Automated Malware Analysis Management Report for install.exe

Overview

General Information

Sample Name:	install.exe
Analysis ID:	652527
MD5:	abc7a9c5b732b72a8f47fd85ee638c09
SHA1:	9876415085f95c02d6bcea9b1fc990d5b5c50d1c
SHA256:	d9ebb6958afcd1907651487062108ec56a2af9eb935f2437156584081cb56b2f
Infos:

Detection

Score:	76
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for submitted file

Multi AV Scanner detection for domain / URL

Snort IDS alert for network traffic

Yara detected Generic Downloader

Uses 32bit PE files

PE file does not import any functions

Sample file is different than original file name gathered from version info

PE file contains strange resources

Drops PE files

Contains functionality to shutdown / reboot the system

PE file contains sections with non-standard names

Detected potential crypto function

Found dropped PE file which has not been started or loaded

Contains functionality for read data from the clipboard

Classification

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: install.exe

Avira: detected

Multi AV Scanner detection for submitted file

Source: install.exe	Virustotal: Detection: 34%			Perma Link
Source: install.exe	ReversingLabs: Detection: 54%

Multi AV Scanner detection for domain / URL

Source: wjecpujpanmwm.tk

Virustotal: Detection: 8%

Perma Link

Uses 32bit PE files

Source: install.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: C:\Users\user\Desktop\install.exe	File created: C:\Program Files (x86)\WinSoft Update Service\LICENSE.txt	Jump to behavior
Source: C:\Users\user\Desktop\install.exe	File created: C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\adodbapi\license.txt	Jump to behavior
Source: C:\Users\user\Desktop\install.exe	File created: C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\adodbapi\readme.txt	Jump to behavior
Source: C:\Users\user\Desktop\install.exe	File created: C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\isapi\README.txt	Jump to behavior
Source: C:\Users\user\Desktop\install.exe	File created: C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\isapi\samples\README.txt	Jump to behavior
Source: C:\Users\user\Desktop\install.exe	File created: C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\isapi\test\README.txt	Jump to behavior

Source: install.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: MFCM140U.i386.pdb source: install.exe, 00000000.00000002.512794788.000000000292B000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\A\18\s\PCbuild\win32\_socket.pdb source: _socket.pyd.0.dr
Source:	Binary string: C:\src\pywin32\build\temp.win32-3.7\Release\pythoncom.pdb},# source: install.exe, 00000000.00000002.512794788.000000000292B000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: api-ms-win-crt-conio-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: api-ms-win-crt-stdio-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-core-localization-l1-2-0.pdb source: api-ms-win-core-localization-l1-2-0.dll.0.dr
Source:	Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PICOpenSSL 1.1.1g 21 Apr 2020built on: Fri Jun 12 19:53:43 2020 UTCplatform: VC-WIN32OPENSSLDIR: "C:\Program Files (x86)\Common Files\SSL"ENGINESDIR: "C:\Program Files (x86)\OpenSSL\lib\engines-1_1"not available source: libcrypto-1_1.dll.0.dr
Source:	Binary string: debugger_parent=pdb.Pdb source: install.exe, 00000000.00000002.512794788.000000000292B000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\src\pywin32\build\temp.win32-3.7\Release\win32ui.pdbP source: install.exe, 00000000.00000002.512794788.000000000292B000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\src\pywin32\build\temp.win32-3.7\Release\pywintypes.pdb+ source: install.exe, 00000000.00000002.512794788.000000000292B000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\A\18\s\PCbuild\win32\_overlapped.pdb source: _overlapped.pyd.0.dr
Source:	Binary string: C:\A\6\b\libcrypto-1_1.pdb source: libcrypto-1_1.dll.0.dr
Source:	Binary string: API-MS-Win-Core-LibraryLoader-L1-1-0.pdb3 source: api-ms-win-core-libraryloader-l1-1-0.dll.0.dr
Source:	Binary string: C:\A\18\s\PCbuild\win32\python37.pdb source: python37.dll.0.dr
Source:	Binary string: api-ms-win-crt-process-l1-1-0.pdb source: api-ms-win-crt-process-l1-1-0.dll.0.dr
Source:	Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC source: libcrypto-1_1.dll.0.dr
Source:	Binary string: C:\A\6\b\libssl-1_1.pdb@@ source: libssl-1_1.dll.0.dr
Source:	Binary string: API-MS-Win-Core-LibraryLoader-L1-1-0.pdb source: api-ms-win-core-libraryloader-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: api-ms-win-crt-convert-l1-1-0.dll.0.dr
Source:	Binary string: C:\A\6\b\libssl-1_1.pdb source: libssl-1_1.dll.0.dr
Source:	Binary string: C:\src\pywin32\build\temp.win32-3.7\Release\win32uiole.pdb source: install.exe, 00000000.00000002.512794788.000000000292B000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: f:\binaries.x86ret\bin\i386\mfc140u.i386.pdb.Z& source: mfc140u.dll.0.dr
Source:	Binary string: C:\src\pywin32\build\temp.win32-3.7\Release\pywintypes.pdb source: install.exe, 00000000.00000002.512794788.000000000292B000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: f:\binaries.x86ret\bin\i386\mfc140u.i386.pdb source: install.exe, 00000000.00000002.512361229.00000000027D2000.00000004.00000800.00020000.00000000.sdmp, mfc140u.dll.0.dr
Source:	Binary string: C:\src\pywin32\build\temp.win32-3.7\Release\pythoncom.pdb source: install.exe, 00000000.00000002.512794788.000000000292B000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\src\pywin32\build\temp.win32-3.7\Release\win32uiole.pdb,&" source: install.exe, 00000000.00000002.512794788.000000000292B000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\src\pywin32\build\temp.win32-3.7\Release\win32ui.pdb source: install.exe, 00000000.00000002.512794788.000000000292B000.00000004.00000800.00020000.00000000.sdmp

Source: C:\Users\user\Desktop\install.exe	Code function: 0_2_0040689A FindFirstFileW,FindClose,	0_2_0040689A
Source: C:\Users\user\Desktop\install.exe	Code function: 0_2_00405C4E CloseHandle,GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,	0_2_00405C4E
Source: C:\Users\user\Desktop\install.exe	Code function: 0_2_00402902 FindFirstFileW,	0_2_00402902

Source: C:\Users\user\Desktop\install.exe	File opened: C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\	Jump to behavior
Source: C:\Users\user\Desktop\install.exe	File opened: C:\Program Files (x86)\WinSoft Update Service\	Jump to behavior
Source: C:\Users\user\Desktop\install.exe	File opened: C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages	Jump to behavior
Source: C:\Users\user\Desktop\install.exe	File opened: C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\_distutils_hack\	Jump to behavior
Source: C:\Users\user\Desktop\install.exe	File opened: C:\Program Files (x86)\WinSoft Update Service\Lib	Jump to behavior
Source: C:\Users\user\Desktop\install.exe	File opened: C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\_distutils_hack	Jump to behavior

Networking

Snort IDS alert for network traffic

Source: Traffic

Snort IDS: 2012811 ET DNS Query to a .tk domain - Likely Hostile 192.168.2.3:62724 -> 8.8.8.8:53

Yara detected Generic Downloader

Source: Yara match

File source: 0.2.install.exe.2985f11.2.raw.unpack, type: UNPACKEDPE

Source: install.exe, 00000000.00000002.512794788.000000000292B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://.../back.jpeg
Source: tcl86t.dll.0.dr	String found in binary or memory: http://aia.startssl.com/certs/ca.crt0
Source: tcl86t.dll.0.dr	String found in binary or memory: http://aia.startssl.com/certs/sca.code3.crt06
Source: install.exe, 00000000.00000002.512794788.000000000292B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://aka.ms/vcpython27
Source: install.exe, 00000000.00000002.512794788.000000000292B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://bit.ly/2hrImnY
Source: contextlib2.py.0.dr	String found in binary or memory: http://bugs.python.org/issue12029
Source: install.exe, 00000000.00000002.512794788.000000000292B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://bugs.python.org/issue12885)
Source: contextlib2.py.0.dr	String found in binary or memory: http://bugs.python.org/issue13585
Source: contextlib2.py.0.dr	String found in binary or memory: http://bugs.python.org/issue19404
Source: install.exe, 00000000.00000002.512794788.000000000292B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://bugs.python.org/issue7776:
Source: install.exe, 00000000.00000002.512794788.000000000292B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://bugs.python.org/issue7833
Source: libssl-1_1.dll.0.dr, _overlapped.pyd.0.dr, libcrypto-1_1.dll.0.dr, _socket.pyd.0.dr, python37.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: libssl-1_1.dll.0.dr, _overlapped.pyd.0.dr, libcrypto-1_1.dll.0.dr, _socket.pyd.0.dr, python37.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: tcl86t.dll.0.dr	String found in binary or memory: http://crl.startssl.com/sca-code3.crl0#
Source: tcl86t.dll.0.dr	String found in binary or memory: http://crl.startssl.com/sfsca.crl0f
Source: libssl-1_1.dll.0.dr, tcl86t.dll.0.dr, _overlapped.pyd.0.dr, libcrypto-1_1.dll.0.dr, _socket.pyd.0.dr, python37.dll.0.dr	String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: libssl-1_1.dll.0.dr, _overlapped.pyd.0.dr, libcrypto-1_1.dll.0.dr, _socket.pyd.0.dr, python37.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: libssl-1_1.dll.0.dr, _overlapped.pyd.0.dr, libcrypto-1_1.dll.0.dr, _socket.pyd.0.dr, python37.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: libssl-1_1.dll.0.dr, _overlapped.pyd.0.dr, libcrypto-1_1.dll.0.dr, _socket.pyd.0.dr, python37.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: libssl-1_1.dll.0.dr, _overlapped.pyd.0.dr, libcrypto-1_1.dll.0.dr, _socket.pyd.0.dr, python37.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: install.exe, 00000000.00000002.512794788.000000000292B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://domain.tld/path/to/resource
Source: install.exe, 00000000.00000002.512794788.000000000292B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://host.name
Source: install.exe	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: libssl-1_1.dll.0.dr, _overlapped.pyd.0.dr, libcrypto-1_1.dll.0.dr, _socket.pyd.0.dr, python37.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: libssl-1_1.dll.0.dr, _overlapped.pyd.0.dr, libcrypto-1_1.dll.0.dr, _socket.pyd.0.dr, python37.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0N
Source: tcl86t.dll.0.dr	String found in binary or memory: http://ocsp.startssl.com00
Source: tcl86t.dll.0.dr	String found in binary or memory: http://ocsp.startssl.com07
Source: libssl-1_1.dll.0.dr, tcl86t.dll.0.dr, _overlapped.pyd.0.dr, libcrypto-1_1.dll.0.dr, _socket.pyd.0.dr, python37.dll.0.dr	String found in binary or memory: http://ocsp.thawte.com0
Source: install.exe, 00000000.00000002.512794788.000000000292B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://pages.cpsc.ucalgary.ca/~saul/vb_examples/tutorial12/
Source: python37.dll.0.dr	String found in binary or memory: http://python.org/dev/peps/pep-0263/
Source: install.exe, 00000000.00000002.512794788.000000000292B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://sources.redhat.com/ml/cygwin/2000-06/msg01274.html
Source: install.exe, 00000000.00000002.512794788.000000000292B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://stackoverflow.com/questions/19622133/
Source: install.exe, 00000000.00000002.512794788.000000000292B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://starship.python.net/crew/kernr/mingw32/Notes.html
Source: libssl-1_1.dll.0.dr, tcl86t.dll.0.dr, _overlapped.pyd.0.dr, libcrypto-1_1.dll.0.dr, _socket.pyd.0.dr, python37.dll.0.dr	String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: libssl-1_1.dll.0.dr, tcl86t.dll.0.dr, _overlapped.pyd.0.dr, libcrypto-1_1.dll.0.dr, _socket.pyd.0.dr, python37.dll.0.dr	String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: libssl-1_1.dll.0.dr, tcl86t.dll.0.dr, _overlapped.pyd.0.dr, libcrypto-1_1.dll.0.dr, _socket.pyd.0.dr, python37.dll.0.dr	String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: install.exe, 00000000.00000002.512794788.000000000292B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/
Source: distro.py.0.dr	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: distro.py.0.dr	String found in binary or memory: http://www.freedesktop.org/software/systemd/man/os-release.html
Source: chardistribution.py.0.dr, chardistribution.py0.0.dr	String found in binary or memory: http://www.mozilla.org/projects/intl/UniversalCharsetDetection.html
Source: install.exe, 00000000.00000002.512794788.000000000292B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.python.org
Source: install.exe, 00000000.00000002.512018798.000000000040C000.00000004.00000001.01000000.00000003.sdmp, install.exe, 00000000.00000002.512794788.000000000292B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.scintilla.org)
Source: tcl86t.dll.0.dr	String found in binary or memory: http://www.startssl.com/0P
Source: tcl86t.dll.0.dr	String found in binary or memory: http://www.startssl.com/policy0
Source: install.exe, 00000000.00000002.512794788.000000000292B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://../package_name-0.1.2.tar.gz
Source: install.exe, 00000000.00000002.512794788.000000000292B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://../package_name-0.1.2.tar.gz?tokena=A&tokenb=B
Source: install.exe, 00000000.00000002.512794788.000000000292B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.github.com/user
Source: distro.py.0.dr	String found in binary or memory: https://bugs.python.org/issue1322
Source: compat.py1.0.dr	String found in binary or memory: https://bugs.python.org/issue14768
Source: logging.py.0.dr	String found in binary or memory: https://bugs.python.org/issue19612
Source: install.exe, 00000000.00000002.512794788.000000000292B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugs.python.org/issue20164
Source: logging.py.0.dr	String found in binary or memory: https://bugs.python.org/issue30418
Source: pyparsing.py.0.dr	String found in binary or memory: https://docs.python.org/3/library/pprint.html
Source: pyparsing.py.0.dr	String found in binary or memory: https://docs.python.org/3/library/pprint.html#pprint.pprint
Source: pyparsing.py.0.dr	String found in binary or memory: https://docs.python.org/3/library/re.html
Source: pyparsing.py.0.dr	String found in binary or memory: https://docs.python.org/3/library/re.html#re.sub
Source: install.exe, 00000000.00000002.512794788.000000000292B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mhammond/pywin32
Source: distro.py.0.dr	String found in binary or memory: https://github.com/nir0s/distro/issues/162
Source: install.exe, 00000000.00000002.512794788.000000000292B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/psf/requests
Source: install.exe, 00000000.00000002.512794788.000000000292B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/psf/requests/graphs/contributors)
Source: install.exe, 00000000.00000002.512794788.000000000292B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/psf/requests/issues/1084
Source: install.exe, 00000000.00000002.512794788.000000000292B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/psf/requests/issues/1846
Source: install.exe, 00000000.00000002.512794788.000000000292B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/psf/requests/issues/3490
Source: install.exe, 00000000.00000002.512794788.000000000292B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/psf/requests/issues/3578.
Source: install.exe, 00000000.00000002.512794788.000000000292B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/psf/requests/network/dependents?package_id=UGFja2FnZS01NzA4OTExNg%3D%3D)
Source: install.exe, 00000000.00000002.512794788.000000000292B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/psf/requests/pull/2238
Source: spinners.py.0.dr	String found in binary or memory: https://github.com/pypa/pip/issues/3418
Source: install.py0.0.dr	String found in binary or memory: https://github.com/pypa/pip/issues/new
Source: prepare.py.0.dr	String found in binary or memory: https://github.com/pypa/pip/pull/6770
Source: compat.py1.0.dr	String found in binary or memory: https://github.com/pypa/pip/pull/935#discussion_r5307003
Source: install.exe, 00000000.00000002.512794788.000000000292B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/pypa/setuptools/issues/1024.
Source: pyparsing.py.0.dr	String found in binary or memory: https://github.com/pyparsing/pyparsing/wiki
Source: logging.py.0.dr	String found in binary or memory: https://github.com/python/mypy/issues/1297
Source: logging.py.0.dr	String found in binary or memory: https://github.com/python/mypy/issues/3500
Source: install.exe, 00000000.00000002.512794788.000000000292B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://httpbin.org/get
Source: install.exe, 00000000.00000002.512794788.000000000292B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://httpbin.org/post
Source: install.exe, 00000000.00000002.512794788.000000000292B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://img.shields.io/github/contributors/psf/requests.svg)
Source: install.exe, 00000000.00000002.512794788.000000000292B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://img.shields.io/pypi/pyversions/requests.svg)
Source: install.exe, 00000000.00000002.512794788.000000000292B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://kennethreitz.org)
Source: install.exe, 00000000.00000002.512794788.000000000292B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pepy.tech/badge/requests/month)
Source: install.exe, 00000000.00000002.512794788.000000000292B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pepy.tech/project/requests/month)
Source: install.exe, 00000000.00000002.512794788.000000000292B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pypi.org/project/requests)
Source: install.exe, 00000000.00000002.512794788.000000000292B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pypi.org/simple/
Source: install.exe, 00000000.00000002.512794788.000000000292B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://raw.githubusercontent.com/psf/requests/master/ext/kr.png)
Source: install.exe, 00000000.00000002.512794788.000000000292B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://raw.githubusercontent.com/psf/requests/master/ext/psf.png)
Source: install.exe, 00000000.00000002.512794788.000000000292B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://raw.githubusercontent.com/psf/requests/master/ext/ss.png)
Source: install.exe, 00000000.00000002.512794788.000000000292B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://requests.readthedocs.io
Source: install.exe, 00000000.00000002.512794788.000000000292B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://requests.readthedocs.io)
Source: pyparsing.py.0.dr	String found in binary or memory: https://stackoverflow.com/questions/267399/how-do-you-match-only-valid-roman-numerals-with-a-regular
Source: install.exe, 00000000.00000002.512794788.000000000292B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/questions/45138084/pythonwin-occasionally-gives-an-error-on-opening
Source: install.exe, 00000000.00000002.512794788.000000000292B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc6125#section-6.4.3
Source: install.exe, 00000000.00000002.512794788.000000000292B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc7231#section-6.4.4
Source: install.exe, 00000000.00000002.512794788.000000000292B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://upload.pypi.org/legacy/
Source: cacert.pem0.0.dr	String found in binary or memory: https://www.catcert.net/verarrel
Source: libssl-1_1.dll.0.dr, _overlapped.pyd.0.dr, libcrypto-1_1.dll.0.dr, _socket.pyd.0.dr, python37.dll.0.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: install.exe, 00000000.00000002.512794788.000000000292B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ietf.org/rfc/rfc4627.txt
Source: libssl-1_1.dll.0.dr, libcrypto-1_1.dll.0.dr	String found in binary or memory: https://www.openssl.org/H
Source: install.exe, 00000000.00000002.512794788.000000000292B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.python.org
Source: install.exe, 00000000.00000002.512794788.000000000292B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.python.org/psf)

