2E4A4D4, Relevance: 3.0, APIs: 2, Instructions: 44COMMON
            Download Yara Rule
            APIs
            • GetEnvironmentStringsW.KERNELBASE(?,?,00000000,00007FF7F2E412E6,?,?,?,00007FF7F2E4123A), ref: 00007FF7F2E4A4E8
            • FreeEnvironmentStringsW.KERNEL32(?,?,00000000,00007FF7F2E412E6,?,?,?,00007FF7F2E4123A), ref: 00007FF7F2E4A54D
            Memory Dump Source
            • Source File: 00000000.00000002.556431856.00007FF7F2E31000.00000020.00020000.sdmp, Offset: 00007FF7F2E30000, based on PE: true
            • Associated: 00000000.00000002.556406944.00007FF7F2E30000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556542572.00007FF7F2E52000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556600117.00007FF7F2E62000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556612333.00007FF7F2E6C000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556633512.00007FF7F2E6E000.00000002.00020000.sdmp Download File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7ff7f2e30000_SnapshotLogExtractor.jbxd
            Similarity
            • API ID: EnvironmentStrings$Free
            • String ID:
            • API String ID: 3328510275-0
            • Opcode ID: 35591b5b8c749d5176ecceb07519981d40a97e101d4d909823e605dde07a0b36
            • Instruction ID: c03e0056c24ae7b72a86a80050a0c4007ee04a52726ecc7302a2fa0cf2b560c2
            • Opcode Fuzzy Hash: 35591b5b8c749d5176ecceb07519981d40a97e101d4d909823e605dde07a0b36
            • Instruction Fuzzy Hash: AE015E25B1CB4245DF14AF2564190AAA660EF84FE0BE84239DA6F077D5DE6CE451C290
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00007FF7F2E44288, Relevance: 3.0, APIs: 2, Instructions: 42COMMON
            Download Yara Rule
            APIs
            • SetFilePointerEx.KERNELBASE(?,?,00000000,00007FF7F2E44CC2,?,?,?,?,?,?,?,?,?,?,?,00007FF7F2E44BE4), ref: 00007FF7F2E442CC
            • GetLastError.KERNEL32(?,?,00000000,00007FF7F2E44CC2,?,?,?,?,?,?,?,?,?,?,?,00007FF7F2E44BE4), ref: 00007FF7F2E442D6
            Memory Dump Source
            • Source File: 00000000.00000002.556431856.00007FF7F2E31000.00000020.00020000.sdmp, Offset: 00007FF7F2E30000, based on PE: true
            • Associated: 00000000.00000002.556406944.00007FF7F2E30000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556542572.00007FF7F2E52000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556600117.00007FF7F2E62000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556612333.00007FF7F2E6C000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556633512.00007FF7F2E6E000.00000002.00020000.sdmp Download File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7ff7f2e30000_SnapshotLogExtractor.jbxd
            Similarity
            • API ID: ErrorFileLastPointer
            • String ID:
            • API String ID: 2976181284-0
            • Opcode ID: 3578b2401933f6ab37dc3bb6827ac071dd789aa2731e5a8c2539319d62b8aa97
            • Instruction ID: e636967a249d80501962a485a47226f530ff8ce520c03448f9cbdc8e79054a23
            • Opcode Fuzzy Hash: 3578b2401933f6ab37dc3bb6827ac071dd789aa2731e5a8c2539319d62b8aa97
            • Instruction Fuzzy Hash: 9601E525B1CA8242EF506B76B8481B8A650AB41BB0FE40339EE3F077D8CEACD445C350
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00007FF7F2E42300, Relevance: 3.0, APIs: 2, Instructions: 19COMMONLIBRARYCODE
            Download Yara Rule
            APIs
            • RtlReleasePrivilege.NTDLL(?,?,00000000,00007FF7F2E46443,?,?,?,00007FF7F2E3DCDD,?,?,?,?,00007FF7F2E424BF,?,?,00000000), ref: 00007FF7F2E42316
            • GetLastError.KERNEL32(?,?,00000000,00007FF7F2E46443,?,?,?,00007FF7F2E3DCDD,?,?,?,?,00007FF7F2E424BF,?,?,00000000), ref: 00007FF7F2E42328
            Memory Dump Source
            • Source File: 00000000.00000002.556431856.00007FF7F2E31000.00000020.00020000.sdmp, Offset: 00007FF7F2E30000, based on PE: true
            • Associated: 00000000.00000002.556406944.00007FF7F2E30000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556542572.00007FF7F2E52000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556600117.00007FF7F2E62000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556612333.00007FF7F2E6C000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556633512.00007FF7F2E6E000.00000002.00020000.sdmp Download File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7ff7f2e30000_SnapshotLogExtractor.jbxd
            Similarity
            • API ID: ErrorLastPrivilegeRelease
            • String ID:
            • API String ID: 1334314998-0
            • Opcode ID: 8b164316b9fd05e167ce6da0408501a89977fc26195eedc525cd0fa44ca09f2e
            • Instruction ID: 62412c847911da9a5f61c05d08bcad149c4f31f91f8695e674ec35b1fa9ff78a
            • Opcode Fuzzy Hash: 8b164316b9fd05e167ce6da0408501a89977fc26195eedc525cd0fa44ca09f2e
            • Instruction Fuzzy Hash: C8E04F14E1E14382FF0477F2580D1B5D6915F44F41FA8403CD92F862D2DDACA881C2A0
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00007FF7F2E3B1FC, Relevance: 1.6, APIs: 1, Instructions: 128COMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.556431856.00007FF7F2E31000.00000020.00020000.sdmp, Offset: 00007FF7F2E30000, based on PE: true
            • Associated: 00000000.00000002.556406944.00007FF7F2E30000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556542572.00007FF7F2E52000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556600117.00007FF7F2E62000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556612333.00007FF7F2E6C000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556633512.00007FF7F2E6E000.00000002.00020000.sdmp Download File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7ff7f2e30000_SnapshotLogExtractor.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo
            • String ID:
            • API String ID: 3215553584-0
            • Opcode ID: 13234f99a89eacb60fb64773b2fcac5c288eb4a475bb50079f54b50a0347a2c4
            • Instruction ID: db4e4c8dc1429f6ead50fd4acd1e8e2f79ee62b7bd06aecbfe3f08f17670a704
            • Opcode Fuzzy Hash: 13234f99a89eacb60fb64773b2fcac5c288eb4a475bb50079f54b50a0347a2c4
            • Instruction Fuzzy Hash: 6541E721B0C25186EB64AD62551827DF691BF44FE1FA8463CDEBF47AC1DEECE801D290
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00007FF7F2E43FE8, Relevance: 1.6, APIs: 1, Instructions: 121COMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.556431856.00007FF7F2E31000.00000020.00020000.sdmp, Offset: 00007FF7F2E30000, based on PE: true
            • Associated: 00000000.00000002.556406944.00007FF7F2E30000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556542572.00007FF7F2E52000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556600117.00007FF7F2E62000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556612333.00007FF7F2E6C000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556633512.00007FF7F2E6E000.00000002.00020000.sdmp Download File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7ff7f2e30000_SnapshotLogExtractor.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo
            • String ID:
            • API String ID: 3215553584-0
            • Opcode ID: 04b1d72e7032b86476bcfa8f0e45045c8fde5b26c89f6d70b210fdf16f299b5c
            • Instruction ID: 6e6c4cde44cd99c58d14030e85f3a76b9231c3e5b810929539651e7f6c094ff1
            • Opcode Fuzzy Hash: 04b1d72e7032b86476bcfa8f0e45045c8fde5b26c89f6d70b210fdf16f299b5c
            • Instruction Fuzzy Hash: 5C51BF766187458BEB18AF25D8542BC7BA0FB84B84FA40539DA2F033D8CF78E451C3A1
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00007FF7F2E3ACE0, Relevance: 1.6, APIs: 1, Instructions: 107COMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.556431856.00007FF7F2E31000.00000020.00020000.sdmp, Offset: 00007FF7F2E30000, based on PE: true
            • Associated: 00000000.00000002.556406944.00007FF7F2E30000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556542572.00007FF7F2E52000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556600117.00007FF7F2E62000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556612333.00007FF7F2E6C000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556633512.00007FF7F2E6E000.00000002.00020000.sdmp Download File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7ff7f2e30000_SnapshotLogExtractor.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo
            • String ID:
            • API String ID: 3215553584-0
            • Opcode ID: 80f8b49626387ca0ca4af9f876c2703e62fe41d365b7b6592c4f1e6cee213d47
            • Instruction ID: 73189987ce6789572df9cd7d2f4a1c309340741c60a39b6a410a78061ecf575b
            • Opcode Fuzzy Hash: 80f8b49626387ca0ca4af9f876c2703e62fe41d365b7b6592c4f1e6cee213d47
            • Instruction Fuzzy Hash: BB41DA22B1C79582EB54EA56D048679AB90EB80F85FA0513DDE6F0B3D1CFACD8C0D360
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00007FF7F2E43A68, Relevance: 1.6, APIs: 1, Instructions: 77COMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.556431856.00007FF7F2E31000.00000020.00020000.sdmp, Offset: 00007FF7F2E30000, based on PE: true
            • Associated: 00000000.00000002.556406944.00007FF7F2E30000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556542572.00007FF7F2E52000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556600117.00007FF7F2E62000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556612333.00007FF7F2E6C000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556633512.00007FF7F2E6E000.00000002.00020000.sdmp Download File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7ff7f2e30000_SnapshotLogExtractor.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo
            • String ID:
            • API String ID: 3215553584-0
            • Opcode ID: eb9a390932df7d3c0060be9d7a20203d2749504e977aee8739cdaa2f54a91c00
            • Instruction ID: 0f934d8a9ef8208f116e6eb25191b0efb05ee865ce267f42ccc5254edd208529
            • Opcode Fuzzy Hash: eb9a390932df7d3c0060be9d7a20203d2749504e977aee8739cdaa2f54a91c00
            • Instruction Fuzzy Hash: D731AF22A2C55285E7017BB098193F8AA90AB50B65FB14138DA3E073C2CEECA841D6B1
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00007FF7F2E44B38, Relevance: 1.6, APIs: 1, Instructions: 68COMMONLIBRARYCODE
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.556431856.00007FF7F2E31000.00000020.00020000.sdmp, Offset: 00007FF7F2E30000, based on PE: true
            • Associated: 00000000.00000002.556406944.00007FF7F2E30000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556542572.00007FF7F2E52000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556600117.00007FF7F2E62000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556612333.00007FF7F2E6C000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556633512.00007FF7F2E6E000.00000002.00020000.sdmp Download File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7ff7f2e30000_SnapshotLogExtractor.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 342d2df1473ff95bd8085c51bfd0ce56986ee98e7b69323aa2bc1bba513579f9
            • Instruction ID: 95365650cb647d3ffd7c9fe6228e84b752c7b757bfea193545f5b39acf3091f2
            • Opcode Fuzzy Hash: 342d2df1473ff95bd8085c51bfd0ce56986ee98e7b69323aa2bc1bba513579f9
            • Instruction Fuzzy Hash: 83219426A1C28242E7157FB198593B8AA50AB40B61FB54538ED3F077D6CEFCE844C7A0
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00007FF7F2E31480, Relevance: 1.6, APIs: 1, Instructions: 68COMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.556431856.00007FF7F2E31000.00000020.00020000.sdmp, Offset: 00007FF7F2E30000, based on PE: true
            • Associated: 00000000.00000002.556406944.00007FF7F2E30000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556542572.00007FF7F2E52000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556600117.00007FF7F2E62000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556612333.00007FF7F2E6C000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556633512.00007FF7F2E6E000.00000002.00020000.sdmp Download File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7ff7f2e30000_SnapshotLogExtractor.jbxd
            Similarity
            • API ID: _fread_nolockfread_s
            • String ID:
            • API String ID: 3465328306-0
            • Opcode ID: e11a2ba841765f081c6c11e9e53b63399fe89d19725ca4cd27af03224344f54c
            • Instruction ID: 462feb34c720d8607e53ffdab266f372e5ec553db93577bf95ee12ade5d64af5
            • Opcode Fuzzy Hash: e11a2ba841765f081c6c11e9e53b63399fe89d19725ca4cd27af03224344f54c
            • Instruction Fuzzy Hash: F131D423B18A8593E720DF34D5042A97760FB88B48F519339DF9E43696EF38E5A4C740
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00007FF7F2E44198, Relevance: 1.6, APIs: 1, Instructions: 68COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.556431856.00007FF7F2E31000.00000020.00020000.sdmp, Offset: 00007FF7F2E30000, based on PE: true
            • Associated: 00000000.00000002.556406944.00007FF7F2E30000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556542572.00007FF7F2E52000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556600117.00007FF7F2E62000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556612333.00007FF7F2E6C000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556633512.00007FF7F2E6E000.00000002.00020000.sdmp Download File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7ff7f2e30000_SnapshotLogExtractor.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 9f9fe971323b461ff01ef4d4c4ac51ff809fc8a0e3f80abab26c48f48f9280c3
            • Instruction ID: 949e995d58205c1a9658c105272b52525bcce26f45a6c38a2fb308f0cf99da06
            • Opcode Fuzzy Hash: 9f9fe971323b461ff01ef4d4c4ac51ff809fc8a0e3f80abab26c48f48f9280c3
            • Instruction Fuzzy Hash: E021A621A2C69642E7417BB198493B8E950AB40BB1FA54338DD3F077D6CEFCE844C7A4
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00007FF7F2E3E9DC, Relevance: 1.6, APIs: 1, Instructions: 64COMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.556431856.00007FF7F2E31000.00000020.00020000.sdmp, Offset: 00007FF7F2E30000, based on PE: true
            • Associated: 00000000.00000002.556406944.00007FF7F2E30000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556542572.00007FF7F2E52000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556600117.00007FF7F2E62000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556612333.00007FF7F2E6C000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556633512.00007FF7F2E6E000.00000002.00020000.sdmp Download File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7ff7f2e30000_SnapshotLogExtractor.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo
            • String ID:
            • API String ID: 3215553584-0
            • Opcode ID: db4f985b1570b1d115940ddcf665f5513e3995cefc88c2a439f66e70bd34a786
            • Instruction ID: a0ceab783f1a2ab444b2f27f2527e7b5fd7ed3596695ab1d0fe255339ef94308
            • Opcode Fuzzy Hash: db4f985b1570b1d115940ddcf665f5513e3995cefc88c2a439f66e70bd34a786