Source: unknown

DNS traffic detected: queries for: google.com

Contains functionality for read data from the clipboard

Source: C:\Users\user\Desktop\install.exe

Code function: 0_2_004056E3 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,

0_2_004056E3

Uses 32bit PE files

Source: install.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

PE file does not import any functions

Source: api-ms-win-core-processenvironment-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-interlocked-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-util-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-stdio-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-errorhandling-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-console-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-process-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-timezone-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-file-l2-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-debug-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-string-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-handle-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-2-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-profile-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-localization-l1-2-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-datetime-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-math-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-locale-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-time-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-1.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-utility-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-namedpipe-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-filesystem-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-multibyte-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-rtlsupport-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-conio-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-heap-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-convert-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-runtime-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-string-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-2-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-memory-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-sysinfo-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-libraryloader-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: python3.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-heap-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-environment-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found

Sample file is different than original file name gathered from version info

Source: install.exe, 00000000.00000002.512794788.000000000292B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMFC140U.DLL^ vs install.exe
Source: install.exe, 00000000.00000002.512794788.000000000292B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMFCM140U.DLL^ vs install.exe
Source: install.exe, 00000000.00000002.512794788.000000000292B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameScintilla.DLL4 vs install.exe
Source: install.exe, 00000000.00000002.512794788.000000000292B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamewin32ui.pyd0 vs install.exe
Source: install.exe, 00000000.00000002.512794788.000000000292B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamewin32uiole.pyd0 vs install.exe
Source: install.exe, 00000000.00000002.512794788.000000000292B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamepythoncom37.dll0 vs install.exe
Source: install.exe, 00000000.00000002.512794788.000000000292B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamepywintypes37.dll0 vs install.exe

PE file contains strange resources

Source: install.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: install.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: install.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: mfc140u.dll.0.dr	Static PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
Source: mfc140u.dll.0.dr	Static PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
Source: mfc140u.dll.0.dr	Static PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
Source: mfc140u.dll.0.dr	Static PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
Source: mfc140u.dll.0.dr	Static PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
Source: mfc140u.dll.0.dr	Static PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
Source: mfc140u.dll.0.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: mfc140u.dll.0.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: mfc140u.dll.0.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: mfc140u.dll.0.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: mfc140u.dll.0.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: mfc140u.dll.0.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: mfc140u.dll.0.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: python.exe.0.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: python.exe.0.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: pythonw.exe.0.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: pythonw.exe.0.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: tk86t.dll.0.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: tk86t.dll.0.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: tk86t.dll.0.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST

Contains functionality to shutdown / reboot the system

Source: C:\Users\user\Desktop\install.exe

Code function: 0_2_004035D8 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,

0_2_004035D8

Detected potential crypto function

Source: C:\Users\user\Desktop\install.exe

Code function: 0_2_00406C5B

0_2_00406C5B

Source: install.exe	Virustotal: Detection: 34%
Source: install.exe	ReversingLabs: Detection: 54%

Source: C:\Users\user\Desktop\install.exe

File read: C:\Users\user\Desktop\install.exe

Jump to behavior

Source: install.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\install.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\Desktop\install.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\install.exe

0_2_004035D8

Source: C:\Users\user\Desktop\install.exe

File created: C:\Program Files (x86)\WinSoft Update Service

Jump to behavior

Source: C:\Users\user\Desktop\install.exe

File created: C:\Users\user\AppData\Local\Temp\nsa5DBC.tmp

Jump to behavior

Source: classification engine

Classification label: mal76.troj.winEXE@1/382@4/0

Source: C:\Users\user\Desktop\install.exe

Code function: 0_2_004021A2 CoCreateInstance,

0_2_004021A2

Source: C:\Users\user\Desktop\install.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\install.exe

Code function: 0_2_00404983 GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,

0_2_00404983

Source: install.exe

Static file information: File size 18595672 > 1048576

Source: install.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: MFCM140U.i386.pdb source: install.exe, 00000000.00000002.512794788.000000000292B000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\A\18\s\PCbuild\win32\_socket.pdb source: _socket.pyd.0.dr
Source:	Binary string: C:\src\pywin32\build\temp.win32-3.7\Release\pythoncom.pdb},# source: install.exe, 00000000.00000002.512794788.000000000292B000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: api-ms-win-crt-conio-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: api-ms-win-crt-stdio-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-core-localization-l1-2-0.pdb source: api-ms-win-core-localization-l1-2-0.dll.0.dr
Source:	Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PICOpenSSL 1.1.1g 21 Apr 2020built on: Fri Jun 12 19:53:43 2020 UTCplatform: VC-WIN32OPENSSLDIR: "C:\Program Files (x86)\Common Files\SSL"ENGINESDIR: "C:\Program Files (x86)\OpenSSL\lib\engines-1_1"not available source: libcrypto-1_1.dll.0.dr
Source:	Binary string: debugger_parent=pdb.Pdb source: install.exe, 00000000.00000002.512794788.000000000292B000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\src\pywin32\build\temp.win32-3.7\Release\win32ui.pdbP source: install.exe, 00000000.00000002.512794788.000000000292B000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\src\pywin32\build\temp.win32-3.7\Release\pywintypes.pdb+ source: install.exe, 00000000.00000002.512794788.000000000292B000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\A\18\s\PCbuild\win32\_overlapped.pdb source: _overlapped.pyd.0.dr
Source:	Binary string: C:\A\6\b\libcrypto-1_1.pdb source: libcrypto-1_1.dll.0.dr
Source:	Binary string: API-MS-Win-Core-LibraryLoader-L1-1-0.pdb3 source: api-ms-win-core-libraryloader-l1-1-0.dll.0.dr
Source:	Binary string: C:\A\18\s\PCbuild\win32\python37.pdb source: python37.dll.0.dr
Source:	Binary string: api-ms-win-crt-process-l1-1-0.pdb source: api-ms-win-crt-process-l1-1-0.dll.0.dr
Source:	Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC source: libcrypto-1_1.dll.0.dr
Source:	Binary string: C:\A\6\b\libssl-1_1.pdb@@ source: libssl-1_1.dll.0.dr
Source:	Binary string: API-MS-Win-Core-LibraryLoader-L1-1-0.pdb source: api-ms-win-core-libraryloader-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: api-ms-win-crt-convert-l1-1-0.dll.0.dr
Source:	Binary string: C:\A\6\b\libssl-1_1.pdb source: libssl-1_1.dll.0.dr
Source:	Binary string: C:\src\pywin32\build\temp.win32-3.7\Release\win32uiole.pdb source: install.exe, 00000000.00000002.512794788.000000000292B000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: f:\binaries.x86ret\bin\i386\mfc140u.i386.pdb.Z& source: mfc140u.dll.0.dr
Source:	Binary string: C:\src\pywin32\build\temp.win32-3.7\Release\pywintypes.pdb source: install.exe, 00000000.00000002.512794788.000000000292B000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: f:\binaries.x86ret\bin\i386\mfc140u.i386.pdb source: install.exe, 00000000.00000002.512361229.00000000027D2000.00000004.00000800.00020000.00000000.sdmp, mfc140u.dll.0.dr
Source:	Binary string: C:\src\pywin32\build\temp.win32-3.7\Release\pythoncom.pdb source: install.exe, 00000000.00000002.512794788.000000000292B000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\src\pywin32\build\temp.win32-3.7\Release\win32uiole.pdb,&" source: install.exe, 00000000.00000002.512794788.000000000292B000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\src\pywin32\build\temp.win32-3.7\Release\win32ui.pdb source: install.exe, 00000000.00000002.512794788.000000000292B000.00000004.00000800.00020000.00000000.sdmp

PE file contains sections with non-standard names

Source: libcrypto-1_1.dll.0.dr	Static PE information: section name: .00cfg
Source: libssl-1_1.dll.0.dr	Static PE information: section name: .00cfg
Source: vcruntime140.dll.0.dr	Static PE information: section name: _RDATA

Drops PE files

Source: C:\Users\user\Desktop\install.exe	File created: C:\Program Files (x86)\WinSoft Update Service\api-ms-win-core-profile-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	File created: C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\isapi\PyISAPI_loader.dll	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	File created: C:\Program Files (x86)\WinSoft Update Service\_hashlib.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	File created: C:\Program Files (x86)\WinSoft Update Service\python.exe	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	File created: C:\Program Files (x86)\WinSoft Update Service\api-ms-win-crt-process-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	File created: C:\Program Files (x86)\WinSoft Update Service\api-ms-win-core-sysinfo-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	File created: C:\Program Files (x86)\WinSoft Update Service\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	File created: C:\Program Files (x86)\WinSoft Update Service\mfc140u.dll	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	File created: C:\Program Files (x86)\WinSoft Update Service\api-ms-win-crt-time-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	File created: C:\Program Files (x86)\WinSoft Update Service\_asyncio.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	File created: C:\Program Files (x86)\WinSoft Update Service\api-ms-win-core-timezone-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	File created: C:\Program Files (x86)\WinSoft Update Service\winsound.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	File created: C:\Program Files (x86)\WinSoft Update Service\api-ms-win-core-string-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	File created: C:\Program Files (x86)\WinSoft Update Service\pyexpat.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	File created: C:\Program Files (x86)\WinSoft Update Service\api-ms-win-crt-locale-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	File created: C:\Program Files (x86)\WinSoft Update Service\_multiprocessing.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	File created: C:\Program Files (x86)\WinSoft Update Service\python3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	File created: C:\Program Files (x86)\WinSoft Update Service\api-ms-win-crt-conio-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	File created: C:\Program Files (x86)\WinSoft Update Service\_overlapped.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	File created: C:\Program Files (x86)\WinSoft Update Service\_tkinter.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	File created: C:\Program Files (x86)\WinSoft Update Service\api-ms-win-core-handle-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	File created: C:\Program Files (x86)\WinSoft Update Service\api-ms-win-core-file-l2-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	File created: C:\Program Files (x86)\WinSoft Update Service\api-ms-win-crt-string-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	File created: C:\Program Files (x86)\WinSoft Update Service\api-ms-win-crt-runtime-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	File created: C:\Program Files (x86)\WinSoft Update Service\ucrtbase.dll	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	File created: C:\Program Files (x86)\WinSoft Update Service\_decimal.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	File created: C:\Program Files (x86)\WinSoft Update Service\api-ms-win-core-console-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	File created: C:\Program Files (x86)\WinSoft Update Service\api-ms-win-core-interlocked-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	File created: C:\Program Files (x86)\WinSoft Update Service\sqlite3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	File created: C:\Program Files (x86)\WinSoft Update Service\_elementtree.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	File created: C:\Program Files (x86)\WinSoft Update Service\api-ms-win-core-libraryloader-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	File created: C:\Program Files (x86)\WinSoft Update Service\api-ms-win-crt-filesystem-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	File created: C:\Program Files (x86)\WinSoft Update Service\_queue.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	File created: C:\Program Files (x86)\WinSoft Update Service\api-ms-win-core-namedpipe-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	File created: C:\Program Files (x86)\WinSoft Update Service\api-ms-win-crt-convert-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	File created: C:\Program Files (x86)\WinSoft Update Service\api-ms-win-core-rtlsupport-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	File created: C:\Program Files (x86)\WinSoft Update Service\_ssl.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	File created: C:\Program Files (x86)\WinSoft Update Service\python37.dll	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	File created: C:\Program Files (x86)\WinSoft Update Service\libssl-1_1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	File created: C:\Program Files (x86)\WinSoft Update Service\api-ms-win-core-localization-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	File created: C:\Program Files (x86)\WinSoft Update Service\api-ms-win-core-datetime-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	File created: C:\Program Files (x86)\WinSoft Update Service\api-ms-win-core-file-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	File created: C:\Program Files (x86)\WinSoft Update Service\api-ms-win-core-processthreads-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	File created: C:\Program Files (x86)\WinSoft Update Service\_msi.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	File created: C:\Program Files (x86)\WinSoft Update Service\api-ms-win-crt-math-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	File created: C:\Program Files (x86)\WinSoft Update Service\pythonw.exe	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	File created: C:\Program Files (x86)\WinSoft Update Service\libcrypto-1_1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	File created: C:\Program Files (x86)\WinSoft Update Service\api-ms-win-crt-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	File created: C:\Program Files (x86)\WinSoft Update Service\api-ms-win-core-memory-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	File created: C:\Program Files (x86)\WinSoft Update Service\api-ms-win-core-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	File created: C:\Program Files (x86)\WinSoft Update Service\api-ms-win-crt-utility-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	File created: C:\Program Files (x86)\WinSoft Update Service\api-ms-win-core-synch-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	File created: C:\Program Files (x86)\WinSoft Update Service\api-ms-win-core-processenvironment-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	File created: C:\Program Files (x86)\WinSoft Update Service\_sqlite3.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	File created: C:\Program Files (x86)\WinSoft Update Service\api-ms-win-crt-environment-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	File created: C:\Program Files (x86)\WinSoft Update Service\tk86t.dll	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	File created: C:\Program Files (x86)\WinSoft Update Service\api-ms-win-crt-stdio-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	File created: C:\Program Files (x86)\WinSoft Update Service\api-ms-win-core-util-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	File created: C:\Program Files (x86)\WinSoft Update Service\select.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	File created: C:\Program Files (x86)\WinSoft Update Service\api-ms-win-core-file-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	File created: C:\Program Files (x86)\WinSoft Update Service\_bz2.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	File created: C:\Program Files (x86)\WinSoft Update Service\_socket.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	File created: C:\Program Files (x86)\WinSoft Update Service\unicodedata.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	File created: C:\Program Files (x86)\WinSoft Update Service\api-ms-win-core-errorhandling-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	File created: C:\Program Files (x86)\WinSoft Update Service\tcl86t.dll	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	File created: C:\Program Files (x86)\WinSoft Update Service\api-ms-win-core-synch-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	File created: C:\Program Files (x86)\WinSoft Update Service\api-ms-win-crt-multibyte-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	File created: C:\Program Files (x86)\WinSoft Update Service\_lzma.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	File created: C:\Program Files (x86)\WinSoft Update Service\_ctypes.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	File created: C:\Program Files (x86)\WinSoft Update Service\api-ms-win-core-debug-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	File created: C:\Program Files (x86)\WinSoft Update Service\api-ms-win-core-processthreads-l1-1-1.dll	Jump to dropped file

Source: C:\Users\user\Desktop\install.exe	File created: C:\Program Files (x86)\WinSoft Update Service\LICENSE.txt	Jump to behavior
Source: C:\Users\user\Desktop\install.exe	File created: C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\adodbapi\license.txt	Jump to behavior
Source: C:\Users\user\Desktop\install.exe	File created: C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\adodbapi\readme.txt	Jump to behavior
Source: C:\Users\user\Desktop\install.exe	File created: C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\isapi\README.txt	Jump to behavior
Source: C:\Users\user\Desktop\install.exe	File created: C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\isapi\samples\README.txt	Jump to behavior
Source: C:\Users\user\Desktop\install.exe	File created: C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\isapi\test\README.txt	Jump to behavior

Source: C:\Users\user\Desktop\install.exe

Process information set: NOOPENFILEERRORBOX

Jump to behavior

Found dropped PE file which has not been started or loaded

Source: C:\Users\user\Desktop\install.exe	Dropped PE file which has not been started: C:\Program Files (x86)\WinSoft Update Service\api-ms-win-core-profile-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	Dropped PE file which has not been started: C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\isapi\PyISAPI_loader.dll	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	Dropped PE file which has not been started: C:\Program Files (x86)\WinSoft Update Service\_hashlib.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	Dropped PE file which has not been started: C:\Program Files (x86)\WinSoft Update Service\python.exe	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	Dropped PE file which has not been started: C:\Program Files (x86)\WinSoft Update Service\api-ms-win-crt-process-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	Dropped PE file which has not been started: C:\Program Files (x86)\WinSoft Update Service\api-ms-win-core-sysinfo-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	Dropped PE file which has not been started: C:\Program Files (x86)\WinSoft Update Service\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	Dropped PE file which has not been started: C:\Program Files (x86)\WinSoft Update Service\mfc140u.dll	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	Dropped PE file which has not been started: C:\Program Files (x86)\WinSoft Update Service\api-ms-win-crt-time-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	Dropped PE file which has not been started: C:\Program Files (x86)\WinSoft Update Service\_asyncio.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	Dropped PE file which has not been started: C:\Program Files (x86)\WinSoft Update Service\api-ms-win-core-timezone-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	Dropped PE file which has not been started: C:\Program Files (x86)\WinSoft Update Service\winsound.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	Dropped PE file which has not been started: C:\Program Files (x86)\WinSoft Update Service\api-ms-win-core-string-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	Dropped PE file which has not been started: C:\Program Files (x86)\WinSoft Update Service\pyexpat.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	Dropped PE file which has not been started: C:\Program Files (x86)\WinSoft Update Service\api-ms-win-crt-locale-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	Dropped PE file which has not been started: C:\Program Files (x86)\WinSoft Update Service\_multiprocessing.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	Dropped PE file which has not been started: C:\Program Files (x86)\WinSoft Update Service\python3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	Dropped PE file which has not been started: C:\Program Files (x86)\WinSoft Update Service\api-ms-win-crt-conio-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	Dropped PE file which has not been started: C:\Program Files (x86)\WinSoft Update Service\_overlapped.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	Dropped PE file which has not been started: C:\Program Files (x86)\WinSoft Update Service\_tkinter.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	Dropped PE file which has not been started: C:\Program Files (x86)\WinSoft Update Service\api-ms-win-core-handle-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	Dropped PE file which has not been started: C:\Program Files (x86)\WinSoft Update Service\api-ms-win-core-file-l2-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	Dropped PE file which has not been started: C:\Program Files (x86)\WinSoft Update Service\api-ms-win-crt-string-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	Dropped PE file which has not been started: C:\Program Files (x86)\WinSoft Update Service\api-ms-win-crt-runtime-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	Dropped PE file which has not been started: C:\Program Files (x86)\WinSoft Update Service\_decimal.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	Dropped PE file which has not been started: C:\Program Files (x86)\WinSoft Update Service\api-ms-win-core-console-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	Dropped PE file which has not been started: C:\Program Files (x86)\WinSoft Update Service\api-ms-win-core-interlocked-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	Dropped PE file which has not been started: C:\Program Files (x86)\WinSoft Update Service\sqlite3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	Dropped PE file which has not been started: C:\Program Files (x86)\WinSoft Update Service\_elementtree.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	Dropped PE file which has not been started: C:\Program Files (x86)\WinSoft Update Service\api-ms-win-core-libraryloader-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	Dropped PE file which has not been started: C:\Program Files (x86)\WinSoft Update Service\api-ms-win-crt-filesystem-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	Dropped PE file which has not been started: C:\Program Files (x86)\WinSoft Update Service\api-ms-win-core-namedpipe-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	Dropped PE file which has not been started: C:\Program Files (x86)\WinSoft Update Service\_queue.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	Dropped PE file which has not been started: C:\Program Files (x86)\WinSoft Update Service\api-ms-win-crt-convert-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	Dropped PE file which has not been started: C:\Program Files (x86)\WinSoft Update Service\api-ms-win-core-rtlsupport-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	Dropped PE file which has not been started: C:\Program Files (x86)\WinSoft Update Service\python37.dll	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	Dropped PE file which has not been started: C:\Program Files (x86)\WinSoft Update Service\_ssl.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	Dropped PE file which has not been started: C:\Program Files (x86)\WinSoft Update Service\libssl-1_1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	Dropped PE file which has not been started: C:\Program Files (x86)\WinSoft Update Service\api-ms-win-core-localization-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	Dropped PE file which has not been started: C:\Program Files (x86)\WinSoft Update Service\api-ms-win-core-datetime-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	Dropped PE file which has not been started: C:\Program Files (x86)\WinSoft Update Service\api-ms-win-core-processthreads-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	Dropped PE file which has not been started: C:\Program Files (x86)\WinSoft Update Service\api-ms-win-core-file-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	Dropped PE file which has not been started: C:\Program Files (x86)\WinSoft Update Service\_msi.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	Dropped PE file which has not been started: C:\Program Files (x86)\WinSoft Update Service\api-ms-win-crt-math-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	Dropped PE file which has not been started: C:\Program Files (x86)\WinSoft Update Service\pythonw.exe	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	Dropped PE file which has not been started: C:\Program Files (x86)\WinSoft Update Service\libcrypto-1_1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	Dropped PE file which has not been started: C:\Program Files (x86)\WinSoft Update Service\api-ms-win-crt-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	Dropped PE file which has not been started: C:\Program Files (x86)\WinSoft Update Service\api-ms-win-core-memory-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	Dropped PE file which has not been started: C:\Program Files (x86)\WinSoft Update Service\api-ms-win-core-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	Dropped PE file which has not been started: C:\Program Files (x86)\WinSoft Update Service\api-ms-win-crt-utility-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	Dropped PE file which has not been started: C:\Program Files (x86)\WinSoft Update Service\api-ms-win-core-processenvironment-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	Dropped PE file which has not been started: C:\Program Files (x86)\WinSoft Update Service\_sqlite3.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	Dropped PE file which has not been started: C:\Program Files (x86)\WinSoft Update Service\api-ms-win-core-synch-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	Dropped PE file which has not been started: C:\Program Files (x86)\WinSoft Update Service\tk86t.dll	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	Dropped PE file which has not been started: C:\Program Files (x86)\WinSoft Update Service\api-ms-win-crt-environment-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	Dropped PE file which has not been started: C:\Program Files (x86)\WinSoft Update Service\api-ms-win-crt-stdio-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	Dropped PE file which has not been started: C:\Program Files (x86)\WinSoft Update Service\api-ms-win-core-util-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	Dropped PE file which has not been started: C:\Program Files (x86)\WinSoft Update Service\select.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	Dropped PE file which has not been started: C:\Program Files (x86)\WinSoft Update Service\api-ms-win-core-file-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	Dropped PE file which has not been started: C:\Program Files (x86)\WinSoft Update Service\_bz2.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	Dropped PE file which has not been started: C:\Program Files (x86)\WinSoft Update Service\_socket.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	Dropped PE file which has not been started: C:\Program Files (x86)\WinSoft Update Service\unicodedata.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	Dropped PE file which has not been started: C:\Program Files (x86)\WinSoft Update Service\api-ms-win-core-errorhandling-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	Dropped PE file which has not been started: C:\Program Files (x86)\WinSoft Update Service\tcl86t.dll	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	Dropped PE file which has not been started: C:\Program Files (x86)\WinSoft Update Service\api-ms-win-core-synch-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	Dropped PE file which has not been started: C:\Program Files (x86)\WinSoft Update Service\api-ms-win-crt-multibyte-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	Dropped PE file which has not been started: C:\Program Files (x86)\WinSoft Update Service\_lzma.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	Dropped PE file which has not been started: C:\Program Files (x86)\WinSoft Update Service\_ctypes.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	Dropped PE file which has not been started: C:\Program Files (x86)\WinSoft Update Service\api-ms-win-core-processthreads-l1-1-1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\install.exe	Dropped PE file which has not been started: C:\Program Files (x86)\WinSoft Update Service\api-ms-win-core-debug-l1-1-0.dll	Jump to dropped file

Source: C:\Users\user\Desktop\install.exe	Code function: 0_2_0040689A FindFirstFileW,FindClose,	0_2_0040689A
Source: C:\Users\user\Desktop\install.exe	Code function: 0_2_00405C4E CloseHandle,GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,	0_2_00405C4E
Source: C:\Users\user\Desktop\install.exe	Code function: 0_2_00402902 FindFirstFileW,	0_2_00402902

Source: C:\Users\user\Desktop\install.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\Desktop\install.exe	API call chain: ExitProcess graph end node

Source: C:\Users\user\Desktop\install.exe	File opened: C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\	Jump to behavior
Source: C:\Users\user\Desktop\install.exe	File opened: C:\Program Files (x86)\WinSoft Update Service\	Jump to behavior
Source: C:\Users\user\Desktop\install.exe	File opened: C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages	Jump to behavior
Source: C:\Users\user\Desktop\install.exe	File opened: C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\_distutils_hack\	Jump to behavior
Source: C:\Users\user\Desktop\install.exe	File opened: C:\Program Files (x86)\WinSoft Update Service\Lib	Jump to behavior
Source: C:\Users\user\Desktop\install.exe	File opened: C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\_distutils_hack	Jump to behavior

Source: cacert.pem0.0.dr

Binary or memory string: zJVSk/BwJVmcIGfE7vmLV2H0knZ9P4SNVbfo5azV8fUZVqZa+5Acr5Pr5RzUZ5dd