            • Instruction Fuzzy Hash: B1218821E1C64681EB60BF51940527DE694BF44F81FA84039EA9E577C6DFBCEC40E7A0
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00007FF7F2E4E148, Relevance: 1.6, APIs: 1, Instructions: 64COMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.556431856.00007FF7F2E31000.00000020.00020000.sdmp, Offset: 00007FF7F2E30000, based on PE: true
            • Associated: 00000000.00000002.556406944.00007FF7F2E30000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556542572.00007FF7F2E52000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556600117.00007FF7F2E62000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556612333.00007FF7F2E6C000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556633512.00007FF7F2E6E000.00000002.00020000.sdmp Download File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7ff7f2e30000_SnapshotLogExtractor.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo
            • String ID:
            • API String ID: 3215553584-0
            • Opcode ID: 707474d2acc7ece414e62168fcd1f8768ae2e051909a6a2e048190aa1d84ddc8
            • Instruction ID: b4d0f6f7a8eebd390e2ec8981d1ccf2b5141421fde21158d44ac05e49d4d8785
            • Opcode Fuzzy Hash: 707474d2acc7ece414e62168fcd1f8768ae2e051909a6a2e048190aa1d84ddc8
            • Instruction Fuzzy Hash: C921A73671C68287EB659F35E444379B6A0FB80B54F684238DAAF876D5DF6CD800C750
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00007FF7F2E4320C, Relevance: 1.5, APIs: 1, Instructions: 41COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.556431856.00007FF7F2E31000.00000020.00020000.sdmp, Offset: 00007FF7F2E30000, based on PE: true
            • Associated: 00000000.00000002.556406944.00007FF7F2E30000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556542572.00007FF7F2E52000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556600117.00007FF7F2E62000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556612333.00007FF7F2E6C000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556633512.00007FF7F2E6E000.00000002.00020000.sdmp Download File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7ff7f2e30000_SnapshotLogExtractor.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b0c88f8d69fe987b10c13e849a7795924fc72b53e258df40060e24da1d1014f0
            • Instruction ID: 2b4ca86dcbe078773dbe2dde3cba8acac8d418202b325ae07a02a3d333d8d8b8
            • Opcode Fuzzy Hash: b0c88f8d69fe987b10c13e849a7795924fc72b53e258df40060e24da1d1014f0
            • Instruction Fuzzy Hash: B311636591C68686E744BFA094082ADFB50EB90751FF0423AD66E026D5CFFCD404CBA0
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00007FF7F2E3A568, Relevance: 1.5, APIs: 1, Instructions: 40COMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.556431856.00007FF7F2E31000.00000020.00020000.sdmp, Offset: 00007FF7F2E30000, based on PE: true
            • Associated: 00000000.00000002.556406944.00007FF7F2E30000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556542572.00007FF7F2E52000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556600117.00007FF7F2E62000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556612333.00007FF7F2E6C000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556633512.00007FF7F2E6E000.00000002.00020000.sdmp Download File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7ff7f2e30000_SnapshotLogExtractor.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo
            • String ID:
            • API String ID: 3215553584-0
            • Opcode ID: dc1342bd68f2da5ff2b545fbf15028a255760aadf1a27d8c93777e2ae2985d2c
            • Instruction ID: 00bb6663bbc6088d731c090fb1024037df3f83d4b2d6de8b4e85fcfcb46f5dc9
            • Opcode Fuzzy Hash: dc1342bd68f2da5ff2b545fbf15028a255760aadf1a27d8c93777e2ae2985d2c
            • Instruction Fuzzy Hash: 4D01B126F1D10211FF147A7594093B8A6905F95B64FB40238E93B8A2C2CEACE841E3B0
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00007FF7F2E3B398, Relevance: 1.5, APIs: 1, Instructions: 37COMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.556431856.00007FF7F2E31000.00000020.00020000.sdmp, Offset: 00007FF7F2E30000, based on PE: true
            • Associated: 00000000.00000002.556406944.00007FF7F2E30000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556542572.00007FF7F2E52000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556600117.00007FF7F2E62000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556612333.00007FF7F2E6C000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556633512.00007FF7F2E6E000.00000002.00020000.sdmp Download File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7ff7f2e30000_SnapshotLogExtractor.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo
            • String ID:
            • API String ID: 3215553584-0
            • Opcode ID: 7083953791fefbb8f1acffc922a01eeb365f271e065daa5ed25cf06b4aef6bda
            • Instruction ID: 1f184eac012d4e967ee578edb3610501a9dc158d0b04116fe6b6c3ff420fae2f
            • Opcode Fuzzy Hash: 7083953791fefbb8f1acffc922a01eeb365f271e065daa5ed25cf06b4aef6bda
            • Instruction Fuzzy Hash: 6A013C72A18B1988EB01DFA0D8444EC7BF8FB54748BA00129DA5E13784DFB4D5A5C3A0
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00007FF7F2E42458, Relevance: 1.5, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
            Download Yara Rule
            APIs
            • RtlAllocateHeap.NTDLL(?,?,00000000,00007FF7F2E46399,?,?,?,00007FF7F2E3BA1C,?,?,00000000,00007FF7F2E3D829), ref: 00007FF7F2E424AD
            Memory Dump Source
            • Source File: 00000000.00000002.556431856.00007FF7F2E31000.00000020.00020000.sdmp, Offset: 00007FF7F2E30000, based on PE: true
            • Associated: 00000000.00000002.556406944.00007FF7F2E30000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556542572.00007FF7F2E52000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556600117.00007FF7F2E62000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556612333.00007FF7F2E6C000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556633512.00007FF7F2E6E000.00000002.00020000.sdmp Download File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7ff7f2e30000_SnapshotLogExtractor.jbxd
            Similarity
            • API ID: AllocateHeap
            • String ID:
            • API String ID: 1279760036-0
            • Opcode ID: dbb774de220f37e76550039c2fe37b03ad8e32f035b41ac2b25afdadc6742366
            • Instruction ID: 830323585449c8149191aa56f721520e3d14a0a98e164fd967e46c30ecc37c38
            • Opcode Fuzzy Hash: dbb774de220f37e76550039c2fe37b03ad8e32f035b41ac2b25afdadc6742366
            • Instruction Fuzzy Hash: 53F0490CB1D60781FF5476B698193B9D6859F84B40FE8503CC92F8A3C1DE9EE580C2B0
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00007FF7F2E3A5EC, Relevance: 1.5, APIs: 1, Instructions: 33COMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.556431856.00007FF7F2E31000.00000020.00020000.sdmp, Offset: 00007FF7F2E30000, based on PE: true
            • Associated: 00000000.00000002.556406944.00007FF7F2E30000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556542572.00007FF7F2E52000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556600117.00007FF7F2E62000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556612333.00007FF7F2E6C000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556633512.00007FF7F2E6E000.00000002.00020000.sdmp Download File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7ff7f2e30000_SnapshotLogExtractor.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo
            • String ID:
            • API String ID: 3215553584-0
            • Opcode ID: 641c8104830ee7c4b8585409b5dcd462aaebefa8549eaaa210739ba833d320b9
            • Instruction ID: 69d001338f876e21fefc8234a8b54bb78d1f458da676c8a902b4ee613095fee0
            • Opcode Fuzzy Hash: 641c8104830ee7c4b8585409b5dcd462aaebefa8549eaaa210739ba833d320b9
            • Instruction Fuzzy Hash: 7AF0F621B0C20351EB04B6746809179FA809F40B40FB41138E67B4A3D2CEACD881D7B0
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00007FF7F2E3A9F8, Relevance: 1.5, APIs: 1, Instructions: 32COMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.556431856.00007FF7F2E31000.00000020.00020000.sdmp, Offset: 00007FF7F2E30000, based on PE: true
            • Associated: 00000000.00000002.556406944.00007FF7F2E30000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556542572.00007FF7F2E52000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556600117.00007FF7F2E62000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556612333.00007FF7F2E6C000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556633512.00007FF7F2E6E000.00000002.00020000.sdmp Download File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7ff7f2e30000_SnapshotLogExtractor.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo
            • String ID:
            • API String ID: 3215553584-0
            • Opcode ID: d84e257e94e5b263ce34d1df001dd7fe3171c9964e140fbf3e2e93f9b4e00d4c
            • Instruction ID: 7db0b51d3e1716794849c0e73bfc0d327a1f95f6516ca3e1de32dc817c0f1a94
            • Opcode Fuzzy Hash: d84e257e94e5b263ce34d1df001dd7fe3171c9964e140fbf3e2e93f9b4e00d4c
            • Instruction Fuzzy Hash: DAF0F612B2C18241EF10B6B5A84507DEA91AF44FD1FA05138EA6F8B7C2CE9CDC80D760
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00007FF7F2E3AC74, Relevance: 1.5, APIs: 1, Instructions: 30COMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.556431856.00007FF7F2E31000.00000020.00020000.sdmp, Offset: 00007FF7F2E30000, based on PE: true
            • Associated: 00000000.00000002.556406944.00007FF7F2E30000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556542572.00007FF7F2E52000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556600117.00007FF7F2E62000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556612333.00007FF7F2E6C000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556633512.00007FF7F2E6E000.00000002.00020000.sdmp Download File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7ff7f2e30000_SnapshotLogExtractor.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo
            • String ID:
            • API String ID: 3215553584-0
            • Opcode ID: 8ff10e4d941d22ce265ae0410bd6177fdc4478c1f9fe64a86e9bb12977819a5b
            • Instruction ID: 0fbe775e8a5338f39ef352180edf987335d5a98f88b78a48d8dcc4155a477a06
            • Opcode Fuzzy Hash: 8ff10e4d941d22ce265ae0410bd6177fdc4478c1f9fe64a86e9bb12977819a5b
            • Instruction Fuzzy Hash: 01F09621A2C54641F75176B098552F9EA809F80B61FB00238F57F4A3D2DEACEC80E7B0
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00007FF7F2E42340, Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.556431856.00007FF7F2E31000.00000020.00020000.sdmp, Offset: 00007FF7F2E30000, based on PE: true
            • Associated: 00000000.00000002.556406944.00007FF7F2E30000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556542572.00007FF7F2E52000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556600117.00007FF7F2E62000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556612333.00007FF7F2E6C000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556633512.00007FF7F2E6E000.00000002.00020000.sdmp Download File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7ff7f2e30000_SnapshotLogExtractor.jbxd
            Similarity
            • API ID: AllocateHeap
            • String ID:
            • API String ID: 1279760036-0
            • Opcode ID: 373ae7e4872f4677a032fa11ff1f48c82b07bb8e4aacb26d540596081ab5c248
            • Instruction ID: c786e97614f6f929d152df7a59ee24c375b2ed910fcc0fa02686a468c39d32a4
            • Opcode Fuzzy Hash: 373ae7e4872f4677a032fa11ff1f48c82b07bb8e4aacb26d540596081ab5c248
            • Instruction Fuzzy Hash: C3F05808E1D24785FF6476B258492B9D1A05F847A5FA8463CD93F8A2C1DEEDA481C2B0
            Uniqueness

            Uniqueness Score: -1.00%

            Non-executed Functions

            Function 00007FF7F2E32D90, Relevance: 264.9, APIs: 50, Strings: 101, Instructions: 656libraryloaderCOMMON
            Download Yara Rule
            APIs
            • GetProcAddress.KERNEL32(?,?,00000000,00007FF7F2E3239E,00000000,00007FF7F2E329AE), ref: 00007FF7F2E32DA0
            • GetProcAddress.KERNEL32(?,?,00000000,00007FF7F2E3239E,00000000,00007FF7F2E329AE), ref: 00007FF7F2E32DD8
              • Part of subcall function 00007FF7F2E31A80: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF7F2E354CB,?,?,?,?,?,?,?,?,?,?,?,00007FF7F2E3101D), ref: 00007FF7F2E31AB4
              • Part of subcall function 00007FF7F2E31A80: MessageBoxW.USER32 ref: 00007FF7F2E31B8C
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.556431856.00007FF7F2E31000.00000020.00020000.sdmp, Offset: 00007FF7F2E30000, based on PE: true
            • Associated: 00000000.00000002.556406944.00007FF7F2E30000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556542572.00007FF7F2E52000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556600117.00007FF7F2E62000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556612333.00007FF7F2E6C000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556633512.00007FF7F2E6E000.00000002.00020000.sdmp Download File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7ff7f2e30000_SnapshotLogExtractor.jbxd
            Similarity
            • API ID: AddressProc$ErrorLastMessage
            • String ID: Failed to get address for PyDict_GetItemString$Failed to get address for PyErr_Clear$Failed to get address for PyErr_Fetch$Failed to get address for PyErr_Occurred$Failed to get address for PyErr_Print$Failed to get address for PyErr_Restore$Failed to get address for PyEval_EvalCode$Failed to get address for PyImport_AddModule$Failed to get address for PyImport_ExecCodeModule$Failed to get address for PyImport_ImportModule$Failed to get address for PyList_Append$Failed to get address for PyList_New$Failed to get address for PyLong_AsLong$Failed to get address for PyMarshal_ReadObjectFromString$Failed to get address for PyMem_RawFree$Failed to get address for PyModule_GetDict$Failed to get address for PyObject_CallFunction$Failed to get address for PyObject_CallFunctionObjArgs$Failed to get address for PyObject_GetAttrString$Failed to get address for PyObject_SetAttrString$Failed to get address for PyObject_Str$Failed to get address for PyRun_SimpleString$Failed to get address for PySys_AddWarnOption$Failed to get address for PySys_GetObject$Failed to get address for PySys_SetArgvEx$Failed to get address for PySys_SetObject$Failed to get address for PySys_SetPath$Failed to get address for PyUnicode_AsUTF8$Failed to get address for PyUnicode_Decode$Failed to get address for PyUnicode_DecodeFSDefault$Failed to get address for PyUnicode_FromFormat$Failed to get address for PyUnicode_FromString$Failed to get address for Py_BuildValue$Failed to get address for Py_DecRef$Failed to get address for Py_DecodeLocale$Failed to get address for Py_DontWriteBytecodeFlag$Failed to get address for Py_FileSystemDefaultEncoding$Failed to get address for Py_Finalize$Failed to get address for Py_FrozenFlag$Failed to get address for Py_GetPath$Failed to get address for Py_IgnoreEnvironmentFlag$Failed to get address for Py_IncRef$Failed to get address for Py_Initialize$Failed to get address for Py_NoSiteFlag$Failed to get address for Py_NoUserSiteDirectory$Failed to get address for Py_OptimizeFlag$Failed to get address for Py_SetPath$Failed to get address for Py_SetProgramName$Failed to get address for Py_SetPythonHome$Failed to get address for Py_VerboseFlag$GetProcAddress$PyDict_GetItemString$PyErr_Clear$PyErr_Fetch$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyList_Append$PyList_New$PyLong_AsLong$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyRun_SimpleString$PySys_AddWarnOption$PySys_GetObject$PySys_SetArgvEx$PySys_SetObject$PySys_SetPath$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$Py_BuildValue$Py_DecRef$Py_DecodeLocale$Py_DontWriteBytecodeFlag$Py_FileSystemDefaultEncoding$Py_Finalize$Py_FrozenFlag$Py_GetPath$Py_IgnoreEnvironmentFlag$Py_IncRef$Py_Initialize$Py_NoSiteFlag$Py_NoUserSiteDirectory$Py_OptimizeFlag$Py_SetPath$Py_SetProgramName$Py_SetPythonHome$Py_VerboseFlag