Source: C:\Users\user\Desktop\install.exe

0_2_004035D8

Name

Active

wjecpujpanmwm.tk

104.21.32.150

true

google.com

172.217.16.206

true

lucaespo.altervista.org

unknown

studiofotografico35mm.altervista.org

unknown

Name	Type	MD5	SHA1	SHA256
C:\Program Files (x86)\WinSoft Update Service\LICENSE.txt	ASCII text, with CRLF line terminators	A00A6EA9D31EB93ABCB65993FE2D368D	4C5C32D5DE84D9727EA4BF6D9965ACEC9BE562C7	B7356E23B1D2A6FFB2409091374D595C35B31DCA87B60131A8869F01A87D9A77
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\PyWin32.chm	MS Windows HtmlHelp Data	2F80D124E8C55E04E7C1216A2E8CEDC1	3728E9337E563D46E7C6100D0E0212B49B15ED95	271A48231F3A82D2A211BCCC304715B76A8E1059A5FDC7CE5648B231C81BF22E
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\_distutils_hack\__init__.py	Python script, ASCII text executable	9232E921950022747536A051B68BD548	BAD0DAA92BCE2095223EB52142306429CE6B4090	C05B8045C9A51ED915DB41DF44195068C3D8EE1431F93104B670695DECAC8B02
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\_distutils_hack\override.py	ASCII text	012A3E19D518D130A36BEAF917A091C7	358F87C599947263E8ADF079CB2131A522876AF8	12EFECF8D17A5486780AA774B5B6C0E70B56932D8864F35DF1EB7A18BB759B3A
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\adodbapi\__init__.py	Python script, ASCII text executable	B20A830A82F6F8DF8F57FD5EC837F2AD	2590761DFBE32D8225EC7C460D947647E25DBABB	DE8937B154BA0D050A40E574D5F7B55B3CD80DD22C3866EE7484BF3EB398F421
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\adodbapi\ado_consts.py	Python script, ASCII text executable	97FB4474CEF9DCFACD24AD7A8B66CE1F	710977BD4BF3D6B246CB1C98D792BA4214F54F47	CE3520EE60137104F5C67AD6548D7B3DE58ED0B9B10055050E816631D3B2C265
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\adodbapi\adodbapi.py	Python script, ASCII text executable	A317F57F74000448FC234F02896EA7AD	E66CEF5A6C97CAF3DC7A6207685476F3606D75E4	3943D0F55BE9ABB301F686C15B15117C34769F9B9E78420E4127D1AF72196E14
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\adodbapi\apibase.py	Python script, ASCII text executable, with CRLF line terminators	97ACA6B9A28FFA7AE2B3CCBF4DD828DE	4E57BA7A7D292C31BD78CD28BE64A4FEDB2B9305	B73BA9EEC87E69E56A4E8D27F2961AF34B5298655EA64013CFCA38700053D34B
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\adodbapi\examples\db_print.py	Python script, ASCII text executable, with CRLF line terminators	96D9F5F4ECD8049CE3D960FB057B2F17	B0589009D0D3BE258D3BE0273FE6F4206B07E1E4	2611B52E7AC518E5834E9328A89D2EAE90E407F2506349E45B85FC94B981E496
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\adodbapi\examples\db_table_names.py	Python script, ASCII text executable, with CRLF line terminators	3FFD290D5415D1E2843A2ADDC9A4CB6E	B2EAC5CD09DD1EC02C2F44EFC00B7EC7B143B68A	0E79174FDF00132979A19F4CC33489669A346B1E197F35F1CDA176FB308D627C
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\adodbapi\examples\xls_read.py	ASCII text, with CRLF line terminators	CCACBB18A5F1456C342A6FFCB51ABEDF	EFBD11A376B20F27B2BF4536A4F3CD3D88654C14	7FFC036470F63D94A9F1148328688FFF50DD1409CA4320B4CC673FF1EBEA4118
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\adodbapi\examples\xls_write.py	ASCII text, with CRLF line terminators	8FBD18E3C821F43D68E55318B13CF693	26CB5FAED45DDB1CA6BE939CD2CA68B4AA2342FD	6DC07615653BAB9E148DCA63291127E0DDA41BEF8F267582DE9BC1361E74BA42
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\adodbapi\is64bit.py	Python script, ASCII text executable, with CRLF line terminators	436161183FF19C85F1B52A716D466FF6	233595387599435B72F82C3C87CFC733AB5633DE	841024566C44BFE1C81350186F2968C6F06FA927AAAA45B6243A7AD8CBED632D
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\adodbapi\license.txt	ASCII text	652B4E2F7A8A93E7ABDD2DE7031E0BDB	C627EBED0FC837F3F926B18F9A1712028D60F233	610E0C3A24A26ACB0470F8F5EB0298DF966FC380CEE8E0FEBDAC6791B6209D6C
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\adodbapi\process_connect_string.py	Python script, ASCII text executable, with CRLF line terminators	C6C854430269FFC0DFA7AD4510CAD7DF	65E446AC20FB633E93C29BADD1D6C154F940EE98	5189EB3F731CA7C4E88E5BCCC3FEC77BE4E8BDD022D7ACE2CB1761C2497A6419
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\adodbapi\readme.txt	ASCII text, with CRLF line terminators	57C9E012D4EDD985537CFDAB7A480C8F	E79E4B89D08954B8A9949148F6E6C8E14E2813D1	2E4EE2F591480A5ED3E2750BB04CCA0621F0F1B195C9A2F320C14ED0541DDBDD
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\adodbapi\remote.py	Python script, ASCII text executable	4C2DFECD18E2C550EA1EC106FA0C4FA8	79A0077BDB9FAB77C0A43DFCDCF18A9704DFF3D6	3EDBA6B4D126E70BCC71FFC8B23C92E9EA17431F3B4AB971C375715960E97A7B
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\adodbapi\schema_table.py	Python script, ASCII text executable, with CRLF line terminators	3C93C5C95FC6FC9F454B67373B8BD999	E6284ECF53423908962409E251AEE3BA2B52C378	761EE5B3C5388F7F27349172802207134E1BFCEBDE27581601373B0B3CAB1D89
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\adodbapi\setup.py	Python script, ASCII text executable	2D5C711FB46932E36F01607314DE1CB6	C5C525BCC334126A1B670D82C4C58DFFDCECDCCC	B7ACAA62713A249A724D6C87C9A0D6FB8906721DAB36D48228B0B2F2E4C99D08
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\adodbapi\test\adodbapitest.py	Python script, ASCII text executable	1C9EAFC2BE3C1CF14114143357F59E65	B792010293C5BA59D5BE69CB1C2E8DA294E6E684	41D13007BD78790315328F0694070FD21B9A3D3486DDC23632A561DF1F87B3FC
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\adodbapi\test\adodbapitestconfig.py	Python script, ASCII text executable	3185492B05D00257F61FA02DE9CC038F	C27146BB719477242BF875421E76717F10B80D92	A5A48C5126EE839748D124DD2F93B83C4F3E13151135F790AE0A0DA5FCBEF747
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\adodbapi\test\dbapi20.py	Python script, ASCII text executable	54D2BEE0B96C57C30291C60607778E79	1A37781D94D27E89431AD7AE094D926808763B6B	0B12A9425B1E7E13148C9E03F54483CA335E4F74D33E11C36AB2F5857114F2AF
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\adodbapi\test\is64bit.py	Python script, ASCII text executable, with CRLF line terminators	01EF40F1AC4222D2CFBC2790B32DF9F4	6EB2B02322A629E419BE10738EB98ACCE8A1B49D	661D0E7B2787E94A1050B08A6F5462D3B5A77C8B2AD819FF8CE264965B7A1A46
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\adodbapi\test\setuptestframework.py	Python script, ASCII text executable, with CRLF line terminators	B808E9DA78EBE6DAE62FD1AAD6A783BD	1D5C2F57D4D31542BCC8E2D94893DAB2C5CD0814	1C54B4696BAB8481C080EB0825DA5880B4DA209E7C77F0068FB6688279A6F19C
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\adodbapi\test\test_adodbapi_dbapi20.py	Python script, ASCII text executable, with CRLF line terminators	C6E225B3FD63FA1009ED57D509F090F0	ABAF5F9743B2A2067A98078A82C6817C92936C12	968F7613E99C9BE9657B71A6A153B1E2D735C469A51BAC171E3C62F8F80A6CF8
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\adodbapi\test\tryconnection.py	Python script, ASCII text executable	AD9FACA724C8385DD13819CF7553A6BB	C0C1F4450C87A08E74FE8F464A6814ABCCECE050	A920EB724A6454A6FA293C8675D3945ACDB7F2F62C383FAFEF9175071D9958DC
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\certifi-2020.12.5.dist-info\INSTALLER	ASCII text	365C9BFEB7D89244F2CE01C1DE44CB85	D7A03141D5D6B1E88B6B59EF08B6681DF212C599	CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\certifi-2020.12.5.dist-info\LICENSE	ASCII text	F77F61D14EE6FEAC4228D3EBD26CC1F1	EA754E241E066D60AA3E231D0C05A88B06B564B4	6A70A4BF6B010016D59A64B8AE4AD8DC7F5EF16F1FB453CC2ECD771C5A341131
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\certifi-2020.12.5.dist-info\METADATA	ASCII text	4D2B655AB51CFCC10949845D9C1F8BCB	400D9F606500464A92EC16C802F0FC5EE4B2DCC8	484C391861C8781C06C0326C2146957C440073926AB3F5E87CE7D35FEFE4084D
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\certifi-2020.12.5.dist-info\RECORD	ASCII text, with CRLF line terminators	2EB818CD806597E38AF32C76548D7923	F6F69E65FDD02EF1853571479AF428805F3BABBC	26A70A65C911BD445CE8015006A32BE37F7EE5DC06F253149D889F269F429C34
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\certifi-2020.12.5.dist-info\WHEEL	ASCII text	D25A99ECD1ECB535EE4E31874B0C7B95	B80780FBBF97A5FBF433C4F692E340632EA675F1	00329EC9A1B2285E43C01344D2C444E69BD6F9B4A414C25F06E873677ADC78FE
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\certifi-2020.12.5.dist-info\top_level.txt	ASCII text	5EBD7F7C387EBB31C14E3C701023AC97	BC5EA804A025DFFDE14FBF3746E34487196073D7	28CBB8BD409FB232EB90F6D235D81D7A44BEA552730402453BFFE723C345EBE5
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\certifi\__init__.py	Python script, ASCII text executable	BC9F2DE40134228ADC4EA47CA70A0BAA	70D0A614D3E4E46C16D7B207B10A4C89F61C7D75	4AC99D9851E31C263854BB6AC29A7D3FF8EC39C02E1E3FB97395AAA04CFEA058
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\certifi\__main__.py	Python script, ASCII text executable	269E7F0CA2FA570B10E690595E6AEDAB	F09C4BA5E7EE37DDEBE914DEF9D97152CB5EB856	C410688FDD394D45812D118034E71FEE88BA7BEDDD30FE1C1281BD3B232CD758
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\certifi\cacert.pem	ASCII text	1BA3B44F73A6B25711063EA5232F4883	1B1A84804F896B7085924F8BF0431721F3B5BDBE	BB77F13D3FBEC9E98BBF28AC95046B44196C7D8F55AB7720061E99991A829197
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\certifi\core.py	Python script, ASCII text executable	E9695A9F9664E50346014590A276EDED	427C0CFA4131820D8F999AE3999C0DEAECAD5E5A	574BB2C4A398773EAE9434AEB1C96B2E68DB3E0397B03D019C47F4490ECE9E81
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\chardet-4.0.0.dist-info\INSTALLER	ASCII text	365C9BFEB7D89244F2CE01C1DE44CB85	D7A03141D5D6B1E88B6B59EF08B6681DF212C599	CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\chardet-4.0.0.dist-info\LICENSE	ASCII text	A6F89E2100D9B6CDFFCEA4F398E37343	545F380FB332EB41236596500913FF8D582E3EAD	6095E9FFA777DD22839F7801AA845B31C9ED07F3D6BF8A26DC5D2DEC8CCC0EF3
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\chardet-4.0.0.dist-info\METADATA	ASCII text	2A7F45FB349FFB79B73F78C1B4B3D2B0	ACFA39A144417C56A3D84D0137A68EF410695853	C92610004ECD3E6DCBC3180CA858B5CDD2D0E3C9A6C0C6EB270A80582B5C6C7F
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\chardet-4.0.0.dist-info\RECORD	ASCII text, with CRLF line terminators	28B27A77716B4D4E19353C2C14BF5450	7F2E17508764518293EADC3ED7433EEF3B9A9259	28E47890D1E401F8EEB3963C3237F17ED456B459D0BD41779E506E982A91A3B8
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\chardet-4.0.0.dist-info\WHEEL	ASCII text	D25A99ECD1ECB535EE4E31874B0C7B95	B80780FBBF97A5FBF433C4F692E340632EA675F1	00329EC9A1B2285E43C01344D2C444E69BD6F9B4A414C25F06E873677ADC78FE
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\chardet-4.0.0.dist-info\entry_points.txt	ASCII text	B65F7BFDE70CE91F668944119FDF1923	529FC858FDFDA889EAA5EAFC9CB699C4305B19D6	7C032686EE5E27ECC027EB267EA430442950DFE9E8CCE0A6BC9EBE13C960189A
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\chardet-4.0.0.dist-info\top_level.txt	ASCII text	DFA288092949BE4DED87CFE9BE2702A5	AD425BF5119CE57A37E3FA126DB0D4DCACB05013	028C3305B672E31F048AB0010DD2522C964C909FF9DE221A83CC5F291E83EE42
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\chardet\__init__.py	Python script, ASCII text executable	2FC59815B38752DB9228D08EA57393D2	528941E0635B972612867CEDB7C1DE455E307416	99665A5A6BD9921C1F044013F4ED58EA74537CACE14FB1478504D302E8DBA940
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\chardet\big5freq.py	ASCII text	14C69F7CCF62A473CAF8D24A85302168	4028BD63B9EB6C3225FC61B7E8733528EE80FD87	0FFCCAE46CB3A15B117ACD0790B2738A5B45417D1B2822CEAC57BDFF10EF3BFF
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\chardet\big5prober.py	Python script, ASCII text executable	1A45BD1F7CE22E30EEC32D870AB02E44	5297DF2758B6BE575459E08565B07382EB6D52ED	901C476DD7AD0693DEEF1AE56FE7BDF748A8B7AE20FDE1922DDDF6941EFF8773
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\chardet\chardistribution.py	Python script, ASCII text executable	1348267FC095CAE77B3F24A48DD6ED06	DB44178E9A4908F7256C85A75A7374FB57BF868F	DF0A164BAD8AAC6A282B2AB3E334129E315B2696BA57B834D9D68089B4F0725F
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\chardet\charsetgroupprober.py	Python script, ASCII text executable	E7F08780A8FB42F77C61315AD721763F	10E9716409D7710FA9C3950B485C8A14576A7EE0	1992D17873FA151467E3786F48EA060B161A984ACACF2A7A460390C55782DE48
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\chardet\charsetprober.py	Python script, ASCII text executable	A257430E4394E805107C519BA417C3D4	4CAC3F02D5FDAA8776B49966206247ACD3BD151E	2929B0244AE3CA9CA3D1B459982E45E5E33B73C61080B6088D95E29ED64DB2D8
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\chardet\cli\__init__.py	very short file (no magic)	68B329DA9893E34099C7D8AD5CB9C940	ADC83B19E793491B1C6EA0FD8B46CD9F32E592FC	01BA4719C80B6FE911B091A7C05124B64EEECE964E09C058EF8F9805DACA546B
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\chardet\cli\chardetect.py	Python script, ASCII text executable	B881B0F0856FDC622FD7435E6F35ACE1	CF118AF9F5BD309964839FE3DD147790C65A4BA6	9143DE4028BEA2539B5E93AAE4CB652AE067D44535F6B91E7A700CC3197B5116
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\chardet\codingstatemachine.py	Python script, ASCII text executable	33C5E712BAD7523F996BFA09D85EB5BF	3E2B59C552B7E985F2EFEE068ABA34A0C7938409	558A7FE9CCB2922E6C1E05C34999D75B8AB5A1E94773772EF40C904D7EEEBA0F
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\chardet\compat.py	ASCII text	EBCC3FE46560E1E5C7CA6E347780A828	F229B8B6C252A0ECA565CC8601ABF090AE0EF818	E34CEBEB0202670927C72B8B18670838FCAF7BC0D379B0426DBBEDB6F9E6A794
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\chardet\cp949prober.py	Python script, ASCII text executable	EAC9F36E937956F46F3E4C37F9CD7D76	5E1E40B592AB5BADAEBEE6D1CB845F34475BBEED	4D9E37E105FCCF306C9D4BCBFFCC26E004154D9D9992A10440BFE5370F5FF68C
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\chardet\enums.py	Python script, ASCII text executable	754EAD831ACB9BA0C2E768243ADA5DA2	2EAF9CADC33CD208A4A0378158A07FEA397F6A91	0229B075BF5AB357492996853541F63A158854155DE9990927F58AE6C358F1C5
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\chardet\escprober.py	Python script, ASCII text executable	A43AE497CCD0D98F53E4F2E7EF5250E2	3F5C243F912E8E14DF288F356403A5D920159B3E	924CAA560D58C370C8380309D9B765C9081415086E1C05BC7541AC913A0D5927
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\chardet\escsm.py	Python script, ASCII text executable	9C3BAAFEFA516EA1EEFCB03593C8CB1D	B6AE3D309926B691E6E8BE5DF7E9EC7E22DDAF62	46E5E580DBD32036AB9DDBE594D0A4E56641229742C50D2471DF4402EC5487CE
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\chardet\eucjpprober.py	Python script, ASCII text executable	7FCBC25522B5FB00AD88D12E86022F16	F583D01EA725D06785A47BE5AA47A9586CB4E843	883F09769D084918E08E254DEDFD1EF3119E409E46336A1E675740F276D2794C
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\chardet\euckrfreq.py	ASCII text	FC74D266C33CB05F1ECD53EC517EC462	F92F0B57596EC180FB1505D3B3B966F07D61DFAA	FBB19D9AF8167B3E3E78EE12B97A5AEED0620E2E6F45743C5AF74503355A49FA
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\chardet\euckrprober.py	Python script, ASCII text executable	35C9C358A1F2554B15382675B680CB38	17A570BA185BF5BAC0B670932D3EA74376E19F7B	32A14C4D05F15B81DBCC8A59F652831C1DC637C48FE328877A74E67FC83F3F16
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\chardet\euctwfreq.py	ASCII text	F22F9B84302F594271169463DF2C2ADC	1FE6190636462E94488B056A56770C84D48F3370	368D56C9DB853A00795484D403B3CBC82E6825137347231B07168A235975E8C0
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\chardet\euctwprober.py	Python script, ASCII text executable	BA6A1374A470177EC21C4E1528E23F5B	F6ECD5D34962A5B81B71BDC40B140D553A0C120E	D77A7A10FE3245AC6A9CFE221EDC47389E91DB3C47AB5FE6F214D18F3559F797
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\chardet\gb2312freq.py	ASCII text	855D0A3B3FE3F931EB7D4A3F77E9F349	BF8051DEF4AF0BF4B04AD3C997A64A356D2EFECB	257F25B3078A2E69C2C2693C507110B0B824AFFACFFE411BBE2BC2E2A3CEAE57
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\chardet\gb2312prober.py	Python script, ASCII text executable	E9B4EABD5CDA31D434F10B7299B4B47E	BC2518F812EEF5713556D847B933230C00BB22D4	806BC85A2F568438C4FB14171EF348CAB9CBBC46CC01883251267AE4751FCA5C
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\chardet\hebrewprober.py	Python script, ASCII text executable	EE487DF69E219E2AF034E50ED27F6E99	07093CA2075F52D3D07B399A52F4A7491928FB1C	737499F8AEE1BF2CC663A251019C4983027FB144BD93459892F318D34601605A
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\chardet\jisfreq.py	ASCII text	34BE526E85A890AF4C0C38DF38D56B71	12A38AC0C60C3F5A8756A9E03EE74A22C9B481C0	BE9989BF606ED09F209CC5513C730579F4D1BE8FE16B59ABC8B8A0F0207080E8
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\chardet\jpcntx.py	ASCII text	09BDB0C4F23A05CFEEB4F498F8B19D96	B6332D34D3820C06E07EB31AB68A22B5365882AA	3D894DA915104FC2CCDDC4F91661C63F48A2B1C1654D6103F763002EF06E9E0A
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\chardet\langbulgarianmodel.py	Python script, UTF-8 Unicode text executable	DC8BFCBD96E48E1EEC871008B9DF4C41	AB01C692BAC446348C1B6E1AEB8C41C76460C6D4	AFAB6F3AD3BC16A8676D6041E55E1CCDC9757D6338A41F651A259053EF20BECC
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\chardet\langgreekmodel.py	Python script, UTF-8 Unicode text executable	15AA944AF16F7BBBA2DCF664E22CE077	C59BC42593F0B922B73F7A0179403F203CEA46B1	D5C32EDB05203C1F1B43645B5634782CDC020844E043E0F0A34120DBFB81D75B
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\chardet\langhebrewmodel.py	Python script, UTF-8 Unicode text executable	7BD1A4AB964AD4F763CB83C9E3AEE8A8	E072A2E9BC510374083C9CB9E3FE460D6A22B91F	BAB3262471C85ED0B069602ACB5CC463FE129B0C0DCEDEF7D1B0CEB635F3463B