            • API String ID: 2521482907-925859108
            • Opcode ID: ec3892e73a007c5d0b285dbb7c0c17970f584537e3f963b8783d671854eedd2a
            • Instruction ID: 3aaf74b52d189910c53a24bae79f67bdcd52002feceb5bc8109abecbcdde5e17
            • Opcode Fuzzy Hash: ec3892e73a007c5d0b285dbb7c0c17970f584537e3f963b8783d671854eedd2a
            • Instruction Fuzzy Hash: 7F623160E2AB0391EF01BB14AC5A0B4A751AF64751FE4523CD43F862E0EFECA595D3B0
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00007FF7F2E34FF0, Relevance: 24.6, APIs: 5, Strings: 9, Instructions: 95libraryloaderCOMMON
            Download Yara Rule
            APIs
            • MultiByteToWideChar.KERNEL32(?,?,?,?,?,?,?,?,00000000,00007FF7F2E32581,00000000,00007FF7F2E329A6), ref: 00007FF7F2E35020
            • LoadLibraryA.KERNEL32(?,?,?,?,?,?,?,?,00000000,00007FF7F2E32581,00000000,00007FF7F2E329A6), ref: 00007FF7F2E350AD
            • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,00000000,00007FF7F2E32581,00000000,00007FF7F2E329A6), ref: 00007FF7F2E350C0
            • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,00000000,00007FF7F2E32581,00000000,00007FF7F2E329A6), ref: 00007FF7F2E350D3
              • Part of subcall function 00007FF7F2E31A80: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF7F2E354CB,?,?,?,?,?,?,?,?,?,?,?,00007FF7F2E3101D), ref: 00007FF7F2E31AB4
              • Part of subcall function 00007FF7F2E31A80: MessageBoxW.USER32 ref: 00007FF7F2E31B8C
              • Part of subcall function 00007FF7F2E35180: GetLastError.KERNEL32(00007FF7F2E31B00), ref: 00007FF7F2E351A5
              • Part of subcall function 00007FF7F2E35180: FormatMessageW.KERNEL32(00007FF7F2E31B00), ref: 00007FF7F2E351D6
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.556431856.00007FF7F2E31000.00000020.00020000.sdmp, Offset: 00007FF7F2E30000, based on PE: true
            • Associated: 00000000.00000002.556406944.00007FF7F2E30000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556542572.00007FF7F2E52000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556600117.00007FF7F2E62000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556612333.00007FF7F2E6C000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556633512.00007FF7F2E6E000.00000002.00020000.sdmp Download File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7ff7f2e30000_SnapshotLogExtractor.jbxd
            Similarity
            • API ID: AddressErrorLastMessageProc$ByteCharFormatLibraryLoadMultiWide
            • String ID: 8$ActivateActCtx$CreateActCtxW$Failed to decode wchar_t from UTF-8$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$kernel32$win32_utils_from_utf8
            • API String ID: 2984188673-1231727188
            • Opcode ID: 8bbf31a9a5fea04613ac9aecc70842d323b84baef7a610f1387310cc736eeb81
            • Instruction ID: 5218165eb8bab6a396769b1d2e81dcc237ef1e0e6e71f8300771cb2a19f3651e
            • Opcode Fuzzy Hash: 8bbf31a9a5fea04613ac9aecc70842d323b84baef7a610f1387310cc736eeb81
            • Instruction Fuzzy Hash: AE418121A2DB4281E750AB15A808179E7A1AF44B91FA4423DE97F477D4EFBCD840C7A0
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00007FF7F2E4BDE0, Relevance: 24.1, APIs: 9, Strings: 4, Instructions: 1310COMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.556431856.00007FF7F2E31000.00000020.00020000.sdmp, Offset: 00007FF7F2E30000, based on PE: true
            • Associated: 00000000.00000002.556406944.00007FF7F2E30000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556542572.00007FF7F2E52000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556600117.00007FF7F2E62000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556612333.00007FF7F2E6C000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556633512.00007FF7F2E6E000.00000002.00020000.sdmp Download File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7ff7f2e30000_SnapshotLogExtractor.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfomemcpy_s$fegetenv
            • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
            • API String ID: 281475176-2761157908
            • Opcode ID: 0f0b4e4b0fa7262d0160ada4f34a0ea939bf7f84b88646a9f9f15e6d9860bd6f
            • Instruction ID: 1cee608d07598840b93f48d5726bb3d0e2d4bb200b4cd423ce359a218ea4f20c
            • Opcode Fuzzy Hash: 0f0b4e4b0fa7262d0160ada4f34a0ea939bf7f84b88646a9f9f15e6d9860bd6f
            • Instruction Fuzzy Hash: 2AB22A76A0D1824BE7249E75D4486FDB791FB44788FA0213ADA2B57BC4DFB8E500CB90
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00007FF7F2E35180, Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 43windowCOMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.556431856.00007FF7F2E31000.00000020.00020000.sdmp, Offset: 00007FF7F2E30000, based on PE: true
            • Associated: 00000000.00000002.556406944.00007FF7F2E30000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556542572.00007FF7F2E52000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556600117.00007FF7F2E62000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556612333.00007FF7F2E6C000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556633512.00007FF7F2E6E000.00000002.00020000.sdmp Download File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7ff7f2e30000_SnapshotLogExtractor.jbxd
            Similarity
            • API ID: ByteCharErrorFormatLastMessageMultiWide
            • String ID: FormatMessageW$No error messages generated.$PyInstaller: FormatMessageW failed.$PyInstaller: pyi_win32_utils_to_utf8 failed.
            • API String ID: 1653872744-3268588819
            • Opcode ID: 49151e1d6b2e9471ca537c97d78767a50ebecaef2fca851f444ab3126edc4647
            • Instruction ID: f143db411af435d312c9e4f160acbf808f6d01b013617ad16b8a9ef0fdd43f78
            • Opcode Fuzzy Hash: 49151e1d6b2e9471ca537c97d78767a50ebecaef2fca851f444ab3126edc4647
            • Instruction Fuzzy Hash: 32117261B2CA8281FB60BB10E86D3B6A750BF48785FE04039D56F826D5DFACD905D7A0
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00007FF7F2E42F24, Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.556431856.00007FF7F2E31000.00000020.00020000.sdmp, Offset: 00007FF7F2E30000, based on PE: true
            • Associated: 00000000.00000002.556406944.00007FF7F2E30000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556542572.00007FF7F2E52000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556600117.00007FF7F2E62000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556612333.00007FF7F2E6C000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556633512.00007FF7F2E6E000.00000002.00020000.sdmp Download File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7ff7f2e30000_SnapshotLogExtractor.jbxd
            Similarity
            • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
            • String ID:
            • API String ID: 1239891234-0
            • Opcode ID: dea3950bbabfb4bb98dcd0bfda185d721b73ee6dba8b136c981a66c73b2ddc39
            • Instruction ID: 22a544248af4bbaa6edca6f532e2cc768f0a39fce2957db7fa89f04b48df0728
            • Opcode Fuzzy Hash: dea3950bbabfb4bb98dcd0bfda185d721b73ee6dba8b136c981a66c73b2ddc39
            • Instruction Fuzzy Hash: 0E317436618F8186DB60DF25E8442AEB7A0FB88754FA00139EBAE43B94DF7CD545C750
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00007FF7F2E49380, Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 169COMMON
            Download Yara Rule
            APIs
            • _invalid_parameter_noinfo.LIBCMT ref: 00007FF7F2E493C0
              • Part of subcall function 00007FF7F2E43150: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF7F2E4312E), ref: 00007FF7F2E43159
              • Part of subcall function 00007FF7F2E43150: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF7F2E4312E), ref: 00007FF7F2E4317D
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.556431856.00007FF7F2E31000.00000020.00020000.sdmp, Offset: 00007FF7F2E30000, based on PE: true
            • Associated: 00000000.00000002.556406944.00007FF7F2E30000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556542572.00007FF7F2E52000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556600117.00007FF7F2E62000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556612333.00007FF7F2E6C000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556633512.00007FF7F2E6E000.00000002.00020000.sdmp Download File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7ff7f2e30000_SnapshotLogExtractor.jbxd
            Similarity
            • API ID: CurrentFeaturePresentProcessProcessor_invalid_parameter_noinfo
            • String ID: *$.$.
            • API String ID: 4036615347-2112782162
            • Opcode ID: 80570998e3036af4e8df7f5599da25582dfcf78b30735effc8793196a00cd4cd
            • Instruction ID: 43b60b8e3d602c7b2906369bf3bc7e0a9a35d39d64a92fef2c83f6eb584fb072
            • Opcode Fuzzy Hash: 80570998e3036af4e8df7f5599da25582dfcf78b30735effc8793196a00cd4cd
            • Instruction Fuzzy Hash: 7A51D666F18A5585FB10EBB1D4481BDA7A0BB44BC8FA44539CE2E27BC9DE7CD042C360
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00007FF7F2E4845C, Relevance: 6.4, APIs: 4, Instructions: 425stringCOMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.556431856.00007FF7F2E31000.00000020.00020000.sdmp, Offset: 00007FF7F2E30000, based on PE: true
            • Associated: 00000000.00000002.556406944.00007FF7F2E30000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556542572.00007FF7F2E52000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556600117.00007FF7F2E62000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556612333.00007FF7F2E6C000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556633512.00007FF7F2E6E000.00000002.00020000.sdmp Download File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7ff7f2e30000_SnapshotLogExtractor.jbxd
            Similarity
            • API ID: EnvironmentVariable$strchrwcschr
            • String ID:
            • API String ID: 2618829048-0
            • Opcode ID: 4fa1c7a960fd05a8b933fe00a5837cd31de75575cd1a290273096907c1820f79
            • Instruction ID: 2af05126f4269168bc6879841dc1a0dc72016769ea9d4ed62bc4ac1ada4c7e49
            • Opcode Fuzzy Hash: 4fa1c7a960fd05a8b933fe00a5837cd31de75575cd1a290273096907c1820f79
            • Instruction Fuzzy Hash: 44F1C029A1D64241FB61FB31980C279E690AF01BA4FE8463DDE7F466D1DEFDA401C3A0
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00007FF7F2E4B910, Relevance: 4.8, APIs: 3, Instructions: 340COMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.556431856.00007FF7F2E31000.00000020.00020000.sdmp, Offset: 00007FF7F2E30000, based on PE: true
            • Associated: 00000000.00000002.556406944.00007FF7F2E30000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556542572.00007FF7F2E52000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556600117.00007FF7F2E62000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556612333.00007FF7F2E6C000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556633512.00007FF7F2E6E000.00000002.00020000.sdmp Download File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7ff7f2e30000_SnapshotLogExtractor.jbxd
            Similarity
            • API ID: memcpy_s
            • String ID:
            • API String ID: 1502251526-0
            • Opcode ID: 7c95d79a6932f591ae303023ad9bcf5e3cdb31da0663f78c422ae26a9081d948
            • Instruction ID: c6631e3f52a41057345d494eb669fb15c6efb5d36c8963ed05829754dd6e1dda
            • Opcode Fuzzy Hash: 7c95d79a6932f591ae303023ad9bcf5e3cdb31da0663f78c422ae26a9081d948
            • Instruction Fuzzy Hash: 41D1B436B1C68587DB74DF25E1986AAB7A1F788784F54813CCB5A53B84CB3CE941CB40
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00007FF7F2E380E0, Relevance: 4.1, Strings: 3, Instructions: 371COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.556431856.00007FF7F2E31000.00000020.00020000.sdmp, Offset: 00007FF7F2E30000, based on PE: true
            • Associated: 00000000.00000002.556406944.00007FF7F2E30000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556542572.00007FF7F2E52000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556600117.00007FF7F2E62000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556612333.00007FF7F2E6C000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556633512.00007FF7F2E6E000.00000002.00020000.sdmp Download File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7ff7f2e30000_SnapshotLogExtractor.jbxd
            Similarity
            • API ID:
            • String ID: invalid distance code$invalid distance too far back$invalid literal/length code
            • API String ID: 0-3255898291
            • Opcode ID: 18fba1935756c56095f7c0c734112a4911ad6903954f79b565f35e2ddf94dec0
            • Instruction ID: be5b6c3d112135b37ac65f4ec01eb72ce38d213d3dea1898254006cc98f206ed
            • Opcode Fuzzy Hash: 18fba1935756c56095f7c0c734112a4911ad6903954f79b565f35e2ddf94dec0
            • Instruction Fuzzy Hash: 25D15733A1C5D18BD319CF29D408278BFA1E790791FA4813AEAAB43BC1CA7DD909D750
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00007FF7F2E495B0, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 110COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.556431856.00007FF7F2E31000.00000020.00020000.sdmp, Offset: 00007FF7F2E30000, based on PE: true
            • Associated: 00000000.00000002.556406944.00007FF7F2E30000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556542572.00007FF7F2E52000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556600117.00007FF7F2E62000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556612333.00007FF7F2E6C000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556633512.00007FF7F2E6E000.00000002.00020000.sdmp Download File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7ff7f2e30000_SnapshotLogExtractor.jbxd
            Similarity
            • API ID:
            • String ID: .