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\chardet\langhungarianmodel.py	Python script, UTF-8 Unicode text executable	4ED0A68F3E35F1835176D355C9A0874A	3C0556AA1EF370A83F3F456BE839F315CC0ACB1E	383022B2FA827DEB3C07815EC8CFCF83D1D8DD90E7132682893E01C72CE873AC
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\chardet\langrussianmodel.py	Python script, UTF-8 Unicode text executable	82770A8C9E90FF4EA6A510A763B048A0	FEC8F5FFD0CCE37D324A22985D2D27BE29B42E4D	B0FAA4AC16D7D10570C32EA8A9197EC7B111BF6278FB368CA02BCBA644AC4892
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\chardet\langthaimodel.py	Python script, UTF-8 Unicode text executable	FBA3594136BBE9B5A77B29EA3A214F7B	66E0B9BD502D1A6F43C47F80A3A2C07DCEFB14E9	A69A0A3862FD38F763F40E025321BC478F336E75EDF4C37559778261EA5AEAC7
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\chardet\langturkishmodel.py	Python script, UTF-8 Unicode text executable	84E009A6C34C6ECAA39D96F48DD12365	0FB32965A1D35867F116A2212F827532A7E1A653	1F795D89C23FAE196FD2BDD5169556B542FA5F7D16CB9F7ABFBFD81F3DAC11D8
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\chardet\latin1prober.py	Python script, ASCII text executable	4EC6FE5DA8DDBED7AA355DF81BD0E6AF	18AAFA5D34C519C51823A7A4737DD07F79E11DB9	4B6228391845937F451053A54855AD815C9B4623FA87B0652E574755C94D914F
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\chardet\mbcharsetprober.py	Python script, ASCII text executable	D7BB9DEC5E8045651A957E956E6CFDC7	EEB555BEF8B05F40C0AA6D81BF2B323B875FC653	011F797851FDBEEA927EF2D064DF8BE628DE6B6E4D3810A85EAC3CB393BDC4B4
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\chardet\mbcsgroupprober.py	Python script, ASCII text executable	D11B219F9A5CC6B48D492BEB69C3D9C3	9E6D7D608F78DD6AE8D09BFC9D46E41C7F287BB1	87A4D19E762AD8EC46D56743E493B2C5C755A67EDD1B4ABEBC1F275ABE666E1E
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\chardet\mbcssm.py	Python script, ASCII text executable	3084C6E597BB859E0CDF091E046C9D5E	0501C978D8B4BDB0883F06F604139896AA3634BD	498DF6C15205DC7CDC8D8DC1684B29CBD99EB5B3522B120807444A3E7EED8E92
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\chardet\metadata\languages.py	Python script, UTF-8 Unicode text executable	F4A09F07D24ADF6500AC136A5F9AE48F	4BEBA4DE69BAB37063E4D564AB9FE9B58BB316E5	E35B4BAB778B4AB0446C455542954616AF4AEE8D659FD6F51E9635974842510A
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\chardet\sbcharsetprober.py	Python script, ASCII text executable	2EBB3D6952540FEA5F8D131376001203	06BB9EA3B9D4E4A3949EF6FDE06C9385FB2A8509	9E6C8CCAEC731BCEC337A2B7464D8C53324B30B47AF4CAD6A5D9C7CCEC155304
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\chardet\sbcsgroupprober.py	Python script, ASCII text executable	7E03B10FB4702C16B9E88D5CBC11ADA5	723635EC45B1DBDE8C60BC5D10992E6CC9A1FC6A	86A79F42E5E6885C83040ACE8EE8C7EA177A5855E5383D64582B310E18F1E557
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\chardet\sjisprober.py	Python script, ASCII text executable	49A4BAE5A91B2CDF3E86CCBE5C891978	AC5FA06EF33A62E12D3F676223F2BA443410AD08	208B7E9598F4589A8AE2B9946732993F8189944F0A504B45615B98F7A7A4E4C4
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\chardet\universaldetector.py	Python script, ASCII text executable	35875D1D3B0AA5BA1C9CA0F4EB462F4F	5ADB8B49698EC14F762292A97AB110670BCA4D7D	0E96535C25F49D41D7C6443DB2BE06671181FE1BDE67A856B77B8CF7872058AB
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\chardet\utf8prober.py	Python script, ASCII text executable	E6180774C6437E9A396353411EDDCB36	35EF3BB735C68E457746E85E7C410CEB2ADA711A	21D0FCBF7CD63AC07C38B8B23E2FB2FDFAB08A9445C55F4D73578A04B4AE204C
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\chardet\version.py	Python script, ASCII text executable	635CDDE23A2245E469D2C0557BA7A938	3B960A058E546F057A0F7F389D14BB1A63E78190	0380882C501DF0C4551B51E85CFA78E622BD44B956C95EF76B512DC04F13BE7F
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\distutils-precedence.pth	ASCII text	C39367750A2AD85B290FA7595D4CC457	4E2B7B413113994E4730EFE03E564A84CEBE2D73	7EA7FFEF3FE2A117EE12C68ED6553617F0D7FD2F0590257C25C484959A3B7373
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\easy_install.py	Python script, ASCII text executable	97B52FE7253BF4683F9F626F015EB72E	AACB1800C66DF9D4AA19B5527563421737F73020	3030BDBEDE40C43B175F9A9C2A5073D939D6E93A6EBFF0286E77E1089F57DCF3
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\idna-2.10.dist-info\INSTALLER	ASCII text	365C9BFEB7D89244F2CE01C1DE44CB85	D7A03141D5D6B1E88B6B59EF08B6681DF212C599	CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\idna-2.10.dist-info\LICENSE.rst	ASCII text	CF36C8682CC154D2D4AA57BD6246B9A1	213659E517DCB5A6963A0B7869CB1BE625FCA442	412014420D2473DBA06117C3D4D9E0EECAA6DDE0CA30CD951F4EC2BE39426F32
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\idna-2.10.dist-info\METADATA	UTF-8 Unicode text	51DA414B478154A813A45661F368B771	BE0C42B22C62C6BA6F8DCA6BCDF591767224F979	65609A4030637664AFC79114EC2BFA3910BEF4D510EA75E1D5E5F1DFCC927B8D
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\idna-2.10.dist-info\RECORD	ASCII text, with CRLF line terminators	93E3010E4D5BEB73F61DE2CE48EE2DB9	159C6178DB2E5803913D6D5702A15885FB618B86	3D2EBC6596664BACAFC20F294D701FB501EABAC2548E630A422EF9B4518896D4
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\idna-2.10.dist-info\WHEEL	ASCII text	E810E49A07579615336DFE1362445C07	7C415D7E52F9507D6414824277CFAE91AB5006E7	F3335865BC10497A01F487D73A33DF78DC2F02C00B0237DF824DBB16ABC259BA
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\idna-2.10.dist-info\top_level.txt	ASCII text	1929D9F7C81F25C32830EBFE29FEC2B2	CF120440E59032DA490AA8FDC118B6F764FE495D	8D26A0F6C103AAF48F7EDC4E432F8005F195FD14B2EE8161E33649A4E0D5F24D
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\idna\__init__.py	Python script, ASCII text executable	8ACFF87EAD0244330C22125C16FCAADB	12DC726D536AC216BA05BB7EB8A014A5609A0DA0	F4DB7BC69C9EB770E63AB3D41A8A03740C261D966ED6A500CB611A27DDE41A24
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\idna\codec.py	Python script, ASCII text executable	A36C9A662F4DD0E6D8D4A48DBE68ADE5	A781C8B744B9FC5EAB020EDC44F3C93556F972A3	96F61BEF2BBB3E102A15A00801D59CC2069623652682C794B9AFB573402C1B40
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\idna\compat.py	Python script, ASCII text executable	2F0D04609DA1142C3A3F74C336EA5744	200367634C3CE53792BD6C0F4D7D50E6C3C842E2	47E876F43FBA9AB9C9CDB5F1CA6AD6516EE2654BF2FB6E934306748A3E7B8B85
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\idna\core.py	Python script, ASCII text executable	4C71B8F90036F3A177EE082611E43867	450CE1849FDABF71EAB61455E7A671AA57FA3C66	8C2A1A2DBDDB036B52FC30F1F4FA46B8D4C46593768C0CC1DFAF5A3FE2076111
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\idna\idnadata.py	ASCII text	1E1B60E5123A4D9BA471DD3F4BEDC4D7	8564A5B66F4CCF419B9390CD0C6A95DEED5FBE05	826CC5C195A3766B3790A67F33FBF0CFBF8B3FF4828187D2784D37076D50A6C9
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\idna\intranges.py	Python script, ASCII text executable	5D37B041D01AEFD92CCAC0BFF286A7C9	8F1C8EDAD0338F65DACE85A9B68EA469C858427B	4D8D65A7164841610FEAD36A8D9905039860A0C58E8F53819A7506F22853F3B1
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\idna\package_data.py	ASCII text	1A56C43E488B6AA863596FB0086B01B7	AB8451205DA5621D19BB54C983BD12BB23802A24	6F1063A4B9C4D3AFF58D260A132E6CBCE32ED7333738CCED5D551BD6D3E5729D
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\idna\uts46data.py	Python script, UTF-8 Unicode text executable	783E04A79BB43145731B33A3372F4E05	823194E21B8ED155CE661CDA98A012535AF36A97	94C770DB3763907D495165CF3C47C5512613DC5CA3EB46C199F2EFBF2E66EE4A
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\isapi\PyISAPI_loader.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	6C56000FF5E4342C4D904D90720F5B6A	7CF02EFD6911FDE56DB9DED8E872DC044225B559	9868A32FF774E1B3733F02AAEFA813ABF253B2BBB3CB8D25EBF54C484A69D97B
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\isapi\README.txt	ASCII text	7F3958AD30B12EC2130CBC7334AB2359	A6CF6266815D7C5FCD1449090F9CF3024F430107	D08B643F4D500E174BA1BB17D9AB2485930957CC0168F14C8D05666FB8C3F550
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\isapi\__init__.py	Python script, ASCII text executable	ACF9725E16F897ECBD05857447B6C317	4B24BA520777CB0077C713CB7D508DFEA8B6723B	BEC16D273C30E27C77B30A0F5C28D0656028E956C5C4A3FB44A58F1C89F52820
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\isapi\doc\isapi.html	HTML document, ASCII text	F7697BC2AEAE59A9BEDFABD3192E80FF	BB4B1E7F5F7626F2F3DC2490931355658A6212D9	0B67CC1EF06CCFD881C29DA61C775C52B634C7BCA1EAB5B19AC2A1685B0164EE
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\isapi\install.py	Python script, ASCII text executable	CB914FC76D6C596E57AD4088FDD9799C	05EDFA989B79BDA709343172A876D6588E5B4C85	813A9BFE5A520C3416BFC79C6FA02534272EC35AC15474A3531D5242010D8E83
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\isapi\isapicon.py	Python script, ASCII text executable	0037FFB92A2A1736A145937A56CBAE85	3F9800478B30229EB01CB5819C52A2C9C3DE21FC	C08F29B178F6919DF4B133602D35D3582A9A6785723619EF59C8E0F2FFA3F05E
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\isapi\samples\README.txt	ASCII text	862443836E56F3162633B7D1C10A3CDF	A3E6090FE621057F32FBC1C6E12C9CB123348FAA	C47BE454FB2E9736FC6FECAB31656A3999991423D534ED7DA86B6078DFC9241E
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\isapi\samples\advanced.py	Python script, ASCII text executable	A9C5BED78B7897ED78F66CDB54659AB5	4D6FF66FE41C876D33E257883E2BCAFC280889EA	19D802BD6415099DD1AAFA75D5F12265A295ED97AA6874EBB6770820CDA3A87B
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\isapi\samples\redirector.py	Python script, ASCII text executable	533B76E269EB28923D5E54AA48CA1F9E	7535D36F0B4F40774E3B053F5C7219EBB38EA1C9	F71E11CB21CBF5DDC31AE6EB376B8C70842485D8622C02C62782527F3AE155DD
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\isapi\samples\redirector_asynch.py	Python script, ASCII text executable	466B8504C8B41F04FA33CCBA554ACC0C	F827645BE8E4EA96630F8F7440BF6482BEA7C066	DE7656B98AFD7C91449AADA5EF3E0CC6E0B21686B99F0E4903AA6AF0F3B2E8C6
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\isapi\samples\redirector_with_filter.py	Python script, ASCII text executable	A7931D3297957FA4DAC965B65687D40C	BE91FB3C2E694D45C85F5EE3AEEEC85DCFC36525	F10954ACD8EB5EDA0B254D5CAF668BADEF72453DEFC8358E3FA18FE171549AD3
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\isapi\samples\test.py	Python script, ASCII text executable	64D7A11DC1815976199355BBFF18836A	006CBAA9AF25CC510D0712552F699730F4C2834C	FEBB4C09F9AB898803028991DFB0F5BD117AD4EB14BDB421258F1821DA714592
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\isapi\simple.py	Python script, ASCII text executable	CF7E9175662D34C2584F56DDEC4CFC73	EB66D8A7D796394A71DF38E0C0AC91DDABA6B4EA	19603CD536D81653A48AE1E53CB4626BB98ABC0CBC78A7F358FA32DE9304A03C
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\isapi\test\README.txt	ASCII text	373DBA22E181540278BB56E9050BB0C2	D9BE10C58C89360D7100E763BE060A3DAAD5FC80	D20657ECFB4483C745C06CC3554A853A002F86FA393538D5C08795A53BE13587
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\isapi\test\extension_simple.py	Python script, ASCII text executable	4BDF26B2215F409A4D27163E44FA56C5	C59F85484D5BB57BD86EF35546332DF10492EA8A	DC9500CB2191B4477F4DDBF6CADDAF701A377264A67EFA6A59C20005D987FCE6
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\isapi\threaded_extension.py	Python script, ASCII text executable	4D95C544913F523779F256E477697CF3	434541EDB0FCEE0A923D71FFCC3E93F4AB04C18E	D1624412936A5CFE92AA8D7BB95814BC605D39C569CC22B090F2D735CF75FDA6
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\__init__.py	Python script, ASCII text executable	E84C461324B98616A8E2ABA36FF95C2B	B28FCD6D0A25BE968CE6ADCBE302A0155523514D	48C96FD18680B47869E0E780043B1DBD91750F42881BC5B2F1F645D7F6CEF059
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\__main__.py	Python script, ASCII text executable	5CD1FBEFADF9DE0E4355BFB8A9854645	C3BBCD8D4A6A93F0FCB956F20EB5BCC435E8C994	6EA080335723D47C07083C775896BE2C9C4E0578A61B113C3A306A02F9E1560D
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\__init__.py	Python script, ASCII text executable	B2F1F5FCA106FCF21C8564DC3BD5BEC4	9828A04C5AEFE088DD176BA7E6A60773EF9C080C	4DE5F235E28B77B1044E37F7949006498D436FE75803A6BFC422C75949049970
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\build_env.py	Python script, ASCII text executable	BEE9E37F89B898C91B14E34155ACEF7E	9D77A286ACD9700E297EC43BE676C39F17626002	E4F74956546F0DEF9F9867DCFF0A8E5AD43D01DF609B6125C1FCB6579695BA2A
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\cache.py	Python script, ASCII text executable	FBEDC96FDDEA30E71FCCAC2644EB8007	6A2867FA28CF1CBC4293F8E863A238E4221CC7DB	1C34E31AB9B9EC597EBEEA2321C2F5EFBE382910A5EBABAE3576809B003C1CB4
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\cli\__init__.py	Python script, ASCII text executable	F0AC37F23494412689AEE309275C45FB	C98BBA03EBC076049B09E2A3168633079A3EA7B1	1641C1829C716FEFE077AAF51639CD85F30ECC0518C97A17289E9A6E28DF7055
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\cli\autocompletion.py	Python script, ASCII text executable	9EE230DD6322924AC836DBA8898DDFE6	715637BE57D88437BA52B80192EBB1B56E7B923F	7A418DB5C0C8D29EEB15573EEECE13F536ECB382606FBBEC07AE3D5C921B9518
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\cli\base_command.py	Python script, ASCII text executable	3622948F18F8819E93FC9C64202D1A0F	B20C63DD181CBDC7A6C5B9C6ABE8C982A076417D	35425E86CF541BEE14D495E01D431E4361759FC56B9C385B4A3494A7E8820D81
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\cli\cmdoptions.py	Python script, ASCII text executable	317AFC4A0D130F4A4B37CDB2A959E63B	8199A7EC77EDA696F1686444B78009832E05D4FB	17ADB2160C6E16866E6E01759E2D080E1E2310ED572594EBB2B63AD7A36A0554
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\cli\command_context.py	Python script, ASCII text executable	5C808203BDC30852020A89A9AC7C1026	F8ACD017D8989CD782ECE179F7EE9CADEE349EC5	935547A9309E6234346F7B72AA2513A00DC09F9171A509A8E6B6FEF401C9E956
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\cli\main.py	Python script, ASCII text executable	66763AB952D947165B2BC3A980173310	2926C1D2CCE8CFF7EFAD7BCA07972D3A97334B6A	1F173D759C96DF1883B18657FBF2767065D3E4358D2CD9FF63BA3DA1499EF847
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\cli\main_parser.py	Python script, ASCII text executable	1137EA3095AE858FBA88E31199319180	44EF08D9486A8C118EB038F7237F71F41C6C4C67	41251BBB974F677A71B260A19E8F1E1F5EA467101C5241B2F187021BF79E1AB7
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\cli\parser.py	Python script, ASCII text executable	B2E045435B41B00BFFD992B71DFBB4AD	151B8AD4A364A2CC8C60A1E1E2CD37910FC2747F	9DED8E1FB077C527863D47A5664450DFC4EFF61AB297FFEC8323623F73F9E7E5
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\cli\progress_bars.py	Python script, ASCII text executable	827BAC3DBE0BB62CAC00F37F89881308	9FC0472D9B23C56467BF6F02726830C26BAD197C	275CF292DD8B23881B05E5E8ADF6119985791605E1716E31DEBEB113F6BB67B7
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\cli\req_command.py	Python script, ASCII text executable	C6AFF88C20A7F28141F90AE903E9B635	B7C7A36B7368FAAFD56509CF8020AACDC7E317F0	FD6346924BE7B8FDB5D037195D6454CC9F3031834D410D8DC3D9863A71C21D2E
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\cli\spinners.py	Python script, ASCII text executable	94DCDDFDE192B6A2A9B89308BEE85709	C1B11204DAFC02A377C4C6BC32BBBEBFDC7A96FD	19441634F9C10F5093447C71BA6BD4C28747A2F22FA1F301BBE6E46926949D06
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\cli\status_codes.py	Python script, ASCII text executable	360B5FBCFC4CA8DB6FEE55A71EA27D7F	9D2120560B68A6CF2B0EAB89CCFBF5B5336067A9	17AB831BA1A3ED134A4095039DDF3B40AA88D7A52CFADF81D303C5FF840CA567
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\commands\__init__.py	Python script, ASCII text executable	30CF8D21165677AD98ADAC1FEC69EE4F	5BD3E241852AD14508DC6D4FC4F8B6C73E992F59	DF499AC75353FA3598AF300AC22A0FB94803EF910AB9BA8B901847626799407F
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\commands\cache.py	Python script, ASCII text executable	B34A7E696498C48D41E5FC32DAA6ED71	C6D66AA00246F7556A76DBBE15E4C99B66557F46	9BB4FD0BA8C1EDF98DA33C86DB82752E4793B28C9FC8851883FE68B48994ABAE
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\commands\check.py	Python script, ASCII text executable	F3F2658E3B72C44B99584DBF2B1E180D	17DBDBBB0D33B99B3F52A0B4EDF10AF1FDCE0BE7	3628E60082A58D6DE463E57440B313ED5B6DB840ED0EBA106B9AAB7F2E01FB52
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\commands\completion.py	Python script, ASCII text executable	7E4A01B9F341F7C6B51DDB7984D9097F	663B124C34418689A2EAE6A6E2FD7CB18EC7DE4A	485BAB5C8A156605CC843FAB3F0C9FB630F676D68EA2C22005B1DB089E019E6A
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\commands\configuration.py	Python script, ASCII text executable	2523762271C1BE4A5FA339D5D4284FD4	D6A81B5F930039F23401C9D05CE79E045FE7C33E	8B8B8C6D670AF8F5B554B63B7FA78A92587BA8ED499ECBEABEA7B8718E948F86
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\commands\debug.py	Python script, ASCII text executable	185ADD74CA7D259726DF6AE1F56DEE2B	51C82961DDA848E719F766822E81B40A1C31F6A9	A0F3CBFA45B57DCD969346EB10E9564493FE052D80EB24A7E6FE3D13F92C225F
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\commands\download.py	Python script, ASCII text executable	DEB959A037918D72793874C6A6F5A6FF	4B6CB13D67D75D6B82BF763FEB67DF3C4D3888F3	34693FB041AE8BE21DFB58E48B61736DC4C0E0764A1156E722610D9C71B0F22B
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\commands\freeze.py	Python script, ASCII text executable	80931931B91AF3340E46536D8FCD50F9	EEEE11D0BB315C5BD1E864B61479D2ADEA0FDE95	F197360201A9BD0D67F2137568216097A0BD7C7ED4405F9C5A22ECCED91D8BD5