            • API String ID: 0-248832578
            • Opcode ID: 89224ffe273e019f0d2030cf7848b075b264c84233db28ced7ddfb05c9b82e5c
            • Instruction ID: 512af1ec8f30b3fa4d8f9496f90be281e38aa6d9b8351bff6664cc383d5eaa36
            • Opcode Fuzzy Hash: 89224ffe273e019f0d2030cf7848b075b264c84233db28ced7ddfb05c9b82e5c
            • Instruction Fuzzy Hash: D1313819B1C6D145EB60AE72A80C676E690EB40BE4FA48639EE7E17BC5DE7CD401C350
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00007FF7F2E50A38, Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.556431856.00007FF7F2E31000.00000020.00020000.sdmp, Offset: 00007FF7F2E30000, based on PE: true
            • Associated: 00000000.00000002.556406944.00007FF7F2E30000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556542572.00007FF7F2E52000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556600117.00007FF7F2E62000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556612333.00007FF7F2E6C000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556633512.00007FF7F2E6E000.00000002.00020000.sdmp Download File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7ff7f2e30000_SnapshotLogExtractor.jbxd
            Similarity
            • API ID: ExceptionRaise_clrfp
            • String ID:
            • API String ID: 15204871-0
            • Opcode ID: ca643f65c247a3e03c1480d48d962146c7ce190c2422d2b5f2cee43b99e2e410
            • Instruction ID: 0a4745974268d7f58f919a24bbefb3cbc49c87bed074cf2c63c4488aeed01180
            • Opcode Fuzzy Hash: ca643f65c247a3e03c1480d48d962146c7ce190c2422d2b5f2cee43b99e2e410
            • Instruction Fuzzy Hash: 39B1B173610B898BEB55CF29C48A36C7BE0F748B48F248825EB6E837A4CB79D451C750
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00007FF7F2E4E228, Relevance: 1.7, APIs: 1, Instructions: 194COMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.556431856.00007FF7F2E31000.00000020.00020000.sdmp, Offset: 00007FF7F2E30000, based on PE: true
            • Associated: 00000000.00000002.556406944.00007FF7F2E30000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556542572.00007FF7F2E52000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556600117.00007FF7F2E62000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556612333.00007FF7F2E6C000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556633512.00007FF7F2E6E000.00000002.00020000.sdmp Download File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7ff7f2e30000_SnapshotLogExtractor.jbxd
            Similarity
            • API ID: _get_daylight_invalid_parameter_noinfo
            • String ID:
            • API String ID: 474895018-0
            • Opcode ID: 3817f0850db6a30658d94a7c7102b3e6ed2a7a57572eba0a881c8b766eab921b
            • Instruction ID: 8dcc092332d406922676ba19d01a0dedb57df85ad456b14a15cae7f196918573
            • Opcode Fuzzy Hash: 3817f0850db6a30658d94a7c7102b3e6ed2a7a57572eba0a881c8b766eab921b
            • Instruction Fuzzy Hash: D071E72AE0C18246F7646A799458678E281AF44364FFC463CDAFF476C5DEFCE841C6A0
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00007FF7F2E405F8, Relevance: 1.5, Strings: 1, Instructions: 228COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.556431856.00007FF7F2E31000.00000020.00020000.sdmp, Offset: 00007FF7F2E30000, based on PE: true
            • Associated: 00000000.00000002.556406944.00007FF7F2E30000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556542572.00007FF7F2E52000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556600117.00007FF7F2E62000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556612333.00007FF7F2E6C000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556633512.00007FF7F2E6E000.00000002.00020000.sdmp Download File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7ff7f2e30000_SnapshotLogExtractor.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo
            • String ID: TMP
            • API String ID: 3215553584-3125297090
            • Opcode ID: 9637fcd54e1d65badcce78784bbd97a6591443c8f834a3869e0457247c8bfe58
            • Instruction ID: 7f9322a4b3290395cfb2ccd1ec48c88e365770c431d985ef5c6d4e77fe963a6f
            • Opcode Fuzzy Hash: 9637fcd54e1d65badcce78784bbd97a6591443c8f834a3869e0457247c8bfe58
            • Instruction Fuzzy Hash: B271A419F0C25241FB68BB36951D57A9261AF84BC4FA4403DDE2F47BD6DEBCE442C2A0
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00007FF7F2E3C710, Relevance: 1.5, Strings: 1, Instructions: 219COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.556431856.00007FF7F2E31000.00000020.00020000.sdmp, Offset: 00007FF7F2E30000, based on PE: true
            • Associated: 00000000.00000002.556406944.00007FF7F2E30000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556542572.00007FF7F2E52000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556600117.00007FF7F2E62000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556612333.00007FF7F2E6C000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556633512.00007FF7F2E6E000.00000002.00020000.sdmp Download File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7ff7f2e30000_SnapshotLogExtractor.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo
            • String ID: 0
            • API String ID: 3215553584-4108050209
            • Opcode ID: f1d8b0008fc0bb465e4aa8edb545784337c844657b3b368ce40f8c0aa9a60f0c
            • Instruction ID: a53967f06687ec60fdf0443c6e7d5f39ebc74fdbe0c88b80d761dd12c8c1f0ea
            • Opcode Fuzzy Hash: f1d8b0008fc0bb465e4aa8edb545784337c844657b3b368ce40f8c0aa9a60f0c
            • Instruction Fuzzy Hash: 15813822A5E20242E764AA25404827DAB90EF40F45FB43439DD6B976D5CF7DFD42E3A0
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00007FF7F2E3C494, Relevance: 1.4, Strings: 1, Instructions: 199COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.556431856.00007FF7F2E31000.00000020.00020000.sdmp, Offset: 00007FF7F2E30000, based on PE: true
            • Associated: 00000000.00000002.556406944.00007FF7F2E30000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556542572.00007FF7F2E52000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556600117.00007FF7F2E62000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556612333.00007FF7F2E6C000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556633512.00007FF7F2E6E000.00000002.00020000.sdmp Download File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7ff7f2e30000_SnapshotLogExtractor.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo
            • String ID: 0
            • API String ID: 3215553584-4108050209
            • Opcode ID: a261a21fa45f21d734edfefcd2ffe271b1157111beaf653bc061adca1a26389c
            • Instruction ID: dfd4ba7c15fbd203fe7c7fbd376e2ed435278534320ee965343e8e79aa4af958
            • Opcode Fuzzy Hash: a261a21fa45f21d734edfefcd2ffe271b1157111beaf653bc061adca1a26389c
            • Instruction Fuzzy Hash: 97717913A4D28246EB64AA18404827DEF909F41F46FB4353CCD2F876C5CEADEC46E7A1
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00007FF7F2E41E20, Relevance: 1.4, Strings: 1, Instructions: 139COMMONLIBRARYCODE
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.556431856.00007FF7F2E31000.00000020.00020000.sdmp, Offset: 00007FF7F2E30000, based on PE: true
            • Associated: 00000000.00000002.556406944.00007FF7F2E30000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556542572.00007FF7F2E52000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556600117.00007FF7F2E62000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556612333.00007FF7F2E6C000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556633512.00007FF7F2E6E000.00000002.00020000.sdmp Download File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7ff7f2e30000_SnapshotLogExtractor.jbxd
            Similarity
            • API ID:
            • String ID: @
            • API String ID: 0-2766056989
            • Opcode ID: bd4f0cc286c4def1e4eb6584765ed5595dfb94c3ff5f4cdca110955f04533e57
            • Instruction ID: d1a81d9f6857cdbca7e9b8eab686a61ab266644043aaaa21382215f71132b790
            • Opcode Fuzzy Hash: bd4f0cc286c4def1e4eb6584765ed5595dfb94c3ff5f4cdca110955f04533e57
            • Instruction Fuzzy Hash: 0F41F676728A4485EF44DF2AD41C2A9B7A1F748FC4B99903ADE6E8B794DE7CD042C340
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00007FF7F2E4AF30, Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.556431856.00007FF7F2E31000.00000020.00020000.sdmp, Offset: 00007FF7F2E30000, based on PE: true
            • Associated: 00000000.00000002.556406944.00007FF7F2E30000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556542572.00007FF7F2E52000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556600117.00007FF7F2E62000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556612333.00007FF7F2E6C000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556633512.00007FF7F2E6E000.00000002.00020000.sdmp Download File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7ff7f2e30000_SnapshotLogExtractor.jbxd
            Similarity
            • API ID: HeapProcess
            • String ID:
            • API String ID: 54951025-0
            • Opcode ID: 7cee5e0e22a8eba021be7915a7068f535bcc60125965579be44007f9244442d6
            • Instruction ID: 6f855d7143c887c20868c862ce461c2f80800f2543e92cadf28e2a213831e804
            • Opcode Fuzzy Hash: 7cee5e0e22a8eba021be7915a7068f535bcc60125965579be44007f9244442d6
            • Instruction Fuzzy Hash: 39B09220E27B42CAEB083B526C8A214A2A46F48B00FE8103DC01E803A0DEAC20E59760
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00007FF7F2E37890, Relevance: .2, Instructions: 198COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.556431856.00007FF7F2E31000.00000020.00020000.sdmp, Offset: 00007FF7F2E30000, based on PE: true
            • Associated: 00000000.00000002.556406944.00007FF7F2E30000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556542572.00007FF7F2E52000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556600117.00007FF7F2E62000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556612333.00007FF7F2E6C000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556633512.00007FF7F2E6E000.00000002.00020000.sdmp Download File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7ff7f2e30000_SnapshotLogExtractor.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 8529b30d0129bae012c0593e627142551c3c914d0afea61cd5a2952076061bc9
            • Instruction ID: 49fb3bc4d0150a361cc28a78aad007eb045381bf60153f7a1d5816fc8ff305c1
            • Opcode Fuzzy Hash: 8529b30d0129bae012c0593e627142551c3c914d0afea61cd5a2952076061bc9
            • Instruction Fuzzy Hash: 7971BFB37341749BEB648B2E9114AA93790F36A349FC16119EB8547B81CE3EB931CF50
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00007FF7F2E3E5D0, Relevance: .1, Instructions: 138COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.556431856.00007FF7F2E31000.00000020.00020000.sdmp, Offset: 00007FF7F2E30000, based on PE: true
            • Associated: 00000000.00000002.556406944.00007FF7F2E30000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556542572.00007FF7F2E52000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556600117.00007FF7F2E62000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556612333.00007FF7F2E6C000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556633512.00007FF7F2E6E000.00000002.00020000.sdmp Download File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7ff7f2e30000_SnapshotLogExtractor.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 57fe8ae82f4a7f1e5c3cba6a7b579c4cbe970ed01518187d4632761707183b5f
            • Instruction ID: 6babefbce407a8272299ee500135ec575542e9db029c94bd148306eea2e42df2
            • Opcode Fuzzy Hash: 57fe8ae82f4a7f1e5c3cba6a7b579c4cbe970ed01518187d4632761707183b5f
            • Instruction Fuzzy Hash: 4B41A29280C69A44EB659A18050C7B89E809F12FA6FBD52B8DDFF133D3D94D2D47D2A0
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00007FF7F2E50880, Relevance: .0, Instructions: 32COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.556431856.00007FF7F2E31000.00000020.00020000.sdmp, Offset: 00007FF7F2E30000, based on PE: true