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\commands\hash.py	Python script, ASCII text executable	48D0433873DE6FA264E2E1D2ADE74394	3EF410EA921A74297F61AE5E5DAA4E1DC92AB875	BF69D80A212C108F6711A9B5A7A1B0746F31CA3E6016FFB85ABAAF35EC4A99E6
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\commands\help.py	Python script, ASCII text executable	F17EB7D35B140632B5C33601EB19B25B	14091B8DC0F89F8C5EC75FBD7C15E04F8BD02372	A1F9387B3D40691D7A9216BEC380CBB963A2FC1F36C3153FD9A4F65671CCF1C8
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\commands\install.py	Python script, ASCII text executable	E2B91535043E3574E8E88DB06AD9CAAA	84E6AABC5E45D8727EF147EEFC6A30D8B778D883	3DD826E59AC7AE512CF5342DC29EA9FEC7A5BE523AC01829F09844F0C9D16DFB
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\commands\list.py	Python script, ASCII text executable	6452D65B23DB467ABD286F0B8B1C40F5	14279A382DF3A221BB20CAB2DCAEF65362CC7A00	C0F7BD1CFD77DBA2BDD4C6E1FCF56CDC109DC2E1DBBE4063BADE4999E197DC15
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\commands\search.py	Python script, ASCII text executable	73928D7205253500248C4F52F8BC3A12	7BF393932AF026F301347A29DC0D37B898AC5A4D	25279D7066707F8AE8ADDA4DB4BABE4194BA55777024BBADBDF1CE375291C28D
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\commands\show.py	Python script, ASCII text executable	8DA800A4FF5B164FCDDD576873B6FA99	F1599FA86CC801B2BD68C60034035DFCF27307B3	CE4F4566A34F6794387465E72AB29D9373DA2CFB163873B0A055866CCCE1A0A0
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\commands\uninstall.py	Python script, ASCII text executable	B5F0093216166C1438D2E43498347FB3	7AB5EDE170ECDD292C17DBCCF073407015BA091C	62CF21C05B20D24BEF1AD2C6606DE26CBE412AF5118654A5097E74650FA1B079
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\commands\wheel.py	Python script, ASCII text executable	475ACAFD28EB8F1EBAAB629E165F9D53	4DF8F344609E287E80E8677290FC30E3367982D9	1BC6DA3AC3AACA81B5B4835B26573F94343C73BE20370AF7C2D1637CABBA9115
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\configuration.py	Python script, ASCII text executable	987122B453349B847842DA29DE7A364A	B2F2EC9C98986B4876F24771C00D0943A48A512F	079EEAB3B1F47068FC38F1D0F1F79E03317CAB7DF759B76077ADE9A750AD49C3
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\distributions\__init__.py	Python script, ASCII text executable	DD9CF90BBDF0F94946BE4C3DF33FD862	D22564B4D945BB4863A6DABA1F4741F2193A4D27	1020545B91ADBBD4E3270C852EF8A6FA2EA450C615BA290D87D2396AC2FAB5B0
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\distributions\base.py	Python script, ASCII text executable	B38B93AE1DE6D61D42C74B87F6FE5D8F	9246E8A8380FAD564D86CF2DEEC781A8651010AA	AC60D47F300B41037EF6F92B71B0A5EDB8463106D0F817472D65BAC5624E6D0B
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\distributions\installed.py	Python script, ASCII text executable	5B8CB301B1608319F96D11868AB7B335	CC6058A55F5A86866A4BA9F782C2117048C13F97	694B53BD3727550484B6CDB40F467489F1E77D3F9FC0C03E497A2A02AE69479F
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\distributions\sdist.py	Python script, ASCII text executable	5D8C04037ED473E6B625CFC502FFD9C8	038F0BAF75D8AC738A6525F09915DC3446E026E3	52F029E360218C9C1AD31F9033BD86A6D17993F63B2978448E6D28C13AEC906E
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\distributions\wheel.py	Python script, ASCII text executable	D84AE8D319876A9B51F4F510779FC4B1	B849E2E6A04CE0337B2FCCB16CD8F5E0945923BA	95E3CC0434BFA6D3EAD4D23B9FE19061B15D0E7F117426D7A19D4F6A0AEABD6F
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\exceptions.py	Python script, ASCII text executable	8F470A3D0ED285908784B48424A21DA8	C13CEDCA080DC1AF3433EA219D284E8F880DC7EB	C623CC9F3D8681E236549F2F95C0A011E059E872827BD6A085FB8D239E74FDED
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\index\__init__.py	Python script, ASCII text executable	8B1D3A4A3D674CF9F227B7DCBE69552B	A55D1D416E674D9F4A8E0337DEFE350962F21F1A	BE9B7E25E4D979F87C6BE142DB665E0525C555BB817174868882E141925A3694
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\index\collector.py	Python script, ASCII text executable	FD90FDABE3EBD98E33B7370F8C6E11A3	6E544FF982BF1FC080394172DAC3468B21D1915A	819FFDC0FFC09A2212F13565A731CE299BD0B190175300A60B84E0D76533ECB1
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\index\package_finder.py	Python script, ASCII text executable	DA5504AF4D58F59524389398A1A0ED3B	6A5DF8F323C3B3FBCE6A87809FBEAC1E4622E9A3	97C6CB3AA51B4D9BAAB7D8ECEE5CEA4D359F2B3C04ACEB17898137B5F245D0C9
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\locations.py	Python script, ASCII text executable	03DC2E6825505A41C43C7980925F3E0E	89ECE7DE70A0C2BC6616D808301D4531F1998F3C	0379418430175B2720F0693BBD7F20646D662AD367F5BFF54232357348B41EE8
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\main.py	Python script, ASCII text executable	EF6379488A889BAA3506B3BDD0CC0B68	CC260392D3A3B6F0A6B38F54C6E5163FECFFB3B2	2EAA1415BC9A640675C19D31499EB0208C7DFA6D49A129D20F3B569E347FA4CA
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\models\__init__.py	Python script, ASCII text executable	F4122DF11215E5CC0F203F0C4B9238E9	AF1B34A8655A6A39832635A34DCBC060412ED6CB	DC31D477FAB1A4FA337F3A2EA2A6BD83DB6CD42CEBE6A6877C5C5B9F1AE27A93
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\models\candidate.py	Python script, ASCII text executable	2CFD3235FB99997FD9E358DDA1FD9471	977B529ED86126465C800E208D4645598CE7C04B	1A6A6B54FF180F5917838565444A256230BF7EAC0B97B2DF78237E64148D3628
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\models\direct_url.py	Python script, ASCII text executable	C03A4CCE2EF970A8943FECE3013F7199	DCC1562C4C7463D86B743D73131FFFC7F82D5FE7	644D3B8DF26653F0252E060E92E16EA7B920B193F993C0517B007C617A79D267
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\models\format_control.py	Python script, ASCII text executable	A6161545430981A1ED0BCE9BA99E701E	ADAFAC2B4783315FE343B96B04F588750F4507E5	6058BD0AB26B7E9124B92D83382B6B5AA62E76B868D411DA052C13F0A7B1C47F
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\models\index.py	Python script, ASCII text executable	3F63C062834BAA699036A2BB8C743A18	0146F50E5D54ED0115809E9A5A9D97EC1A6F398C	71AAEFC71693EE6272A04929B5A1021D466235A03A47936BB06179E736B0367F
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\models\link.py	Python script, ASCII text executable	89976AAEBB04647027BA365B0CE002D6	29810572C8DA5B657A9ED8A0C3A76CBCCF1B2CC9	072C18BB0EFDD1D0B5CEF4858A3F3E0A6E1065F99472EA5EEB14809A4DE2F023
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\models\scheme.py	Python script, ASCII text executable	8A68A3D4679CE98BEBD3DD7B3E45916D	0B0DEEB55514A94C295E78CAD3AF7EDB2DA3A76D	1213E44FFE86D0C77CE094CB495A2962CA791FF2BA051118985BD4F07EB030AF
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\models\search_scope.py	Python script, ASCII text executable	2C57DABDBBDC6D2205872E2D14CBBD07	C89F691BD17342753D0864A4354D2472DF198A88	2EE9B4998E3FA5D47D0C3072E87579C4718830FA7F914F2F32CA982851D98A9E
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\models\selection_prefs.py	Python script, ASCII text executable	8F1F5A8CD3D6480EBD74A77C7571579E	F24A6727E78905DBBB0837DC6E359E7E7C7A1622	D654B677A9DBACCAE35A046EC1D974E6D9C60A18ED0E28CA8C6E1709B9EE2E67
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\models\target_python.py	Python script, ASCII text executable	FA932A54E807EED1094AAA6EAEBC66ED	3BA88125621D049D45B8ECEB7BC88746FA453193	3CAF0632CD79A52506086D7C4604C69AFC6F604F3E33958A9EE765E028A44D83
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\models\wheel.py	Python script, ASCII text executable	A6457CAA2F9B57789BA5BF4ACDA438DB	F554C1E5F353EF8DCF9F1F04C443FFFED06B11F7	1537F355BE1621B7C87A1C61765015BC28A5FCC434F96E38A32379E9C13A3477
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\network\__init__.py	Python script, ASCII text executable	3893F116D94097C4AE72769A5F7C21F7	CC7B633895C11040D0B99E7D0575B1D031652035	8DFE93B799D5FFBCE401106B2A88C85C8B607A3BE87A054954A51B8406B92287
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\network\auth.py	Python script, ASCII text executable	1D848F1BA7996C79BD1738709A71DD68	4FADBFD80025340FA25762B992A6451CDDCBC793	9ED1FB923CB57FA388D0EF2CF119DCAA1CA3C2288D90C0A1255141F4F2273F4F
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\network\cache.py	Python script, ASCII text executable	A1FADCD457C594B4A8EA9AD3E5B6B134	D69434B07062F9F7F25AF246F26B9FFC4F5F70D8	EABA417EBAF3AFD49A072EFF00CD44507D6948562AD695C27ED32A93ED649104
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\network\download.py	Python script, ASCII text executable	C3AA17D3BA49F33D8861091B2621CCFB	10FDE1DC0BA84EB0503C3CFEBE039898FA68FD6B	99C9A35912853B074BEA78A2CF19B4002BFDB5D7F4E9339804AFF163897FDDCE
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\network\lazy_wheel.py	Python script, ASCII text executable	0D63CCA3EA8C5406018E1B60BC284722	8F2813974D65A3D1A78C4092FAA345A430A61446	A3C0C3E15A2826F649D927C1B190C8E22F3978E34221340A2F275F92536BA21D
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\network\session.py	Python script, ASCII text executable	1D3ABBAA092BA42F66A13DCE1BD191B4	FFC69BE2AEC804214F904B47430DCEAEB3E2B207	76838553595EA7A3231C14BF1F5015991CDCC04B3BCDC5DB26DB1FBBB5DC832D
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\network\utils.py	Python script, ASCII text executable	CA38055465BFAF4ED2208603D152596E	822CCA18B10B237F9FD97E3B0410E47DCC35C771	64F1E0EEEE8311C83612F20B21D3C40A7BCF2E9DB538F1F135599E5DF332FA7D
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\network\xmlrpc.py	Python script, ASCII text executable	2DDAFF28E7FC568DD7A3F171A9D16F27	964178FA3E822793E8C8C6071028CEB293C77B19	E069DA4012412B272EC964AD458522F77926BFBD17A28B4B7F13B2980B0FE123
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\operations\build\metadata.py	Python script, ASCII text executable	818AB3EA63F881230603E3CA03DAB6E5	CBF2873BC0F9BF45BB38ACDD664807A8838860CC	9577118679CDDBE7F8F5D60135FD7F34B90767EB3EE0E3D5EED08EC8926667DE
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\operations\build\metadata_legacy.py	Python script, ASCII text executable	3C71E77F39E9971C72D7440F522F2490	FA544C525B4CE27D8097AA913BAD34CDC36F20F6	560CC14E4F276883BCFBC37F89F11817B640C56503869856548695959D85A983
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\operations\build\wheel.py	Python script, ASCII text executable	C6F6D01A93DF4880CB41D8CB66F73F8C	9630AB948305AD60F42A7C6866B71FD8BA3C5590	61AD22F3FBB37ECB1D376BE8ACE57334961B0185532D49D266298215D3F817BC
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\operations\build\wheel_legacy.py	Python script, ASCII text executable	F3C5A51616532543729A47DD5A52AC31	EFA27F1917CFE9B0361DDF99D3685A6404A624ED	F429D3A5CDB9020BE5F4C9CC82B5671D4593949DEE9BC695E26F5D6C67461E2D
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\operations\check.py	Python script, ASCII text executable	45440C0883B1B8F32FBD0CBD417820F7	4BF0375F1C870939B64D4FB195A0801900D8F4F7	10F356710C9449CDFFA5AFFA369BFF988E6C5D9E73A91AE693433AED85620C86
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\operations\freeze.py	Python script, ASCII text executable	59F3CA9524CC49322954EF53DE4660A6	5DE09CC4701F659913CCFAB82C11E0EA3F6B5F09	DF99A736D51887061BFCB8A8A354711C4803EC4AA6DCA52A38E27A450413FFB6
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\operations\install\__init__.py	Python script, ASCII text executable	C6F771F71FE2E186FB048050F4D2E467	C72C58E6CD7763F27AC8041D54F6390149AFC48E	997EE1C83D863413B69851A8903437D2BFC65EFED8FCF2DDB71714BF5E387BEB
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\operations\install\editable_legacy.py	Python script, ASCII text executable	00254BA1D4CE35552F2F6C7F0B92D93A	F36FD91BA79388EF6D53772F2F7AC50E8D0627FA	AC9FF1B36AAD0D48E9636FA7E9E62557266236829B3AD65766B62B7272042EDE
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\operations\install\legacy.py	Python script, ASCII text executable	0B882C3FEFDFACB8AB9379F0670DC981	38D873D2158926886A30999B2CB654BC9FC77F12	CEEDC6C39E1D807B65BB25B99FC8F9A8A70049C89D41726FA81F1F6F4A0B07EE
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\operations\install\wheel.py	Python script, ASCII text executable	ECBAF0A960F61C7AC70BC6F73775731C	F86D4532DD76256605A8E717990111DD38149DD1	10D83F41B2DB067C1888FB75973148AD01AED90864102C4A9BDFDD4DA6B3E535
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\operations\prepare.py	Python script, ASCII text executable	ED86FE92089EFC5358DC23674467E240	707A635491F53D59052ACFE8DA68B25C3E9B211C	F8C29548C286629A89D32E9F6B582ADDE0EF48A851D192D7655973682FD354DA
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\pyproject.py	Python script, ASCII text executable	5877102CF2CEB5CF59BEC7A96CDBD3B6	1861E0C05AC42958BB2553B10982F7946BDB2BD9	0E8433BED3A1E7FC023E953C13E27720308E287BC9C3F48863F808F22878239F
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\req\__init__.py	Python script, ASCII text executable	9FD3C9D0ADF21DCC2926D10A0D523DE0	BF7DD92EA253E4704E8218E526373529AD2972C5	B3E139571C6AAA972CEF17D8E6063AF681E882C589E2C2DB9D4883A169A41CE5
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\req\constructors.py	Python script, ASCII text executable	73740CAAEEAD01B4B8B1D6CB22CFBE05	31E7C28283865D862B1A856F10FAF24B3B704087	D292F0F2AE64A332720147C53421C60B763569C415EC5C6E0FA7FE7D59AB38CA
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\req\req_file.py	Python script, ASCII text executable	4FF347FDE322EDD3E6D56A35A1B0A1A5	BF7DB70B20EC2B9F1D1033B2C4605894F82135EB	7FAD90171B33530375AB5E19FD867719D626F265027B65A80F4AFCB0379B4281
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\req\req_install.py	Python script, ASCII text executable	FED218D73712698966F3417CA8B1E1B5	89C666D1025F8D7DE0E2A40AA3B0DD74600D3F81	72226C7417F1983DE8C670B313B62003C3BB21070BC4328F961793A83BEEB0BF
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\req\req_set.py	Python script, ASCII text executable	AAEA27A26C9B4B3DDB91EC5D73B7794C	DCFAA31427865132D8941AB98DAFC49563227DE7	72C03B37855E946A5FFA8BF215045AC51F574DE024DA3F648991CEE92203C56D
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\req\req_tracker.py	Python script, ASCII text executable	11303D8B1E4ADDA98D3880F1E5D846CB	4D474C78D43AB949170FDEB0B40F5807D9DBFD77	7D59773E0977CA5D76AC5050202629CB74ADC56C43DE3E690D6AC7A3C4263FB8
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\req\req_uninstall.py	Python script, ASCII text executable	6B9F9853FDAC797DCB4476FFF2F84973	8980DA379790E8CBFA9F94582E20AAF97313F454	BEE4F7BD7DF369BDDDF0687EA75020A03869294D4FDCE572B82F1AFF9EC4B385
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\resolution\base.py	Python script, ASCII text executable	C8830BCF9424DBC881BAD43F5885B054	F42559590F2B387AD134C0A0A425D7094E236CEF	31E993432297895AED771B06CEE23B42A05DEC4934C0D1EF0A87B764B64EE3F0
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\resolution\legacy\resolver.py	Python script, ASCII text executable	93380ECFC6FFE6FAA27B6B5DE188E8D4	948D7D219AFCF3A7AE442626AA36E5F226B2ABCC	E1A2EF2D9B74FC13C72DA44E125F488C48736BD09989AF0F2C796F65F3143284
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\resolution\resolvelib\base.py	Python script, ASCII text executable	23345EFFAB9B1261A9952D0ED8BBEFD2	842410E9921AB517F0231AF9E07381DE558CF1C7	2B0F2D07D43B6D89493C86664786C6191AEE938494F62A39767CEC851551BC8E
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\resolution\resolvelib\candidates.py	Python script, ASCII text executable	7BAA28837BFCFFD2E9DF2715D8B3FBE1	75A2E584A68C39B78A13F7219C66D960529C91C7	1E5F8EF4306769CF93620BD47817304A1B2486D8BD16303DFB87AAB61D886085
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\resolution\resolvelib\factory.py	Python script, ASCII text executable	C7DBE4F7007B57FD10D1BFD3E86A2818	9206724888B4E71127249A6EE48996D16A088E2A	6DF4228E572D9626682410831C85CA44363F95F8DD67A84DA8221E15B880D5B4
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\resolution\resolvelib\found_candidates.py	Python script, ASCII text executable	158804BC5DF25EDEF5E4355361CBC0B4	3A18E150B465C74FC7BA71D168991B48C7DD351D	5EA5B5BAE7FEEA0B3FBBCCCE2D749638C799124F7F0E33CAF84F486950BF4ABF
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\resolution\resolvelib\provider.py	Python script, ASCII text executable	455EA0613A55BD19EE8A9189852A5787	E49E04998A8722995269266C12EC8133943A4DEE	6C54B5FB1515F4FCF50DE7EB0CD7C56929418CCEFCE5FB73A098BF7D76F37628
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\resolution\resolvelib\reporter.py	Python script, ASCII text executable	82C2B255D87A72AB482D9F7C3A2C111E	25C95AE318D5322ECBD6CBBF213C78DE5B55CB65	770E0ADB0D26EC7120C45177AFAD2FA13AC50C33F28412CDF2BCF0E1C4176A8A
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\resolution\resolvelib\requirements.py	Python script, ASCII text executable	0848B2CE3E6F03A9C622029E42964647	4B09276B9924A11B7BDD3F89B03EF5E51867737C	F4BA0345C1C06F4744F511162A90BFCDA9172A73699D01286F6E1BD8CBD6B33C
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\resolution\resolvelib\resolver.py	Python script, ASCII text executable	D47EBBF43D6B45C93E939F4F7F81D527	944482F7C578FB47B8883FADB43D13F243ACC1CB	21A8D5C64ACE6167D90EC1D40EED91D58EFDCAC546B80F32C1A1783882B631C5
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\self_outdated_check.py	Python script, ASCII text executable	6018B280EB00E833E33CEF0677C233FB	ADFAC65B00F903C43D4D12E8B379FB8D1B0A60A1	7153EE05A3FCF679BC41D7FFBD5757671C2DB7C79B9B8B4BF1F712B4F977754F
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\utils\appdirs.py	Python script, ASCII text executable	7A012F5B424654BB5958C2C84E4A233D	07EB05F2A535BECF41F7A36C6F8E3C066965C0FC	459CD41BE0648766FE9A25F40D2677BFBD37FFE6E02BEBF43DF5820A3C1513D8