            • Associated: 00000000.00000002.556406944.00007FF7F2E30000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556542572.00007FF7F2E52000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556600117.00007FF7F2E62000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556612333.00007FF7F2E6C000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556633512.00007FF7F2E6E000.00000002.00020000.sdmp Download File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7ff7f2e30000_SnapshotLogExtractor.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 719d33bfd78bbdc1e4324f83c43092422b3edcd0ae8233d57bc1ce4766808aab
            • Instruction ID: 60566de996c32a21fdf51f15a2d743648641549a93afdab8657327d9ed3af680
            • Opcode Fuzzy Hash: 719d33bfd78bbdc1e4324f83c43092422b3edcd0ae8233d57bc1ce4766808aab
            • Instruction Fuzzy Hash: 0AF068717292558ADBD49F68A442629BBD1F708380FD0803ED69D83B44D67CD051CF54
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00007FF7F2E391A4, Relevance: .0, Instructions: 2COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.556431856.00007FF7F2E31000.00000020.00020000.sdmp, Offset: 00007FF7F2E30000, based on PE: true
            • Associated: 00000000.00000002.556406944.00007FF7F2E30000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556542572.00007FF7F2E52000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556600117.00007FF7F2E62000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556612333.00007FF7F2E6C000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556633512.00007FF7F2E6E000.00000002.00020000.sdmp Download File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7ff7f2e30000_SnapshotLogExtractor.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 1ca2c59ec4e94389994a43a51f1a489f70d9b36be9d50e0c384377ee99b34082
            • Instruction ID: 550788915d069198263146a45821b5c1c03fecb3c2f28864f7935ab5b544eb6d
            • Opcode Fuzzy Hash: 1ca2c59ec4e94389994a43a51f1a489f70d9b36be9d50e0c384377ee99b34082
            • Instruction Fuzzy Hash: BAA0022191CC02D0E705AB01EE5D031A731EB54711BE34039D16F920E09FBCA940E3B0
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00007FF7F2E32390, Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 133COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.556431856.00007FF7F2E31000.00000020.00020000.sdmp, Offset: 00007FF7F2E30000, based on PE: true
            • Associated: 00000000.00000002.556406944.00007FF7F2E30000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556542572.00007FF7F2E52000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556600117.00007FF7F2E62000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556612333.00007FF7F2E6C000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556633512.00007FF7F2E6E000.00000002.00020000.sdmp Download File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7ff7f2e30000_SnapshotLogExtractor.jbxd
            Similarity
            • API ID:
            • String ID: %s.py$Could not get __main__ module's dict.$Could not get __main__ module.$Failed to execute script %s$Failed to unmarshal code object for %s$Name exceeds PATH_MAX$__file__$__main__
            • API String ID: 0-2368408649
            • Opcode ID: 49926bb02e4035c01c44de42f3174b4f45664645dc41eb22b8dba24cd27e2934
            • Instruction ID: e16ee133a3c551db90e050429a53251bb4412e47b6c249f51cc6f15985db2e69
            • Opcode Fuzzy Hash: 49926bb02e4035c01c44de42f3174b4f45664645dc41eb22b8dba24cd27e2934
            • Instruction Fuzzy Hash: 5A517321A1C68381EB14BB2198191F9AB50BF54F91FE40139D9BF462D5DEBCEC45E3A0
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00007FF7F2E46E50, Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 117COMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.556431856.00007FF7F2E31000.00000020.00020000.sdmp, Offset: 00007FF7F2E30000, based on PE: true
            • Associated: 00000000.00000002.556406944.00007FF7F2E30000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556542572.00007FF7F2E52000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556600117.00007FF7F2E62000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556612333.00007FF7F2E6C000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556633512.00007FF7F2E6E000.00000002.00020000.sdmp Download File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7ff7f2e30000_SnapshotLogExtractor.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo
            • String ID: INF$NAN$NAN(IND)$NAN(SNAN)$inf$nan$nan(ind)$nan(snan)
            • API String ID: 3215553584-2617248754
            • Opcode ID: 13e809ab712d66b6c843fe6cc587ebe12812001c06d8cb4ef2ada7399ac24189
            • Instruction ID: f98ab929bb2867a43a46df0e5ffd59037715d0d857ff60e64713b7c7db1dfed0
            • Opcode Fuzzy Hash: 13e809ab712d66b6c843fe6cc587ebe12812001c06d8cb4ef2ada7399ac24189
            • Instruction Fuzzy Hash: 3A41DE36A19B4588EB00DF71E8457D973A5EB14388FA0413ADEAE43B84DE7CD125C390
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00007FF7F2E338B0, Relevance: 15.8, APIs: 2, Strings: 7, Instructions: 89COMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.556431856.00007FF7F2E31000.00000020.00020000.sdmp, Offset: 00007FF7F2E30000, based on PE: true
            • Associated: 00000000.00000002.556406944.00007FF7F2E30000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556542572.00007FF7F2E52000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556600117.00007FF7F2E62000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556612333.00007FF7F2E6C000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556633512.00007FF7F2E6E000.00000002.00020000.sdmp Download File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7ff7f2e30000_SnapshotLogExtractor.jbxd
            Similarity
            • API ID: htonl
            • String ID: Failed to get _MEIPASS as PyObject.$_MEIPASS$loads$marshal$mod is NULL - %s$strict$utf-8
            • API String ID: 2009864989-3336796446
            • Opcode ID: 811a601099fb383aed382a349adc6b35c5b2f6b442f6c85c92eda5ccbc5a34e4
            • Instruction ID: 56cb1ab6ad056ff502342d5bd3d8e359f09a0a571650bdcc9d5cdd8a1dab063e
            • Opcode Fuzzy Hash: 811a601099fb383aed382a349adc6b35c5b2f6b442f6c85c92eda5ccbc5a34e4
            • Instruction Fuzzy Hash: 6C416D61A1D642D1EB04BB25E85D6B8EB60EF14B91FA44139CA3F063D4DEBCE444D3A0
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00007FF7F2E340D0, Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 81COMMON
            Download Yara Rule
            APIs
              • Part of subcall function 00007FF7F2E355F0: MultiByteToWideChar.KERNEL32 ref: 00007FF7F2E3562A
            • ExpandEnvironmentStringsW.KERNEL32(00000000,00007FF7F2E343EF,?,00000000,?,00007FF7F2E3436D), ref: 00007FF7F2E34132
              • Part of subcall function 00007FF7F2E31BD0: MessageBoxW.USER32 ref: 00007FF7F2E31CA1
            Strings
            • LOADER: Failed to convert runtime-tmpdir to a wide string., xrefs: 00007FF7F2E34106
            • LOADER: Failed to obtain the absolute path of the runtime-tmpdir., xrefs: 00007FF7F2E34176
            • LOADER: Failed to expand environment variables in the runtime-tmpdir., xrefs: 00007FF7F2E34146
            Memory Dump Source
            • Source File: 00000000.00000002.556431856.00007FF7F2E31000.00000020.00020000.sdmp, Offset: 00007FF7F2E30000, based on PE: true
            • Associated: 00000000.00000002.556406944.00007FF7F2E30000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556542572.00007FF7F2E52000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556600117.00007FF7F2E62000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556612333.00007FF7F2E6C000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556633512.00007FF7F2E6E000.00000002.00020000.sdmp Download File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7ff7f2e30000_SnapshotLogExtractor.jbxd
            Similarity
            • API ID: ByteCharEnvironmentExpandMessageMultiStringsWide
            • String ID: LOADER: Failed to convert runtime-tmpdir to a wide string.$LOADER: Failed to expand environment variables in the runtime-tmpdir.$LOADER: Failed to obtain the absolute path of the runtime-tmpdir.
            • API String ID: 1662231829-3498232454
            • Opcode ID: 5c371cbf9fdebcea0479b6137a4e71ba9ce26e50453a577be4dcd7cf64a0d5d0
            • Instruction ID: 4ec9881c4de6d6a6f7667983fe156ef5566bff8079a38ca5b3b4db9996f8b89f
            • Opcode Fuzzy Hash: 5c371cbf9fdebcea0479b6137a4e71ba9ce26e50453a577be4dcd7cf64a0d5d0
            • Instruction Fuzzy Hash: 4F31EC51B1C78241FB24B725981D2F5D691AF58BC1FE4003DCA6F877C6EEACE904D660
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00007FF7F2E31E50, Relevance: 13.7, APIs: 1, Strings: 8, Instructions: 170stringCOMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.556431856.00007FF7F2E31000.00000020.00020000.sdmp, Offset: 00007FF7F2E30000, based on PE: true
            • Associated: 00000000.00000002.556406944.00007FF7F2E30000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556542572.00007FF7F2E52000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556600117.00007FF7F2E62000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556612333.00007FF7F2E6C000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556633512.00007FF7F2E6E000.00000002.00020000.sdmp Download File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7ff7f2e30000_SnapshotLogExtractor.jbxd
            Similarity
            • API ID: strchr
            • String ID: %s%s%s$%s%s%s%s%s$%s%s%s%s%s%s%s$%s%s%s.exe$%s%s%s.pkg$Archive not found: %s$Error copying %s$Error extracting %s
            • API String ID: 2830005266-390755151
            • Opcode ID: 2cae59613dd8c033348c2fd7fb452a6e95e400b711d5da0a93fa1ded474ff3ba
            • Instruction ID: ccb3f85926dfc75125b3926b350c32dff195dc7f4b3c8f27ac3f060e03f5d26c
            • Opcode Fuzzy Hash: 2cae59613dd8c033348c2fd7fb452a6e95e400b711d5da0a93fa1ded474ff3ba
            • Instruction Fuzzy Hash: CA81662150CEC394DB20AB20E8441FDA761FB44B85FD4413ADA9E476D9DFBCDA09D7A0
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00007FF7F2E33C90, Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 121COMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.556431856.00007FF7F2E31000.00000020.00020000.sdmp, Offset: 00007FF7F2E30000, based on PE: true
            • Associated: 00000000.00000002.556406944.00007FF7F2E30000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556542572.00007FF7F2E52000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556600117.00007FF7F2E62000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556612333.00007FF7F2E6C000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556633512.00007FF7F2E6E000.00000002.00020000.sdmp Download File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7ff7f2e30000_SnapshotLogExtractor.jbxd
            Similarity
            • API ID: setbuf$fflush
            • String ID: Failed to convert Wflag %s using mbstowcs (invalid multibyte string)$pyi-
            • API String ID: 410961200-3625900369
            • Opcode ID: 413a368b41899ad052f8db7faf33178e987bf82f9150721c76abef8cf445173f
            • Instruction ID: 295b194929a65a851ea72d2098efb9c153a5ebd8c4557fc17ab6def913011af5
            • Opcode Fuzzy Hash: 413a368b41899ad052f8db7faf33178e987bf82f9150721c76abef8cf445173f
            • Instruction Fuzzy Hash: 48517F22A1C60281E714BB25A41D2B9AB91AF94F81FE4413DD96F473D6DEBCE801D7E0
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00007FF7F2E34C70, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 93processsynchronizationCOMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.556431856.00007FF7F2E31000.00000020.00020000.sdmp, Offset: 00007FF7F2E30000, based on PE: true
            • Associated: 00000000.00000002.556406944.00007FF7F2E30000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556542572.00007FF7F2E52000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556600117.00007FF7F2E62000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556612333.00007FF7F2E6C000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556633512.00007FF7F2E6E000.00000002.00020000.sdmp Download File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7ff7f2e30000_SnapshotLogExtractor.jbxd
            Similarity
            • API ID: Process_invalid_parameter_noinfo$ByteCharCodeCommandConsoleCreateCtrlErrorExitHandlerInfoLastLineMultiObjectSingleStartupWaitWide
            • String ID: CreateProcessW$Error creating child process!