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\utils\compat.py	Python script, ASCII text executable	6E484E4473246FD703CDE4C33E353524	16B42D259CD271C84D40B01A31656E2593290467	268495C6032657C6594F05EB3D11A0424D44CA898964CDE06FE9E8942C6C964A
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\utils\compatibility_tags.py	Python script, ASCII text executable	D73E2CAFA36B2DE888FBF65867A7F4DF	93FEB556A316701836A49A4B84F448D24A5CA64F	D9FAED528B38747787295DFC9E837FAECFEEF154DE872E1E331AB211856D66D6
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\utils\datetime.py	Python script, ASCII text executable	DE9363A76C05AA7F9FA8F26408021E53	966624E345CAEFD47D09D5951F676188C1EBB245	28BFAF21D194F49229181E4D6249B05D6907F86FF69AFBC0065991B68499B1AA
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\utils\deprecation.py	Python script, ASCII text executable	C6F60579AAB1E0AA265F79BDDADC471C	D07B640699069CA8476A44DD629441A5885AA234	A419CDA20A00E14193C5AFC90E73D7051458A4A31B1310215E9070030925381B
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\utils\direct_url_helpers.py	Python script, ASCII text executable	FDB46585E66D7E2E24E416DB46D665EC	FDC6D45B595DF6855E1DE3662CA9591D5A9071A3	43473ECF48AE431FC3D4579196EEE7643E61DA7B78412A30DB7076E8F42BA74B
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\utils\distutils_args.py	Python script, ASCII text executable	3867518AEDA9563B12FFDC4EEA409ACB	AD80BC96C519DBAC6A9D13D3DA1871E6C2B2CB46	6B9EA66E537193D04689F6E91044C6EB59A606BAA18ED8D1909E07627FA83841
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\utils\encoding.py	Python script, ASCII text executable	970DEAB94324BD34C234B32A8F331D9F	F80DEEB140E94CC2ACD706FE4F078110A6760ADE	E77A771F7EB0738F5DCABD0482D05B74776F1F80EBF84825D3373F274B307AA7
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\utils\entrypoints.py	Python script, ASCII text executable	EAF26AFF730936DA973E66309E7B65E4	C5A9CAB2A36C1DC843D2B4B1E7D453E612FBECF6	CAF8B35DDAC878AE38388F89D980487288DFAD7C463BDA1EF090B106F31DC489
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\utils\filesystem.py	Python script, ASCII text executable	6FD14CF50C9640D63132BFDCBA580FB4	5F1186C19ABB5BF45F994FF3004596B024617569	F9F5375ED7820082707FFF45BC2654EEF872C2FB779EE7FF72A902770832D58F
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\utils\filetypes.py	Python script, ASCII text executable	2E224A043405D66E7ADACF98B234B1E9	65D663D912AA726FAF433FD6EC7BE93DBC7098A6	42F6A02F4566E2D319FEAC85AA8A595A96831C433743A172177E6F7CE63E0898
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\utils\glibc.py	Python script, ASCII text executable	AAB0C65199508E62A90DEFAEDD9E65F0	CB4568BECAF70D38A0848B5CA292DB3EC42FD007	2CE78D1A06B008A4BEE247BD7E28BBF1FC170FBDDDB4D6AFDEEC73D417FE01BF
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\utils\hashes.py	Python script, ASCII text executable	D0D408160E268ABB53C07094F574DA1C	52FF88574AA78FACAC67C058FE5AAE13AB4A2AE4	C9D1465610E4D0D8F62726932B350745EE620676E0878286F8716D5DBAFFC66A
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\utils\inject_securetransport.py	Python script, ASCII text executable	FF4216EFE79AA69DC4E6C5EB89A265F8	FEF973603975B37924E99768CC7375EDCF4CCDE9	335ED9945558EBA02981E01256328A2CA373D0B01F93E4B25341D9E1907A3262
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\utils\logging.py	Python script, ASCII text executable	32FA2E11CBDD43906FEB7927B68486BF	83500560B33ABD162D9DFB3E61300AB0E1DCCC8D	6087EE0D412499D9FD708450FC473CAE05ECD66E673B00C40AD66A3380811F95
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\utils\misc.py	Python script, ASCII text executable	645FAF0B6B3E16EA95462A95E556ECCC	6227F063974376936B81996C28DFE917770B05BF	8FE5D7763A62EC1B9856541E8290126C0958B2A8759FB3DD792848111E0CFC8C
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\utils\models.py	Python script, ASCII text executable	2C75D0B2465FF59ADE6047DF9FFDA9BD	ECABD954DA6ED45D4144EF039D07471A0C742244	1EA88156D4DB5BF6FF526BE3D9F8E10D6387A3644A84FC12CF8880624419EBCF
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\utils\packaging.py	Python script, ASCII text executable	E9FA9B538E80DE5E1A7C9D074BFBEDD0	D87A00E98E2B1CFD76E4FC659A6DFDE6F891252A	28E2F1DF41176686C7293680F2484B36A10C6FDF3A0DE6827200E16476B0E916
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\utils\parallel.py	Python script, ASCII text executable	0CA606A23CA02B7DB6F4BDAC3613A554	BC21F021765D1839124B78D78A42BA5D2513FAFE	77AC095961E73CE7303B8A722FBA6FD3C0C6DE5FF962D1F32017611E12377A9C
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\utils\pkg_resources.py	Python script, ASCII text executable	3DBA90D2B58D47618516E8D60255D820	ADD0B2D87A4A254135A07B5FCB5E086BD296E90B	657FA4ED5E6AFDA356C83B1EF769CDEE8ACDD5A0A944BB1AC73A64059D572B35
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\utils\setuptools_build.py	Python script, ASCII text executable	7DE3C54DA5799858FD58D22A6A8C0C90	87C667CC9AA576A9E0EA48BFF5201D44A4C5E44A	1352ACC08EF07CD9C20C4E51E86F1CF596C1C84369BBB36AA1C8D8DBA3C2403C
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\utils\subprocess.py	Python script, ASCII text executable	54FC7226D6F57DF374D61741AD5F6757	AF82EFAC348651797E3074E7D52C4A3FEE7AC2B4	B23748DFED2C17BFEAAA43D737AB0D1D856D68DDF82E8A0B2F2E641A278364DE
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\utils\temp_dir.py	Python script, ASCII text executable	EDB607649A299FCC2665BD6937999857	39566A1AAB908E540F0B82F02665B5AAA9E206B2	726169608FF954379752C1AF89AF6350D87C5C429762FA469488BF8AAD8C4555
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\utils\typing.py	Python script, ASCII text executable	10BE07B380BDBCED18223A10C9A7FC06	6804B42CF7172FFE3EBBD41295FC8E67B9934A4E	C6463039E1E57F8CEC1D70430B8DF5D07B44AB08507185C53EADA1DF94DCAE5D
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\utils\unpacking.py	Python script, ASCII text executable	22DB2CA7D393100A3D65918F306C4926	FFF0611877A6E054EA52FD29F5CA0B37643F2484	60501C921AAABE67A103C29A9F9BDDDDBD6437FF5369FAA63A4E1BFB2CF87E1A
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\utils\urls.py	Python script, ASCII text executable	4426F89EC41A4572E08790E93BF07E51	553F984CAE7339B961AC252BC2E80060D5AC6903	AB6AF0D643228A283F5D9728C894AC58C250A98C3EDB0526ACCA124F89825BF2
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\utils\virtualenv.py	Python script, ASCII text executable	CD999B93461FCB5BD50F3978F40E1B89	F2B1473EFAB6597D274E71F043CBF6F1FD290F4A	7CD1AB469FBC42634BE4ECD76A305DFB3ECF6F03ACC755D8E86F8054C0217ECA
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\utils\wheel.py	Python script, ASCII text executable	F6DE95998B05F59B8915856798E0E964	A30FBB4DDBCCFB5E2AA48A2C9BA63C3367070E41	C05CE7DE1F06A98BE0B3258F66D5329F445BDCC2739ADC8FDE8C0C3A12A798BD
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\vcs\__init__.py	Python script, ASCII text executable	52034A6AAE27C9944A7E57D2B2AA175A	3DBC097FAC541167927C453596D6ED6B37AC24CE	BE2271251A9113F99549CBA6F396E04085C077AA34A3316DD7C5690BEA8826B3
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\vcs\bazaar.py	Python script, ASCII text executable	560C08149DA1A1EF8D0190F561405D81	501C86F43BCD3FFDC2921173365F1CEAE20ED4B1	26B4AF5AA41856BFE3410CE2EAD5CA8167687E3E3913C23C8EDED4C21D5568E4
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\vcs\git.py	Python script, ASCII text executable	06724EE5DE3F778B250E4D8FCF518E63	6339BF99FB9BD23139FE018E64C1989D22B682DA	D02C17420FADC0F913DC792E5EA6CEBA7FF464550442FD04F015FBEA4E333540
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\vcs\mercurial.py	Python script, ASCII text executable	B68A61C7626AA1FF15F00A79B25CF672	ED1F0E45D3BBD0EA6244A75F5FE7929AF639FBD1	173086998CD566F07EBF233BDDF29C424D81E2330D5C69D7950D9B27B9E68253
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\vcs\subversion.py	Python script, ASCII text executable	FD2A8EBCD2DE396F2CCAE9B34724CBBF	8B3CDDEDB2FFAB54B0A75A7B14BD5FD2C17F8AD1	F27DA643EA9DBBB7FC2AE2EDDF20C74D0049BBB23555F3BD0924CC722A2E7B31
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\vcs\versioncontrol.py	Python script, ASCII text executable	B9C838597B559514C78FF570509EBCD0	4577849BA825D5223BD2077713C37FBCE356650E	FAFF93D5F83E652A8BA0ECC8B60515AE5E94F7A25938470D9DE6BA133F1583AD
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_internal\wheel_builder.py	Python script, ASCII text executable	725D4E445C08901BE6E8275CE28730CA	3447D55050E213885FEB4FD6F37425CAF809B9ED	B0BBBC26BCD1259D4A07BF3B9B931F7239EA69D37BBF31BA02511044239565A1
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_vendor\__init__.py	Python script, ASCII text executable	3C4B100BB2D81CD4461172902E28A3E5	266CC7878BFD922AAE495FA44F5BB43A92BD6C4A	4DF71BB1E93FAE915958C9D8A7ABF31A9587B268B004660E9889D45F5346269E
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_vendor\appdirs.py	Python script, UTF-8 Unicode text executable	C8FEDC011ACED38EE2CC3052E7519006	1693D7AA279C4E1258603C266DA1F133B27D0BF1	33A218449B5D6609923C25C248C051074553DCFF0C7456D60836D22EB07611B8
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_vendor\cachecontrol\__init__.py	Python script, ASCII text executable	E3E73EB5E363077400B40F43003A708A	2A5C6764B7FD4E2AA82C51BDBFC216847CF01F07	A49B40694C4EB0C3E7CAD2350378EE009917603AFC92B7529EC838620DCE0448
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_vendor\cachecontrol\_cmd.py	Python script, ASCII text executable	BC0ADEA2769C743D6F88F2259900D124	6B9C4A06AEC0D5AEAA6FBE2B56012EEFFA5DDF60	511184D0AAC0F3B41E9021B74863DAB6548F4F9EF57594C38CD6BE6575F7A437
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_vendor\cachecontrol\adapter.py	Python script, ASCII text executable	3CBAF21152505DD76417624B17890655	B512AC5B2EFA139ED91A0908F6115A50C470B44C	B12C1A49877DDC821F085538B4E3204A8E9BD8B0ADFE0052690523F24B4914E0
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_vendor\cachecontrol\cache.py	Python script, ASCII text executable	4F8FB4E0C5A2DFECED775161D9D1093E	3926A34BADF2B409A322FAE8A8732DFB57F689F4	D5F738C093FC1D8B75C9C9C95DE130E690A97812F60AAC71EA0F456F40180D64
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_vendor\cachecontrol\caches\__init__.py	Python script, ASCII text executable	D701625642C107D45585A59770E2EAB5	1A86DF17C7C2D28865BBB89F804BA70E8BA22869	FA01CD298BDA783D243A4E4CEF878EAEC4A020A52D0BA8BA19F6E6BA01B0784A
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_vendor\cachecontrol\caches\file_cache.py	Python script, ASCII text executable	52F2DFCB0252B36CC64A980F6F17CB49	F86F2161F9D70E870DC4A0428EEC7AD0FD8D2336	9D854AB09B5787A8095EF767D625B2AE1C6F930A50ACAF9E2A8311CEE8B090A9
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_vendor\cachecontrol\caches\redis_cache.py	Python script, ASCII text executable	3908DF2A953761687424BF13A0646993	76797756618215A069ABBF6821A448404CDA2EE0	1F17A5329342A3E758AF67E2243C0CDE1861466C5462D079B579B51A90004F86
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_vendor\cachecontrol\compat.py	Python script, ASCII text executable	79816562EAA066C6A62B1EC796100E27	E6F4464622B4378B394BF497F04AFD373E2DD994	90736F31176DEACFD7C2AABFF6A266AFDA2EDF060C38C50CC4F3DCC0DC53F0C7
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_vendor\cachecontrol\controller.py	Python script, ASCII text executable	4AD4B9741324E27BB944D9E9F7C0BE39	557FCCE4E2DB89CC7BF77310514C4E7555C98E9A	096117DE979D20CF6CEB4B2E7F8CD93ED9BF26F5609EFA203062BF3A2046E45F
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_vendor\cachecontrol\filewrapper.py	Python script, ASCII text executable	B9AD2B26822F199F30A96FD03EDABD4E	C01F5F2C08EF189E53F06974DA14AC24DACFD423	BC008A3BC2E5CEEFD95B28D5D45C67D4C0384C653AD0DE4DDC64AB0057406364
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_vendor\cachecontrol\heuristics.py	Python script, ASCII text executable	D8978A4C3CEE99FD30F03F8B6C5300B7	5A4CD0465EBB9168E80DDD6BD7DABC8A8A7C48D2	045187277C90731BD98B37E8F742CB674E13FD9E574825EF168B6BA7B52CD2C7
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_vendor\cachecontrol\serialize.py	Python script, ASCII text executable	E8486E48B081348A4265286695B289DA	852D73ECA5E3DCB062F8F7D019FBA7A6135B2C17	BC86B88EFAB8C7F29238B74421E7689275F669760742E8CB0C5578F85DB50E7A
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_vendor\cachecontrol\wrapper.py	Python script, ASCII text executable	C08B34AF68D7BC55FFB6C7B07B21B2D7	7CB313EE19C80C927F4CDC26F1C776AF3A15B57E	E4B5F4B89C2435052D612130DDA1A61AEF5663CC068A977CD6627C946D1DD0CE
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_vendor\certifi\__init__.py	Python script, ASCII text executable	1851170953B61D0A5BC9CD4E44E6372E	C49F24EB06DB92C5B7301AECAF43202DDFA2C083	4E87017C7AEA02440AF755B98CD621447F0A2A2CF19245D9064EBC0D31E3D31A
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_vendor\certifi\__main__.py	Python script, ASCII text executable	49689CF432641C277156F1B5E119BB03	94DE655E7E05B44B77EFBB710287FE7AC57BFE4E	D64DC2AFDE6F0B1C464460E58EB5B7C0C76965D2F73617F4BB59FE936A9DB026
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_vendor\certifi\cacert.pem	ASCII text	712A0C9E3337EDC7F4C6C36A67727866	CD0CC7F28F7C8AEFEA6F54F392C7BD68ACACF572	53B8854F8FE7FBB5C27C7A5CF08E3A69DE641EE1AF0D279D95AD9F75B428414A
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_vendor\certifi\core.py	Python script, ASCII text executable	6AE9A410D9F4667F3FBE9C709E1450E3	674487C99994C6AA22C18503E9C4E6573B239903	8C1AF02845A91B420A72EA332B4050D871C6A7C69D5C03B204F0BB75D811EAF3
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_vendor\chardet\__init__.py	Python script, ASCII text executable	66D403014476318BB79B3C4A49898CDC	554BB2883B2AEF7451D569B80BFC5597FCE0735A	62C3F9C1096C1C9D9AB85D516497F2A624AB080EFF6D08919B7112FCD23BEBE6
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_vendor\chardet\big5freq.py	ASCII text	14C69F7CCF62A473CAF8D24A85302168	4028BD63B9EB6C3225FC61B7E8733528EE80FD87	0FFCCAE46CB3A15B117ACD0790B2738A5B45417D1B2822CEAC57BDFF10EF3BFF
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_vendor\chardet\big5prober.py	Python script, ASCII text executable	1A45BD1F7CE22E30EEC32D870AB02E44	5297DF2758B6BE575459E08565B07382EB6D52ED	901C476DD7AD0693DEEF1AE56FE7BDF748A8B7AE20FDE1922DDDF6941EFF8773
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_vendor\chardet\chardistribution.py	Python script, ASCII text executable	1348267FC095CAE77B3F24A48DD6ED06	DB44178E9A4908F7256C85A75A7374FB57BF868F	DF0A164BAD8AAC6A282B2AB3E334129E315B2696BA57B834D9D68089B4F0725F
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_vendor\chardet\charsetgroupprober.py	Python script, ASCII text executable	56D216283F72ADAB9B18F27EE3AD5732	8AE03D53E3875F7F73F292C120D720C6AE496214	E9B0EEF1822246E49C5F871AF4881BD14EBD4C0D8F1975C37A3E82738FFD90EE
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_vendor\chardet\charsetprober.py	Python script, ASCII text executable	A257430E4394E805107C519BA417C3D4	4CAC3F02D5FDAA8776B49966206247ACD3BD151E	2929B0244AE3CA9CA3D1B459982E45E5E33B73C61080B6088D95E29ED64DB2D8
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_vendor\chardet\codingstatemachine.py	Python script, ASCII text executable	33C5E712BAD7523F996BFA09D85EB5BF	3E2B59C552B7E985F2EFEE068ABA34A0C7938409	558A7FE9CCB2922E6C1E05C34999D75B8AB5A1E94773772EF40C904D7EEEBA0F
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_vendor\chardet\compat.py	ASCII text	438E10616469DA04E9BD42F257A00ADF	FA159FDDDFC0F2FF1438778EF6712D89144C382F	3CA4F31E449BB5B1C3A92F4FCAE8CC6D7EF8AB56BC98CA5E4130D5B10859311C
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_vendor\chardet\cp949prober.py	Python script, ASCII text executable	EAC9F36E937956F46F3E4C37F9CD7D76	5E1E40B592AB5BADAEBEE6D1CB845F34475BBEED	4D9E37E105FCCF306C9D4BCBFFCC26E004154D9D9992A10440BFE5370F5FF68C
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_vendor\chardet\enums.py	Python script, ASCII text executable	754EAD831ACB9BA0C2E768243ADA5DA2	2EAF9CADC33CD208A4A0378158A07FEA397F6A91	0229B075BF5AB357492996853541F63A158854155DE9990927F58AE6C358F1C5
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_vendor\chardet\escprober.py	Python script, ASCII text executable	A43AE497CCD0D98F53E4F2E7EF5250E2	3F5C243F912E8E14DF288F356403A5D920159B3E	924CAA560D58C370C8380309D9B765C9081415086E1C05BC7541AC913A0D5927
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_vendor\chardet\escsm.py	Python script, ASCII text executable	9C3BAAFEFA516EA1EEFCB03593C8CB1D	B6AE3D309926B691E6E8BE5DF7E9EC7E22DDAF62	46E5E580DBD32036AB9DDBE594D0A4E56641229742C50D2471DF4402EC5487CE
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_vendor\chardet\eucjpprober.py	Python script, ASCII text executable	7FCBC25522B5FB00AD88D12E86022F16	F583D01EA725D06785A47BE5AA47A9586CB4E843	883F09769D084918E08E254DEDFD1EF3119E409E46336A1E675740F276D2794C
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_vendor\chardet\euckrfreq.py	ASCII text	FC74D266C33CB05F1ECD53EC517EC462	F92F0B57596EC180FB1505D3B3B966F07D61DFAA	FBB19D9AF8167B3E3E78EE12B97A5AEED0620E2E6F45743C5AF74503355A49FA
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_vendor\chardet\euckrprober.py	Python script, ASCII text executable	35C9C358A1F2554B15382675B680CB38	17A570BA185BF5BAC0B670932D3EA74376E19F7B	32A14C4D05F15B81DBCC8A59F652831C1DC637C48FE328877A74E67FC83F3F16
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_vendor\chardet\euctwfreq.py	ASCII text	F22F9B84302F594271169463DF2C2ADC	1FE6190636462E94488B056A56770C84D48F3370	368D56C9DB853A00795484D403B3CBC82E6825137347231B07168A235975E8C0
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_vendor\chardet\euctwprober.py	Python script, ASCII text executable	BA6A1374A470177EC21C4E1528E23F5B	F6ECD5D34962A5B81B71BDC40B140D553A0C120E	D77A7A10FE3245AC6A9CFE221EDC47389E91DB3C47AB5FE6F214D18F3559F797
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_vendor\chardet\gb2312freq.py	ASCII text	855D0A3B3FE3F931EB7D4A3F77E9F349	BF8051DEF4AF0BF4B04AD3C997A64A356D2EFECB	257F25B3078A2E69C2C2693C507110B0B824AFFACFFE411BBE2BC2E2A3CEAE57