            • API String ID: 1742298069-3524285272
            • Opcode ID: 8efa9e82617e27058c3254f34b784a5925503d44f0b234cec17b2bb917fbb179
            • Instruction ID: f7b254f259686b18fbfd74d8220c364ac40e16ab49ac0a424859f564786c79e0
            • Opcode Fuzzy Hash: 8efa9e82617e27058c3254f34b784a5925503d44f0b234cec17b2bb917fbb179
            • Instruction Fuzzy Hash: BD414032A1C68282D710EB61E4592AEF7A0FF94740FA0413DE6AE476D9DFBCD454CB50
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00007FF7F2E356F0, Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 63COMMON
            Download Yara Rule
            APIs
            • WideCharToMultiByte.KERNEL32 ref: 00007FF7F2E35731
              • Part of subcall function 00007FF7F2E31A80: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF7F2E354CB,?,?,?,?,?,?,?,?,?,?,?,00007FF7F2E3101D), ref: 00007FF7F2E31AB4
              • Part of subcall function 00007FF7F2E31A80: MessageBoxW.USER32 ref: 00007FF7F2E31B8C
            • WideCharToMultiByte.KERNEL32 ref: 00007FF7F2E357A3
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.556431856.00007FF7F2E31000.00000020.00020000.sdmp, Offset: 00007FF7F2E30000, based on PE: true
            • Associated: 00000000.00000002.556406944.00007FF7F2E30000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556542572.00007FF7F2E52000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556600117.00007FF7F2E62000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556612333.00007FF7F2E6C000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556633512.00007FF7F2E6E000.00000002.00020000.sdmp Download File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7ff7f2e30000_SnapshotLogExtractor.jbxd
            Similarity
            • API ID: ByteCharMultiWide$ErrorLastMessage
            • String ID: Failed to encode wchar_t as UTF-8.$Failed to get UTF-8 buffer size.$Out of memory.$WideCharToMultiByte$win32_utils_to_utf8
            • API String ID: 3723044601-3595433791
            • Opcode ID: dc7623206e459a643b1b969cc42d55fc9c023ca4932277f9c2adeafce414d638
            • Instruction ID: 3a02d93aae726ec9ef66a4df82ce9654b67cad16a7d0d8379e98760e569e5d45
            • Opcode Fuzzy Hash: dc7623206e459a643b1b969cc42d55fc9c023ca4932277f9c2adeafce414d638
            • Instruction Fuzzy Hash: E821D52161CB4284EB10EF15E849079FBA1AB44F91BA4413DD62F877D4EF7CE840D3A0
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00007FF7F2E33A30, Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 60COMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.556431856.00007FF7F2E31000.00000020.00020000.sdmp, Offset: 00007FF7F2E30000, based on PE: true
            • Associated: 00000000.00000002.556406944.00007FF7F2E30000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556542572.00007FF7F2E52000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556600117.00007FF7F2E62000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556612333.00007FF7F2E6C000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556633512.00007FF7F2E6E000.00000002.00020000.sdmp Download File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7ff7f2e30000_SnapshotLogExtractor.jbxd
            Similarity
            • API ID: Messagehtonl
            • String ID: %U?%zu$Failed to append to sys.path$Installing PYZ: Could not get sys.path$path$strict$utf-8
            • API String ID: 2605525799-2673223963
            • Opcode ID: 65b5a31e0b82e64278c5567fff5a8140230bfba6c98c97d5e3aa0efef54fdd36
            • Instruction ID: cc4ef73a1f0bc9e90a8b964eb4bf47bbd0a974f3b9183c65f4e7853be0858d72
            • Opcode Fuzzy Hash: 65b5a31e0b82e64278c5567fff5a8140230bfba6c98c97d5e3aa0efef54fdd36
            • Instruction Fuzzy Hash: 51219560A1C54281EB04BB21E8591B9E761EF54B91FA40139DA2F472D5DEBCE841C3D0
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00007FF7F2E357E0, Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 100COMMON
            Download Yara Rule
            APIs
            • MultiByteToWideChar.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF7F2E33EBF), ref: 00007FF7F2E35873
            • MultiByteToWideChar.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF7F2E33EBF), ref: 00007FF7F2E358B3
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.556431856.00007FF7F2E31000.00000020.00020000.sdmp, Offset: 00007FF7F2E30000, based on PE: true
            • Associated: 00000000.00000002.556406944.00007FF7F2E30000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556542572.00007FF7F2E52000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556600117.00007FF7F2E62000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556612333.00007FF7F2E6C000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556633512.00007FF7F2E6E000.00000002.00020000.sdmp Download File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7ff7f2e30000_SnapshotLogExtractor.jbxd
            Similarity
            • API ID: ByteCharMultiWide
            • String ID: Failed to decode wchar_t from UTF-8$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$win32_utils_from_utf8
            • API String ID: 626452242-306716450
            • Opcode ID: 32126d68507f226833ceab4c6885ca9914fff6d9cd67a7dbe6e29d5f02e3637f
            • Instruction ID: 0e279235bd85522871d2b1d12c1f0417f9e6832f85b83975d8a7458cb85c9830
            • Opcode Fuzzy Hash: 32126d68507f226833ceab4c6885ca9914fff6d9cd67a7dbe6e29d5f02e3637f
            • Instruction Fuzzy Hash: 4A41D332A1DB4282E710EB15A84917AFBA1FB48B91FA04139DAAE47BD4DF7CD801D750
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00007FF7F2E355F0, Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 68COMMON
            Download Yara Rule
            APIs
            • MultiByteToWideChar.KERNEL32 ref: 00007FF7F2E3562A
              • Part of subcall function 00007FF7F2E31A80: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF7F2E354CB,?,?,?,?,?,?,?,?,?,?,?,00007FF7F2E3101D), ref: 00007FF7F2E31AB4
              • Part of subcall function 00007FF7F2E31A80: MessageBoxW.USER32 ref: 00007FF7F2E31B8C
            • MultiByteToWideChar.KERNEL32 ref: 00007FF7F2E356AE
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.556431856.00007FF7F2E31000.00000020.00020000.sdmp, Offset: 00007FF7F2E30000, based on PE: true
            • Associated: 00000000.00000002.556406944.00007FF7F2E30000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556542572.00007FF7F2E52000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556600117.00007FF7F2E62000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556612333.00007FF7F2E6C000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556633512.00007FF7F2E6E000.00000002.00020000.sdmp Download File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7ff7f2e30000_SnapshotLogExtractor.jbxd
            Similarity
            • API ID: ByteCharMultiWide$ErrorLastMessage
            • String ID: Failed to decode wchar_t from UTF-8$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$win32_utils_from_utf8
            • API String ID: 3723044601-306716450
            • Opcode ID: 37a1b424c74fb477429fb9f59754332add0cc9e70fd9b550b3379cde2de7eaf7
            • Instruction ID: 04edfc066b3977292e19242779ef1e58205cc2f791ba7febe828678712a0f85a
            • Opcode Fuzzy Hash: 37a1b424c74fb477429fb9f59754332add0cc9e70fd9b550b3379cde2de7eaf7
            • Instruction Fuzzy Hash: B721C321B1CA4281EB50EB19F805166E7B1AF897C4FA40139DB6E83BE9EF6CD541C750
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00007FF7F2E47C14, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 97COMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.556431856.00007FF7F2E31000.00000020.00020000.sdmp, Offset: 00007FF7F2E30000, based on PE: true
            • Associated: 00000000.00000002.556406944.00007FF7F2E30000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556542572.00007FF7F2E52000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556600117.00007FF7F2E62000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556612333.00007FF7F2E6C000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556633512.00007FF7F2E6E000.00000002.00020000.sdmp Download File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7ff7f2e30000_SnapshotLogExtractor.jbxd
            Similarity
            • API ID: CurrentDirectoryErrorFullLastNamePath_invalid_parameter_noinfo
            • String ID: .$:
            • API String ID: 2924719347-4202072812
            • Opcode ID: 2b9388e7e9861364eec5012519c4eb167be81f0516e1e6a70f90f217d10035bd
            • Instruction ID: 7e6ec3a00ad7a8b0b38c0eb6e964238f00ae854676148092421dd7fa2cf6d66b
            • Opcode Fuzzy Hash: 2b9388e7e9861364eec5012519c4eb167be81f0516e1e6a70f90f217d10035bd
            • Instruction Fuzzy Hash: DB31B815A1C242C1FB207B7194192BAE590AF99B44FE4403CD96F477C2DEECE950D6F2
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00007FF7F2E31A80, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 67windowCOMMON
            Download Yara Rule
            APIs
            • GetLastError.KERNEL32(00000000,00000000,00000000,00007FF7F2E354CB,?,?,?,?,?,?,?,?,?,?,?,00007FF7F2E3101D), ref: 00007FF7F2E31AB4
              • Part of subcall function 00007FF7F2E3D7B0: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7F2E3D801
              • Part of subcall function 00007FF7F2E35180: GetLastError.KERNEL32(00007FF7F2E31B00), ref: 00007FF7F2E351A5
              • Part of subcall function 00007FF7F2E35180: FormatMessageW.KERNEL32(00007FF7F2E31B00), ref: 00007FF7F2E351D6
              • Part of subcall function 00007FF7F2E355F0: MultiByteToWideChar.KERNEL32 ref: 00007FF7F2E3562A
            • MessageBoxW.USER32 ref: 00007FF7F2E31B8C
            • MessageBoxA.USER32 ref: 00007FF7F2E31BA8
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.556431856.00007FF7F2E31000.00000020.00020000.sdmp, Offset: 00007FF7F2E30000, based on PE: true
            • Associated: 00000000.00000002.556406944.00007FF7F2E30000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556542572.00007FF7F2E52000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556600117.00007FF7F2E62000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556612333.00007FF7F2E6C000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556633512.00007FF7F2E6E000.00000002.00020000.sdmp Download File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7ff7f2e30000_SnapshotLogExtractor.jbxd
            Similarity
            • API ID: Message$ErrorLast$ByteCharFormatMultiWide_invalid_parameter_noinfo
            • String ID: %s%s: %s$Fatal error detected
            • API String ID: 3954381779-2410924014
            • Opcode ID: 4866cbc3fab5bbc43b8bc64651998207f1158443c14c361d34ef07d7c1a49a9a
            • Instruction ID: 40abb91d51e0533b1a94aaaf5aa5cb09e65f78327731564323b8a15d547cca60
            • Opcode Fuzzy Hash: 4866cbc3fab5bbc43b8bc64651998207f1158443c14c361d34ef07d7c1a49a9a
            • Instruction Fuzzy Hash: 8531947262CA8281E730EB10E4557EAA764FF84B84FD0403AE69E476D9DF7CD605CB90
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00007FF7F2E41A58, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29libraryloaderCOMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.556431856.00007FF7F2E31000.00000020.00020000.sdmp, Offset: 00007FF7F2E30000, based on PE: true
            • Associated: 00000000.00000002.556406944.00007FF7F2E30000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556542572.00007FF7F2E52000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556600117.00007FF7F2E62000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556612333.00007FF7F2E6C000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556633512.00007FF7F2E6E000.00000002.00020000.sdmp Download File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7ff7f2e30000_SnapshotLogExtractor.jbxd
            Similarity
            • API ID: AddressFreeHandleLibraryModuleProc
            • String ID: CorExitProcess$mscoree.dll
            • API String ID: 4061214504-1276376045
            • Opcode ID: 174772add9b1768289308ac85ff7735747b94195c07d87550a9271d4ce2ad12e
            • Instruction ID: 1dcba022a871eab66805a92a582b6a66d7c4c818b560da7c85e964b9d41662d1
            • Opcode Fuzzy Hash: 174772add9b1768289308ac85ff7735747b94195c07d87550a9271d4ce2ad12e
            • Instruction Fuzzy Hash: 92F04425A2D64281EF44AB51F889379A360EF887C0FA8103ED92F866A4DE7CD494C760
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00007FF7F2E4FE30, Relevance: 7.8, APIs: 5, Instructions: 265COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.556431856.00007FF7F2E31000.00000020.00020000.sdmp, Offset: 00007FF7F2E30000, based on PE: true
            • Associated: 00000000.00000002.556406944.00007FF7F2E30000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556542572.00007FF7F2E52000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556600117.00007FF7F2E62000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556612333.00007FF7F2E6C000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556633512.00007FF7F2E6E000.00000002.00020000.sdmp Download File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7ff7f2e30000_SnapshotLogExtractor.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 77edf67c6696da770760816563c9d050328314ea58b4dda7ed8c7408b55fdbff
            • Instruction ID: 13109d238ffd7a4f41d2cc03a95a872cb7f178548d60d5f95aa5f3ebd418dd7e
            • Opcode Fuzzy Hash: 77edf67c6696da770760816563c9d050328314ea58b4dda7ed8c7408b55fdbff
            • Instruction Fuzzy Hash: 2EA1F662A1C78245FB20AB60C4193B9A691EF04BA4FE44639EA7E467C5DFBCD500C3B1
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00007FF7F2E44598, Relevance: 7.6, APIs: 5, Instructions: 142fileCOMMONLIBRARYCODE
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.556431856.00007FF7F2E31000.00000020.00020000.sdmp, Offset: 00007FF7F2E30000, based on PE: true
            • Associated: 00000000.00000002.556406944.00007FF7F2E30000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556542572.00007FF7F2E52000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556600117.00007FF7F2E62000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556612333.00007FF7F2E6C000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556633512.00007FF7F2E6E000.00000002.00020000.sdmp Download File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7ff7f2e30000_SnapshotLogExtractor.jbxd
            Similarity
            • API ID: FileWrite$ByteCharConsoleErrorLastMultiWide
            • String ID:
            • API String ID: 3659116390-0
            • Opcode ID: 428e96efcc85d1a51bca8eb7517ab89f727c0c246cbe0d1d7c61ba8d40ce5d68
            • Instruction ID: 0fe3925626d77f9ebea1f069b942d9e50510e1f553520c9c4a2bb20530772826
            • Opcode Fuzzy Hash: 428e96efcc85d1a51bca8eb7517ab89f727c0c246cbe0d1d7c61ba8d40ce5d68
            • Instruction Fuzzy Hash: 4651E336B18A5186E710DB35D8883ACBB70FB45798F948139CE2E47AD8DF78D146C760
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00007FF7F2E3E9E8, Relevance: 7.6, APIs: 5, Instructions: 133COMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.556431856.00007FF7F2E31000.00000020.00020000.sdmp, Offset: 00007FF7F2E30000, based on PE: true
            • Associated: 00000000.00000002.556406944.00007FF7F2E30000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556542572.00007FF7F2E52000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556600117.00007FF7F2E62000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556612333.00007FF7F2E6C000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556633512.00007FF7F2E6E000.00000002.00020000.sdmp Download File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7ff7f2e30000_SnapshotLogExtractor.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo
            • String ID:
            • API String ID: 3215553584-0
            • Opcode ID: b49efa81cf56b66742cb682c4c553ca1ca8ce20f3c8088ee485a089204ff9994
            • Instruction ID: 82c88a01f0e91dd6d44d27929081f1d8ad9c703b649de61a96e91900433e34a4
            • Opcode Fuzzy Hash: b49efa81cf56b66742cb682c4c553ca1ca8ce20f3c8088ee485a089204ff9994
            • Instruction Fuzzy Hash: EA51942161C68185EB21AB219458179EBD0FF40FA1FA84239DABB137D4DEBCE801D7A0
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00007FF7F2E45200, Relevance: 7.6, APIs: 5, Instructions: 114libraryloaderCOMMONLIBRARYCODE
            Download Yara Rule
            APIs
            • GetProcAddress.KERNEL32(?,00000000,00000006,00007FF7F2E45617,?,?,00000000,00007FF7F2E46453,?,?,?,00007FF7F2E3DCDD), ref: 00007FF7F2E45322
            Memory Dump Source
            • Source File: 00000000.00000002.556431856.00007FF7F2E31000.00000020.00020000.sdmp, Offset: 00007FF7F2E30000, based on PE: true
            • Associated: 00000000.00000002.556406944.00007FF7F2E30000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556542572.00007FF7F2E52000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556600117.00007FF7F2E62000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556612333.00007FF7F2E6C000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556633512.00007FF7F2E6E000.00000002.00020000.sdmp Download File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7ff7f2e30000_SnapshotLogExtractor.jbxd
            Similarity
            • API ID: AddressProc
            • String ID:
            • API String ID: 190572456-0
            • Opcode ID: 3751dac6601a2df5a9cf2768e46c3ce1bbdb24889ac780515de95471a1f40f61
            • Instruction ID: e995efb62893536d7ad1047db233ac0177b30cffb7a75a9ee6230c997bf466ee
            • Opcode Fuzzy Hash: 3751dac6601a2df5a9cf2768e46c3ce1bbdb24889ac780515de95471a1f40f61
            • Instruction Fuzzy Hash: 7A41D525B1D64181FB16AB62980C675A295BF24B90FA94539DD3F4B7C8DEBCE400C3A4
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00007FF7F2E47574, Relevance: 7.6, APIs: 5, Instructions: 72COMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.556431856.00007FF7F2E31000.00000020.00020000.sdmp, Offset: 00007FF7F2E30000, based on PE: true
            • Associated: 00000000.00000002.556406944.00007FF7F2E30000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556542572.00007FF7F2E52000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556600117.00007FF7F2E62000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556612333.00007FF7F2E6C000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556633512.00007FF7F2E6E000.00000002.00020000.sdmp Download File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7ff7f2e30000_SnapshotLogExtractor.jbxd
            Similarity
            • API ID: ByteCharErrorLastMultiWide$AllocateHeap_invalid_parameter_noinfo
            • String ID:
            • API String ID: 1500607604-0
            • Opcode ID: 4b53c19d4e5ef3dd71644907beb662ff8abaca16f954b6015c9638fcfc481bef
            • Instruction ID: 8564775b6edeed9b0be6bf1e91f9df5ccc412d1b571080e080cfe6ecafc7089a
            • Opcode Fuzzy Hash: 4b53c19d4e5ef3dd71644907beb662ff8abaca16f954b6015c9638fcfc481bef
            • Instruction Fuzzy Hash: 1D210575A0D70281E714BF76680817AE695BF84B90FA80538EE6F877D5DEBCD410C6A0
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00007FF7F2E50680, Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.556431856.00007FF7F2E31000.00000020.00020000.sdmp, Offset: 00007FF7F2E30000, based on PE: true
            • Associated: 00000000.00000002.556406944.00007FF7F2E30000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556542572.00007FF7F2E52000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556600117.00007FF7F2E62000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556612333.00007FF7F2E6C000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556633512.00007FF7F2E6E000.00000002.00020000.sdmp Download File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7ff7f2e30000_SnapshotLogExtractor.jbxd
            Similarity
            • API ID: _set_statfp
            • String ID:
            • API String ID: 1156100317-0
            • Opcode ID: 70895f6a6caca5a93f387097b68bfd30b7bf4dd7af3bc8c27b3038974be86bdd
            • Instruction ID: f94174855f3e766c3b0146d1811e974aca20e8c07f9f915db302cc54e7b74a0f
            • Opcode Fuzzy Hash: 70895f6a6caca5a93f387097b68bfd30b7bf4dd7af3bc8c27b3038974be86bdd
            • Instruction Fuzzy Hash: D8115166E3860305FBD43114D4AB37981816F5D360FB5423CF5BF866D6CEEC9540C5A0
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00007FF7F2E47E7C, Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 205COMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.556431856.00007FF7F2E31000.00000020.00020000.sdmp, Offset: 00007FF7F2E30000, based on PE: true
            • Associated: 00000000.00000002.556406944.00007FF7F2E30000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556542572.00007FF7F2E52000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556600117.00007FF7F2E62000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556612333.00007FF7F2E6C000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556633512.00007FF7F2E6E000.00000002.00020000.sdmp Download File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7ff7f2e30000_SnapshotLogExtractor.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo
            • String ID: UTF-16LEUNICODE$UTF-8$ccs
            • API String ID: 3215553584-1196891531
            • Opcode ID: bfa37a71fdc34fb473503a858c0728483eba446a409076773135aa41076e4671
            • Instruction ID: ec6b95f922326915dc391163aa65fca9e5a940ad65320d52e906fee900f03f62
            • Opcode Fuzzy Hash: bfa37a71fdc34fb473503a858c0728483eba446a409076773135aa41076e4671
            • Instruction Fuzzy Hash: D181A27AD1C20281FB65EF359949278E790AF11744FA4813DCA2B476C1DBEDB860D2E1
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00007FF7F2E449C4, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 100fileCOMMONLIBRARYCODE
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.556431856.00007FF7F2E31000.00000020.00020000.sdmp, Offset: 00007FF7F2E30000, based on PE: true
            • Associated: 00000000.00000002.556406944.00007FF7F2E30000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556542572.00007FF7F2E52000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556600117.00007FF7F2E62000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556612333.00007FF7F2E6C000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556633512.00007FF7F2E6E000.00000002.00020000.sdmp Download File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7ff7f2e30000_SnapshotLogExtractor.jbxd
            Similarity
            • API ID: ByteCharErrorFileLastMultiWideWrite
            • String ID: U
            • API String ID: 2456169464-4171548499
            • Opcode ID: b24d5fc350413562a91eec3168f509ed6021606716828061a1a47401018b0090
            • Instruction ID: a27060f2ecc942db32baa4e117e163c17cf2a1e1109cb0aa64001aada1e59803
            • Opcode Fuzzy Hash: b24d5fc350413562a91eec3168f509ed6021606716828061a1a47401018b0090
            • Instruction Fuzzy Hash: 0241D82671DA4182DB209F25E8483BAB760FB84784F914039EE5E877C8EFBCD445D794
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00007FF7F2E31930, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 67windowCOMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.556431856.00007FF7F2E31000.00000020.00020000.sdmp, Offset: 00007FF7F2E30000, based on PE: true
            • Associated: 00000000.00000002.556406944.00007FF7F2E30000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556542572.00007FF7F2E52000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556600117.00007FF7F2E62000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556612333.00007FF7F2E6C000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556633512.00007FF7F2E6E000.00000002.00020000.sdmp Download File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7ff7f2e30000_SnapshotLogExtractor.jbxd
            Similarity
            • API ID: Message$ByteCharMultiWide_invalid_parameter_noinfo
            • String ID: %s%s: %s$Fatal error detected
            • API String ID: 2686647306-2410924014
            • Opcode ID: 3c4043cd4efdcea9593755bc98650363e9fdca9fb1c4e3caea14faeba3759e60
            • Instruction ID: c5ec568446cfc30ec61c8b3cdd7047d864b7f209944357bb557add69b5acbdf0
            • Opcode Fuzzy Hash: 3c4043cd4efdcea9593755bc98650363e9fdca9fb1c4e3caea14faeba3759e60
            • Instruction Fuzzy Hash: F731837262C68181E720FB10E4557DAA7A4FF84B85FD04039EA9E476D9CF7CD605CB90
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00007FF7F2E32B30, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
            Download Yara Rule
            APIs
            • GetModuleFileNameW.KERNEL32(?,00007FF7F2E32831), ref: 00007FF7F2E32B61
              • Part of subcall function 00007FF7F2E31A80: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF7F2E354CB,?,?,?,?,?,?,?,?,?,?,?,00007FF7F2E3101D), ref: 00007FF7F2E31AB4
              • Part of subcall function 00007FF7F2E31A80: MessageBoxW.USER32 ref: 00007FF7F2E31B8C
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.556431856.00007FF7F2E31000.00000020.00020000.sdmp, Offset: 00007FF7F2E30000, based on PE: true
            • Associated: 00000000.00000002.556406944.00007FF7F2E30000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556542572.00007FF7F2E52000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556600117.00007FF7F2E62000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556612333.00007FF7F2E6C000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556633512.00007FF7F2E6E000.00000002.00020000.sdmp Download File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7ff7f2e30000_SnapshotLogExtractor.jbxd
            Similarity
            • API ID: ErrorFileLastMessageModuleName
            • String ID: Failed to convert executable path to UTF-8.$Failed to get executable path.$GetModuleFileNameW
            • API String ID: 2581892565-482168174
            • Opcode ID: dfaa1fa50d2dc30bc7fe7eabdcc38f4d84e73a159673484e45e9a546891871b1
            • Instruction ID: 3a30f3dfeb8db76a83ea02cba1e206839f76ba7b9c0928bd5180789e50ad17a7
            • Opcode Fuzzy Hash: dfaa1fa50d2dc30bc7fe7eabdcc38f4d84e73a159673484e45e9a546891871b1
            • Instruction Fuzzy Hash: A8017510B2C64280FB60BB20D81E3F5A691AF5CB85FE0003DD8AF852C6EE9DE904D660
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00007FF7F2E4E4BC, Relevance: 6.2, APIs: 4, Instructions: 160COMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.556431856.00007FF7F2E31000.00000020.00020000.sdmp, Offset: 00007FF7F2E30000, based on PE: true
            • Associated: 00000000.00000002.556406944.00007FF7F2E30000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556542572.00007FF7F2E52000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556600117.00007FF7F2E62000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556612333.00007FF7F2E6C000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556633512.00007FF7F2E6E000.00000002.00020000.sdmp Download File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7ff7f2e30000_SnapshotLogExtractor.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo$_get_daylight
            • String ID:
            • API String ID: 72036449-0
            • Opcode ID: ad6ab1d240ac3be4c8d74d4fbd7921b4538fd0ba7ddc245b587a443abca22dfa
            • Instruction ID: b2fb2d0c657c5296dcd5576b88f5850d14ca63d79fecaa0d5ab0ef0d6c5c5fed
            • Opcode Fuzzy Hash: ad6ab1d240ac3be4c8d74d4fbd7921b4538fd0ba7ddc245b587a443abca22dfa
            • Instruction Fuzzy Hash: 6A51B32AD0C24246F7657E78950D379EA80AB40714FBD403DD6BB966C2DAECE840C7E2
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00007FF7F2E45E50, Relevance: 6.1, APIs: 4, Instructions: 104COMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.556431856.00007FF7F2E31000.00000020.00020000.sdmp, Offset: 00007FF7F2E30000, based on PE: true
            • Associated: 00000000.00000002.556406944.00007FF7F2E30000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556542572.00007FF7F2E52000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556600117.00007FF7F2E62000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556612333.00007FF7F2E6C000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556633512.00007FF7F2E6E000.00000002.00020000.sdmp Download File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7ff7f2e30000_SnapshotLogExtractor.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo$ByteCharErrorLastMultiWide
            • String ID:
            • API String ID: 4141327611-0
            • Opcode ID: 80a68729d8a3de95cd5afe60105fe9cba21e6071c3e22e1d1c2c43ccff01c808
            • Instruction ID: cd6adbcc01f2453b9cfd159eb68b01e6382b235b3ce41fe90588c0546399a593
            • Opcode Fuzzy Hash: 80a68729d8a3de95cd5afe60105fe9cba21e6071c3e22e1d1c2c43ccff01c808
            • Instruction Fuzzy Hash: D141CC3591D78286FB61AB319048379E691EF60B90FB44138DAAF47AC5CFBCD841C7A1
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00007FF7F2E3F5DC, Relevance: 6.1, APIs: 4, Instructions: 94COMMON
            Download Yara Rule
            APIs
            • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,00007FF7F2E3F468,?,?,00000000,00007FF7F2E3F3DA,?,?,00000000,00007FF7F2E3F74D), ref: 00007FF7F2E3F617
            • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,00007FF7F2E3F468,?,?,00000000,00007FF7F2E3F3DA,?,?,00000000,00007FF7F2E3F74D), ref: 00007FF7F2E3F657
            • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,00007FF7F2E3F468,?,?,00000000,00007FF7F2E3F3DA,?,?,00000000,00007FF7F2E3F74D), ref: 00007FF7F2E3F69E
            • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,00007FF7F2E3F468,?,?,00000000,00007FF7F2E3F3DA,?,?,00000000,00007FF7F2E3F74D), ref: 00007FF7F2E3F6E5
            Memory Dump Source
            • Source File: 00000000.00000002.556431856.00007FF7F2E31000.00000020.00020000.sdmp, Offset: 00007FF7F2E30000, based on PE: true
            • Associated: 00000000.00000002.556406944.00007FF7F2E30000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556542572.00007FF7F2E52000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556600117.00007FF7F2E62000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556612333.00007FF7F2E6C000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556633512.00007FF7F2E6E000.00000002.00020000.sdmp Download File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7ff7f2e30000_SnapshotLogExtractor.jbxd
            Similarity
            • API ID: ByteCharMultiWide
            • String ID:
            • API String ID: 626452242-0
            • Opcode ID: f2acad1b211f1801ae237446f13ae43606a367cfde7a156ed3d813145eeb4714
            • Instruction ID: bbc1b3753c7eb69a50ff5a24cec37aafa794c2658c68a4ac2d7278ee77457b51
            • Opcode Fuzzy Hash: f2acad1b211f1801ae237446f13ae43606a367cfde7a156ed3d813145eeb4714
            • Instruction Fuzzy Hash: 0031B43261DB4181E720AF26A944169FAE4EF84BD0F64423DEAAE43BE5DF7CD401C794
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00007FF7F2E4A3D0, Relevance: 6.1, APIs: 4, Instructions: 74COMMON
            Download Yara Rule
            APIs
            • GetEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,00007FF7F2E4127F,?,?,?,00007FF7F2E411F2), ref: 00007FF7F2E4A3E9
            • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,00007FF7F2E4127F,?,?,?,00007FF7F2E411F2), ref: 00007FF7F2E4A44B
            • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,00007FF7F2E4127F,?,?,?,00007FF7F2E411F2), ref: 00007FF7F2E4A485
            • FreeEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,00007FF7F2E4127F,?,?,?,00007FF7F2E411F2), ref: 00007FF7F2E4A4AF
            Memory Dump Source
            • Source File: 00000000.00000002.556431856.00007FF7F2E31000.00000020.00020000.sdmp, Offset: 00007FF7F2E30000, based on PE: true
            • Associated: 00000000.00000002.556406944.00007FF7F2E30000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556542572.00007FF7F2E52000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556600117.00007FF7F2E62000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556612333.00007FF7F2E6C000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556633512.00007FF7F2E6E000.00000002.00020000.sdmp Download File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7ff7f2e30000_SnapshotLogExtractor.jbxd
            Similarity
            • API ID: ByteCharEnvironmentMultiStringsWide$Free
            • String ID:
            • API String ID: 1557788787-0
            • Opcode ID: fd91fbfe43ea2ffb5638dcdc25c64c1988bc4fff3d332679d5c4b2d8433816df
            • Instruction ID: 30f45fb0a228d206fdf6cef4d32f305aa2480ba6187eb082107ad57d059e7c23
            • Opcode Fuzzy Hash: fd91fbfe43ea2ffb5638dcdc25c64c1988bc4fff3d332679d5c4b2d8433816df
            • Instruction Fuzzy Hash: 76218425B1C79181D720AF22641802DE6A4BF44BE4BA84138DE6F67BD4DF7CE452C354
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00007FF7F2E46360, Relevance: 6.0, APIs: 4, Instructions: 43COMMONLIBRARYCODE
            Download Yara Rule
            APIs
            • GetLastError.KERNEL32(?,?,?,00007FF7F2E3BA1C,?,?,00000000,00007FF7F2E3D829), ref: 00007FF7F2E4636A
            • SetLastError.KERNEL32(?,?,?,00007FF7F2E3BA1C,?,?,00000000,00007FF7F2E3D829), ref: 00007FF7F2E463D2
            • SetLastError.KERNEL32(?,?,?,00007FF7F2E3BA1C,?,?,00000000,00007FF7F2E3D829), ref: 00007FF7F2E463E8
            • abort.LIBCMT ref: 00007FF7F2E463EE
            Memory Dump Source
            • Source File: 00000000.00000002.556431856.00007FF7F2E31000.00000020.00020000.sdmp, Offset: 00007FF7F2E30000, based on PE: true
            • Associated: 00000000.00000002.556406944.00007FF7F2E30000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556542572.00007FF7F2E52000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556600117.00007FF7F2E62000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556612333.00007FF7F2E6C000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556633512.00007FF7F2E6E000.00000002.00020000.sdmp Download File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7ff7f2e30000_SnapshotLogExtractor.jbxd
            Similarity
            • API ID: ErrorLast$abort
            • String ID:
            • API String ID: 1447195878-0
            • Opcode ID: 0c893727477cb7039da16e18d8ec5ec57da1c4d30161c90aa70de6030202bc61
            • Instruction ID: d7c833a55cb91cb6117a1a6c630381a6ebee084de7cb204bcedebcdbc5cbbe62
            • Opcode Fuzzy Hash: 0c893727477cb7039da16e18d8ec5ec57da1c4d30161c90aa70de6030202bc61
            • Instruction Fuzzy Hash: FD011728B0D68342FB597731A65E17D91525F84788FB4043CE93F46BC6EDADE841C2B0
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00007FF7F2E465C4, Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 245COMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.556431856.00007FF7F2E31000.00000020.00020000.sdmp, Offset: 00007FF7F2E30000, based on PE: true
            • Associated: 00000000.00000002.556406944.00007FF7F2E30000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556542572.00007FF7F2E52000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556600117.00007FF7F2E62000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556612333.00007FF7F2E6C000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556633512.00007FF7F2E6E000.00000002.00020000.sdmp Download File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7ff7f2e30000_SnapshotLogExtractor.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo
            • String ID: gfffffff
            • API String ID: 3215553584-1523873471
            • Opcode ID: 66c472a425cb1935e5e372b438466b212d37236135954523cc738c384c04f93a
            • Instruction ID: 561e8744e1f3272bdbdf57b7ee2fd7e573c6b14a1658260c2bd82de51953f56b
            • Opcode Fuzzy Hash: 66c472a425cb1935e5e372b438466b212d37236135954523cc738c384c04f93a
            • Instruction Fuzzy Hash: B091886AB0D38686EB11AF3591487B8EB94AB25BC0F648139CBAE073D5DE7CE501C351
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00007FF7F2E469F4, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 138COMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.556431856.00007FF7F2E31000.00000020.00020000.sdmp, Offset: 00007FF7F2E30000, based on PE: true
            • Associated: 00000000.00000002.556406944.00007FF7F2E30000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556542572.00007FF7F2E52000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556600117.00007FF7F2E62000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556612333.00007FF7F2E6C000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556633512.00007FF7F2E6E000.00000002.00020000.sdmp Download File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7ff7f2e30000_SnapshotLogExtractor.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo
            • String ID: e+000$gfff
            • API String ID: 3215553584-3030954782
            • Opcode ID: d730ae8245c47a7dc86f14770cb924a9955f92f57c2da11a11c2e8f005c031f3
            • Instruction ID: e06ceee858abd8156a54926c43017b07fecb851a73d1b2e9d4795c504c6cbed8
            • Opcode Fuzzy Hash: d730ae8245c47a7dc86f14770cb924a9955f92f57c2da11a11c2e8f005c031f3
            • Instruction Fuzzy Hash: EC518966B1C7C146EB249F349844369AB91E780B90F98C23AC7AE47BC6CF6CE440C750
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00007FF7F2E41058, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 106COMMONLIBRARYCODE
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.556431856.00007FF7F2E31000.00000020.00020000.sdmp, Offset: 00007FF7F2E30000, based on PE: true
            • Associated: 00000000.00000002.556406944.00007FF7F2E30000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556542572.00007FF7F2E52000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556600117.00007FF7F2E62000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556612333.00007FF7F2E6C000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556633512.00007FF7F2E6E000.00000002.00020000.sdmp Download File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7ff7f2e30000_SnapshotLogExtractor.jbxd
            Similarity
            • API ID: FileModuleName_invalid_parameter_noinfo
            • String ID: C:\Users\user\Desktop\SnapshotLogExtractor.exe
            • API String ID: 3307058713-412744273
            • Opcode ID: 95a134420a9d0057a9b72d4abe5f1e6aa5f71c69a4a8eb08396591777f4f70fc
            • Instruction ID: 74b35d3f9f12b74c9f12efd57910b8b84464ec4c58403977fa0e7bdca18085e9
            • Opcode Fuzzy Hash: 95a134420a9d0057a9b72d4abe5f1e6aa5f71c69a4a8eb08396591777f4f70fc
            • Instruction Fuzzy Hash: 1C41953AA1D65285EB14EF31D8480B9A7A4EF44B94BA44039E91F47BC5DFBDE441C3A0
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00007FF7F2E44420, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70COMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.556431856.00007FF7F2E31000.00000020.00020000.sdmp, Offset: 00007FF7F2E30000, based on PE: true
            • Associated: 00000000.00000002.556406944.00007FF7F2E30000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556542572.00007FF7F2E52000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556600117.00007FF7F2E62000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556612333.00007FF7F2E6C000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556633512.00007FF7F2E6E000.00000002.00020000.sdmp Download File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7ff7f2e30000_SnapshotLogExtractor.jbxd
            Similarity
            • API ID: FileHandleType
            • String ID: @
            • API String ID: 3000768030-2766056989
            • Opcode ID: 4e2f2a84546a4a169d0ada5735b2f598dfdda33726aba945dbe6025f1f092722
            • Instruction ID: d7ff227a36d41537d6decc17454bbd0e978841821a7d3e43f5a0d189ba56de19
            • Opcode Fuzzy Hash: 4e2f2a84546a4a169d0ada5735b2f598dfdda33726aba945dbe6025f1f092722
            • Instruction Fuzzy Hash: EA218426B1C68242EBA09B349498139A650FB45774FF81339D67F067D8CE7CD886D3A1
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00007FF7F2E472C4, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 68COMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.556431856.00007FF7F2E31000.00000020.00020000.sdmp, Offset: 00007FF7F2E30000, based on PE: true
            • Associated: 00000000.00000002.556406944.00007FF7F2E30000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556542572.00007FF7F2E52000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556600117.00007FF7F2E62000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556612333.00007FF7F2E6C000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556633512.00007FF7F2E6E000.00000002.00020000.sdmp Download File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7ff7f2e30000_SnapshotLogExtractor.jbxd
            Similarity
            • API ID: CurrentDirectory
            • String ID: :
            • API String ID: 1611563598-336475711
            • Opcode ID: a3bf9a1bd3807da291715e7e43a286c367fa482fe7a73ce7773c0d2fd2db7c06
            • Instruction ID: b6b36e5a1a566004e2fe09268e6650def0ab26d77586400c57e206e9adbdd966
            • Opcode Fuzzy Hash: a3bf9a1bd3807da291715e7e43a286c367fa482fe7a73ce7773c0d2fd2db7c06
            • Instruction Fuzzy Hash: 60217869A0C642C1E760AB21904C27DE3A1EB84B48FE58139DE9E476C4DFBCD951C7E1
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00007FF7F2E31BD0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55windowCOMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.556431856.00007FF7F2E31000.00000020.00020000.sdmp, Offset: 00007FF7F2E30000, based on PE: true
            • Associated: 00000000.00000002.556406944.00007FF7F2E30000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556542572.00007FF7F2E52000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556600117.00007FF7F2E62000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556612333.00007FF7F2E6C000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556633512.00007FF7F2E6E000.00000002.00020000.sdmp Download File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7ff7f2e30000_SnapshotLogExtractor.jbxd
            Similarity
            • API ID: Message$ByteCharMultiWide_invalid_parameter_noinfo
            • String ID: Fatal error detected
            • API String ID: 2686647306-4025702859
            • Opcode ID: 74da7a2d27f734b005270da884e0af1470270de9466eccb5a70784e370bd6472
            • Instruction ID: bd4817b75ec82b25056e58c386ac68788f7f6849258dfe67f7f3e19d54545e69
            • Opcode Fuzzy Hash: 74da7a2d27f734b005270da884e0af1470270de9466eccb5a70784e370bd6472
            • Instruction Fuzzy Hash: EA21D87262CA8281E720E710F4557EAA754FB84B88FD04039EA9E476D5DF7CD605CBA0
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00007FF7F2E31CE0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55windowCOMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.556431856.00007FF7F2E31000.00000020.00020000.sdmp, Offset: 00007FF7F2E30000, based on PE: true
            • Associated: 00000000.00000002.556406944.00007FF7F2E30000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556542572.00007FF7F2E52000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556600117.00007FF7F2E62000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556612333.00007FF7F2E6C000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556633512.00007FF7F2E6E000.00000002.00020000.sdmp Download File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7ff7f2e30000_SnapshotLogExtractor.jbxd
            Similarity
            • API ID: Message$ByteCharMultiWide_invalid_parameter_noinfo
            • String ID: Error detected
            • API String ID: 2686647306-3513342764
            • Opcode ID: 37e31fc7551577dd707c19bf6c0475394a08eb4e450fd722fb1349c8abbc5135
            • Instruction ID: 31622413d93368d7ad42de6411c0f824bf2e6fe79c8c2496070007fd5e416656
            • Opcode Fuzzy Hash: 37e31fc7551577dd707c19bf6c0475394a08eb4e450fd722fb1349c8abbc5135
            • Instruction Fuzzy Hash: E421C77262C68281E720AB10F4557EAA754FB88B84FD04039EA9F476D5DF7CD605C7A0
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00007FF7F2E47DD4, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.556431856.00007FF7F2E31000.00000020.00020000.sdmp, Offset: 00007FF7F2E30000, based on PE: true
            • Associated: 00000000.00000002.556406944.00007FF7F2E30000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556542572.00007FF7F2E52000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.556600117.00007FF7F2E62000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556612333.00007FF7F2E6C000.00000004.00020000.sdmp Download File
            • Associated: 00000000.00000002.556633512.00007FF7F2E6E000.00000002.00020000.sdmp Download File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7ff7f2e30000_SnapshotLogExtractor.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo
            • String ID: :
            • API String ID: 3215553584-336475711
            • Opcode ID: 49e5dcc3153941c757dbd2095c53dbf48cb5f2dafa6972471d6d738e358acafd
            • Instruction ID: 85a2fc3b549bf70d332dabaac3124bc6b1ee74cdbfe7cf453bd3cb2d54d50e11
            • Opcode Fuzzy Hash: 49e5dcc3153941c757dbd2095c53dbf48cb5f2dafa6972471d6d738e358acafd
            • Instruction Fuzzy Hash: 7E01DF2291C242C1FB20BBA0941A2AAA7A0EF44704FE0053DD56F466C5DFBCE950CAA5
            Uniqueness

            Uniqueness Score: -1.00%