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_vendor\chardet\gb2312prober.py	Python script, ASCII text executable	E9B4EABD5CDA31D434F10B7299B4B47E	BC2518F812EEF5713556D847B933230C00BB22D4	806BC85A2F568438C4FB14171EF348CAB9CBBC46CC01883251267AE4751FCA5C
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_vendor\chardet\hebrewprober.py	Python script, ASCII text executable	EE487DF69E219E2AF034E50ED27F6E99	07093CA2075F52D3D07B399A52F4A7491928FB1C	737499F8AEE1BF2CC663A251019C4983027FB144BD93459892F318D34601605A
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_vendor\chardet\jisfreq.py	ASCII text	34BE526E85A890AF4C0C38DF38D56B71	12A38AC0C60C3F5A8756A9E03EE74A22C9B481C0	BE9989BF606ED09F209CC5513C730579F4D1BE8FE16B59ABC8B8A0F0207080E8
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_vendor\chardet\jpcntx.py	ASCII text	09BDB0C4F23A05CFEEB4F498F8B19D96	B6332D34D3820C06E07EB31AB68A22B5365882AA	3D894DA915104FC2CCDDC4F91661C63F48A2B1C1654D6103F763002EF06E9E0A
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_vendor\chardet\langbulgarianmodel.py	ASCII text	528A1E5C2D868348278B142807A4606E	54BB0D1B4646C423489845BFC34693C38BB76861	D47A904BD3DBB678F5C508318AD24CBF0F17EA42ABE4EA1C90D09959F110ACF1
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_vendor\chardet\langcyrillicmodel.py	ASCII text	BA576B5CEF6244553D4AE3A5A517FADA	21E70D7FEFD49E5013AA1CA507E135E27A9A60B2	2CE0DA8EFB1EB47F3BC980C340A0360942D7507F3BB48DB6DDD85F8E1F59C7D7
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_vendor\chardet\langgreekmodel.py	ASCII text	2F544628C587CAEEA5A073F62FE22E9A	FC99EEC2B4D6A416C42F34362C611A0C1F786076	F18016EDB53C6304896A9D2420949B3CCC35044AB31A35B3A9CA9FD168142800
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_vendor\chardet\langhebrewmodel.py	ASCII text	081B896B0E5F58284332EB083B57C23D	A99379F8B40694A970903457C49309A5A5CFFE0C	2529EA984E44EB6B432D33D3BCBA50B20E6038C3B83DB75646F57B02F91CD070
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_vendor\chardet\langhungarianmodel.py	ASCII text	116441345B6DEA1860A612640E5D4076	405782037A416D6A7FF4972183CDD39BBE16EA87	4616A96121B997465A3BE555E056A7E6C5B4591190AA1C0133AD72C77CB1C8E0
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_vendor\chardet\langthaimodel.py	ASCII text	A16667682BBDEC52F9D85E053D37FB01	0EE25220185C3E718F5D1982A7575FCC112FA358	F25D35EF71AEFD6E86F26C6640E4C417896CD98744EC5C567F74244B11065C94
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_vendor\chardet\langturkishmodel.py	UTF-8 Unicode text	3985287461AC7F5C1DC00F0A3E9B3B9B	ECE51C3B4F64E6D6F15F4E8A6546EE81C8214853	5B6D9E44D26CA88EAE5807F05D22955969C27AB62AAC8F1D6504E6FCCD254459
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_vendor\chardet\latin1prober.py	Python script, ASCII text executable	4EC6FE5DA8DDBED7AA355DF81BD0E6AF	18AAFA5D34C519C51823A7A4737DD07F79E11DB9	4B6228391845937F451053A54855AD815C9B4623FA87B0652E574755C94D914F
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_vendor\chardet\mbcharsetprober.py	Python script, ASCII text executable	D7BB9DEC5E8045651A957E956E6CFDC7	EEB555BEF8B05F40C0AA6D81BF2B323B875FC653	011F797851FDBEEA927EF2D064DF8BE628DE6B6E4D3810A85EAC3CB393BDC4B4
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_vendor\chardet\mbcsgroupprober.py	Python script, ASCII text executable	D11B219F9A5CC6B48D492BEB69C3D9C3	9E6D7D608F78DD6AE8D09BFC9D46E41C7F287BB1	87A4D19E762AD8EC46D56743E493B2C5C755A67EDD1B4ABEBC1F275ABE666E1E
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_vendor\chardet\mbcssm.py	Python script, ASCII text executable	3084C6E597BB859E0CDF091E046C9D5E	0501C978D8B4BDB0883F06F604139896AA3634BD	498DF6C15205DC7CDC8D8DC1684B29CBD99EB5B3522B120807444A3E7EED8E92
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_vendor\contextlib2.py	Python script, ASCII text executable	00407811E6F321118293D04865E77E53	3851B85E2B32D9CCE2BBF9F367EDBEC398BCCBD1	E478C67E5533C160147DC20B852982D86AAFA1875967317355F203CED1E2814B
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_vendor\distro.py	Python script, ASCII text executable	B1D8798EDDF25C72E263504CBD24D3ED	2B28799A495CB4599FD0EEFE7C988B642F1ADACC	C713088766B72A68A9A5E5841F3CA74DD1D3DFF8D9334A3EA68B3474058944E3
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_vendor\ipaddress.py	Python script, ASCII text executable	F3B2FF173EA49101D75F8FB0CB230054	9016098CD1D7D1CF5B6FA1A5B954F205368EDAC7	FB4466BAB237D5780068DDB45828B4CEB72EA1AB7DD27340EF4FFAC86971D8F5
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_vendor\pyparsing.py	Python script, UTF-8 Unicode text executable	6D253DDA76B61466E1DFD53DD99D8EE0	D6247DC94C399ADDF824220368994504C47E1D00	2756F8CF74BF2B0C895BB84A1A7A0DFA15D6F6980C23320FE904E1C98E7226AE
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_vendor\retrying.py	Python script, ASCII text executable	CBD5A04C5A86C6EF24044016598226B6	3CF2CDEED9C6FBA5C6B373FBE2C9F2FB13845516	9377DF95FE7F326D17708258841ED38F7E1BA8208F8540E461BC7536F5B614F1
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_vendor\six.py	Python script, ASCII text executable	6FC5317A32D2603139A0229C1876FFDF	0DFEC0D1D49F12B6B529D6ED1827D9BB00E30C34	53867FCAFE77E16E423728D8F62F15D4E5D8D928C09F2F32D8BE6F0CB8614E13
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pip\_vendor\vendor.txt	ASCII text	CEE69F6A3F761CB3A5C36E662B4424A2	370119BE8341A74DA25F1D791248C866328F2D9B	32A627D3CCC4BE1EC80271493A0CCD7333F83C4973A49A37B57E458F840E6398
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pythoncom.py	magic text file for file(1) cmd, ASCII text	21536E5C77D37B70A33376BB03551CFD	6C417DAA1FED5C52F6DFD9B002351A3A64B03781	08246CBB09A1E229E8BAAAA6F86070CB229FBCFC2A83B517B51D5ED412C4CE81
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pywin32.pth	ASCII text	322BF8D4899FB978D3FAC34DE1E476BB	467808263E26B4349A1FAF6177B007967FBC6693	4F67FF92AF0EA38BF18AC308EFD976F781D84E56F579C603ED1E8F0C69A17F8D
C:\Program Files (x86)\WinSoft Update Service\Lib\site-packages\pywin32.version.txt	ASCII text, with CRLF line terminators	CDE46522D7B9A40AC01F9361ACD4A90D	BB8AAAC8611A3FA9FF4967877047846F11B680B8	791F66B6A07D13AF8AF2F243438E6A14BC0C8446987BB603255786E361DCF2F5
C:\Program Files (x86)\WinSoft Update Service\_asyncio.pyd	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	1892DB696D94926AA0F13874F33F3637	3474F9E3CADE53FDFC29D755357E554A5A15E0C2	6C31E51A193E689297470F00A6F6B10285426828FEE300F78BDC283B921F6059
C:\Program Files (x86)\WinSoft Update Service\_bz2.pyd	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	1C52BA084A3723940C0778AB5186893A	5150A800F217562490E25DD74D9EEAD992E10B2D	CB008E0A6C65DDB5F20AB96E65285DEE874468DF203FAEAFCA5E9B4A9F2918DC
C:\Program Files (x86)\WinSoft Update Service\_ctypes.pyd	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	10861D3FA19D7DC3B41EB6F837340782	B258D223B444AB994EC2FEC95ACAA9F82DC3938C	6255BAB0B7F3E2209A9C8B89A3E1EC1BBC7A29849A18E70C0CF582A63C90BED1
C:\Program Files (x86)\WinSoft Update Service\_decimal.pyd	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	5596249B64C074374EAA1D4084E336C3	3748F6FF018C50913379B562E776F739E2A25A1F	673BD4CACF3B5F8DA67C9C84E03E238961CA98683483DE78D0A6410200F7ABA6
C:\Program Files (x86)\WinSoft Update Service\_elementtree.pyd	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	390552274C5F71C7EBD1F343BB74446C	E6285B1B7BB06126F9E61791175FACCA21C03FEC	D6C7EA93CDEFE1973239A3DEC0F49A1027E943F1DE07E21FF378978CC6A438BC
C:\Program Files (x86)\WinSoft Update Service\_hashlib.pyd	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	4F51ED287BBAE386090A9BCC3531B2B8	26BD991AE8C86B6535BB618C2D20069F6D98E446	5B6DA4B43C258B459159C4FBC7AD3521B387C377C058FE77AD74BA000606D72E
C:\Program Files (x86)\WinSoft Update Service\_lzma.pyd	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	F91A9F1F2EFEE2F5DBAE42EA5D5D7153	2575CC77B51CB080FCEED9810A9F4B2903AE1384	1F82BB06C79B6B392C92CAD87FFA736377FA25CD6D10DA8D61441D42C0D0101E
C:\Program Files (x86)\WinSoft Update Service\_msi.pyd	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	9D4753FB6BA3AE705F26DEDAB20208D5	E735D7956BE0C653574FFA6B58924FB417699884	9213BB4B368C9EF1D8A618086740D291C53D3FE6E961CD0CBE46EF9D31F18710
C:\Program Files (x86)\WinSoft Update Service\_multiprocessing.pyd	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	05AB494CF791A50E4F8D2FFE1D3E1F3C	BB10CB1547CA996575000424026D88D095CB14B4	4959342924E22B6A16EBC5C1ED39552E981515401EDA770E4AC87FD12ACF53F8
C:\Program Files (x86)\WinSoft Update Service\_overlapped.pyd	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	62F83812C33085D76D4A5D256EAAD5E8	1B5EE31498B5EBC70C1C725D20601E69770B7803	9BF024DD389D88F3C6FB0E740AE123EF0E871730F1093705AB108A2D959E76F2
C:\Program Files (x86)\WinSoft Update Service\_queue.pyd	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	234F63AE981F5A8E87DBABDA8CEEA32A	528EA2CF3D7622AA9BF9C038C91DF4E369C9924A	3E1304AFDCD900748F62D15F93005E65457B9466454E322D065852603C510AC8
C:\Program Files (x86)\WinSoft Update Service\_socket.pyd	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	B3AF79BBFD7D5C5285660819792A3A9C	1FA470B280AB5751889EAA7BDB7BA37FF1270A06	EB6132B253C40D7C3E00B2BBB392A1573075F8BBC0B2D59E2B077D2CFE8B028C
C:\Program Files (x86)\WinSoft Update Service\_sqlite3.pyd	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	218DA11C9B2295D5C645ECB7629CD44D	0E3337A9D9AC67D214F7C2067B21002A8A3D158D	5987B2FCCA0698710F3572F222A6AEF3EFD9A6A32C002A11DD33C816BD9B58D8
C:\Program Files (x86)\WinSoft Update Service\_ssl.pyd	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	2825BAE93CD459D835B74892C9BD80DB	C7AB0C88489E5EB8E920EBC9871C969768BD4739	AF4379FDC8BD41F7A8A4B509DE949202CCDB5E4825797D7A5DDDD5E77671382C
C:\Program Files (x86)\WinSoft Update Service\_tkinter.pyd	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	D8BEF3883F3E58C6257C43B059F652B0	50AA092861B518FEC5EFFE3D1D3FD37FDD2CEB9E	80BFB1A85F5DE28B084DEC0A6FF3B89C90FE68979E863ED0C52397C77B6E6A20
C:\Program Files (x86)\WinSoft Update Service\api-ms-win-core-console-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	E33715B9DE1A50976A856333063213F7	1E5CB780E1438B5AC54F9DF537D5178F136AB34D	08338379C7C353CD383C89E383A53C714943AAF8D455232EA466D568110477B2
C:\Program Files (x86)\WinSoft Update Service\api-ms-win-core-datetime-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	4E980EE831C4A37D39D68F7C4A2E52D0	680B482656924DF760C724647322BA83494EA6CE	23DE107AAB8EA386A1ED1E0BFF84F5E20146C5F1FE608BA34E7C905725F4394D
C:\Program Files (x86)\WinSoft Update Service\api-ms-win-core-debug-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	014B7858940FBD56C4DDF47BFD014BFA	78FDA2FEC2BD742D1A71E3B51DE75AF183641793	759D46DFBA283DCC604FD8DBABDC8477277D471C0730270CBEC52AF0CB615017
C:\Program Files (x86)\WinSoft Update Service\api-ms-win-core-errorhandling-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	A6E015AD176DCB379335DDB54D165F7E	DFDA593AA112CB08188EF88C7FD75E6A143BD7C1	376E175984D6EB03BBB4695DF347A4410FFC573BB6FB5EF8CA3BF160F53C0AFA
C:\Program Files (x86)\WinSoft Update Service\api-ms-win-core-file-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	9BEBF5E9049909662ECDD447A3B80232	8DE896787D7E17AE22B0B8A1CCD05ABA84A1CAB2	DA7058EAAB2466909A06D90B2F0523484333E1E505639ABEA29E9983A659A27E
C:\Program Files (x86)\WinSoft Update Service\api-ms-win-core-file-l1-2-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	04C39B760247C6EED86854F657833347	9490B9DCD3F91B06FA7F3028DC5DF5B4A22D4FBC	F56B749C01CC82118FFE538674DF22A1F4EF7A07E94E559D25F55CE104E7B095
C:\Program Files (x86)\WinSoft Update Service\api-ms-win-core-file-l2-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	8403E7B9EC4B0C4F6C9BF0EC93687C77	7581E7D872EC9C00F33BDAC9690E55096DB30172	A8B79E230A81102735996500DD00D34BFA77955C11D87C0F9C967EC85003E116
C:\Program Files (x86)\WinSoft Update Service\api-ms-win-core-handle-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	D37696B67EF1316CEF238542BFD7FB9A	B2463165AD35EB739DA021889253A9D78585B598	01DABF204E1349AAD1A04A6A70685F739DEABE5C022B26E184C1622F160A138D
C:\Program Files (x86)\WinSoft Update Service\api-ms-win-core-heap-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	F40ABA6CFCCC038B547BDC5F18A9DA67	555A1C76E6E41520093201E7394E68EBBDD62D8B	3F567BE8A2B5D27E333BF328F10058BD8C21D7CEA453777A63A1C27A0BF0C7E7
C:\Program Files (x86)\WinSoft Update Service\api-ms-win-core-interlocked-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	213C3721235456B85D5F4EFD825F5A4F	B0AEA277F1EA549AC6778436FDCAD9EE2BDDA442	51B8BE1B4BD374A1EC7849E4723285D4662F4BBA7F2609DA63178B94D7A1D286
C:\Program Files (x86)\WinSoft Update Service\api-ms-win-core-libraryloader-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	22E6BFE28C28C0641346F7A325EE2D35	CF0EE5942B9EB9BF18D6CC580201C3D4CC7ACB31	D6B5F42E412227FD40BA753CB9B647564E43E49B0CA76D711EE1F36AF43B89D0
C:\Program Files (x86)\WinSoft Update Service\api-ms-win-core-localization-l1-2-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	2E2C78125C66CDE5859559F5E6167034	F00E9CDD8DA93106FB3BC060E64C643E2274A598	9BF2BFF3ADCB1FB5707794B18320D7113F45446DD505EEE43ABBF8835CD73A44
C:\Program Files (x86)\WinSoft Update Service\api-ms-win-core-memory-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	75987C7EF7B36676E46629D381CD6620	4979337A3534FC490D33F097BBE4FF5D5DF7559F	9D2FEE0916190C515423F3118125D1047F8F7718550ED7540C531374667500FE
C:\Program Files (x86)\WinSoft Update Service\api-ms-win-core-namedpipe-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	4C32727ED601CFD0AE83FC856E40EC11	31821ED85DE0ED3976D6FD4C4A0C3E4AC77BAD88	AA80053CDFD417BE9D0E03623B88E14F2F4ABD8E863CF9E557D02A42DDC4DD34
C:\Program Files (x86)\WinSoft Update Service\api-ms-win-core-processenvironment-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	D288E16D91E695630945514D988EFD21	92140DD954317C7A56D04D36DF32F3337F2B7B06	69A407A3139F270E6389DA243890AD362D1976DB4BA997BA83081B50EA1234C6
C:\Program Files (x86)\WinSoft Update Service\api-ms-win-core-processthreads-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	1F451195A8ABD3D8D0F1FD8E7051E713	7267752C6942980D9EC17E5E7535CFC6FA438322	B59BCF40DABBE99E57269D5C70B7A005E4A11010A55FCEACBCBAB75AC609ADF9
C:\Program Files (x86)\WinSoft Update Service\api-ms-win-core-processthreads-l1-1-1.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	5EFD5F4B617E95043898DBFD78AF97FB	70BABD7098B05C59484A9DBEA77F4B5DCD2BF9CC	CFCEFC5AF3F7A37242DCDBFEBEDBB954A0D21D93175441BCE680A1A4C1C9FEF3
C:\Program Files (x86)\WinSoft Update Service\api-ms-win-core-profile-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	EE6D500CF33BA97E97B8B83917F90781	648CA133DB6DD3011F7ABE8D595B01637E764E24	4C686790658CD21277C9D2A881541EA01EA287020C2DA86A9A1C85CE55970843
C:\Program Files (x86)\WinSoft Update Service\api-ms-win-core-rtlsupport-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	6C614941F33DC339C0D7A975DF670B02	AAD98738314CA4D0E8B54D97EF14DB159E8A6133	C90D38627F5947DD106BD968F94BE0F7857CE2DA386741CCDB96D3C523865327
C:\Program Files (x86)\WinSoft Update Service\api-ms-win-core-string-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	6E880ACD975CC182592E6B3DBF36AC77	70BF9646DAD49AF0B7E227CC3254374A52527B19	FCEB04DE3FAD241D17F8F9D76E055BBCDD19EE3CB66918707767DC819BC779F9
C:\Program Files (x86)\WinSoft Update Service\api-ms-win-core-synch-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	692249028DFCE4B6142FDCC3B3BA022C	E540B80587F33BA75D7BD0A8A4722D7E7C620650	82AB47DE74F08FE422022CDA9A3AB14A20C4BF7EFBDBABC02D93A1586D332179
C:\Program Files (x86)\WinSoft Update Service\api-ms-win-core-synch-l1-2-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	FD9C6D2E90B3CF9C0D72F59B66EA1989	92BE1C1C7BC81E2EAEB22FDCE5946A0FB08E45F2	05482DBB67F005E0B61BBD44CE04818254FFECB765F836324BBCB3DD174524FE
C:\Program Files (x86)\WinSoft Update Service\api-ms-win-core-sysinfo-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	44A2DEFC1A7A4D61F55DAC4590B60D98	EC6F23F5E2DE9D0000967F6AE53921B410CFB893	015B944A920B277DAD7E75E82354833310EA6F265114A9735E74EEC3F471BD79
C:\Program Files (x86)\WinSoft Update Service\api-ms-win-core-timezone-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	425083789D9D675B2BCFA9A603C9B3FA	C6E4BCA5924406A675686B30EF5708732667E079	0006C449FDED67CB7CD9DFB4FA9310CE5103CA3B1344AF72052509C8B1CD4AD2
C:\Program Files (x86)\WinSoft Update Service\api-ms-win-core-util-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	5A66EF63C195CF4D8DABDEBA2EE8FDBB	3D3B991BEBDC99F9514DBA914B139749344CF690	983A6CC27522CEBE7583E64E93959CEA70C751C16D9DD5AEF3CA2D5E6DBF7284
C:\Program Files (x86)\WinSoft Update Service\api-ms-win-crt-conio-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	8E534F49C77D787DB69BABFF931A497A	709380F53F4BEE25AD110869AC4E755391346405	5B679B8119BB5D53107C40C63DF667BAEF62DE75418C3E6B540FDBAFCCEDDCA6
C:\Program Files (x86)\WinSoft Update Service\api-ms-win-crt-convert-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	33E8CCBE05123C8146CD16293B688417	D73246EB64AF4F7DED63FB458C6E09C7D500F542	9CE840D9A67C4700D271F27A8E5163EDA506CE46C85B501687955B55FCB3D136
C:\Program Files (x86)\WinSoft Update Service\api-ms-win-crt-environment-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	85CEBA9A21CE5D51B35EF2DE9EBFBAC4	2D695A3E2257916F252D746C5CC0B48AC2BA1380	69E2E6459EA24237D5FCFC429ACBC80BBB5852044A1B79F0AA6B544C4F770D95
C:\Program Files (x86)\WinSoft Update Service\api-ms-win-crt-filesystem-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	73CED8B30963E54D262DAE2559116E46	090E42C4B7F736E69C248AD6B790BB68B5BEE9EE	8B018F12E560D1179F1AD72811DBF7C60743061BEDFA332A6562CF3DB5CB413F
C:\Program Files (x86)\WinSoft Update Service\api-ms-win-crt-heap-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	4669249FB01EA369C7FD40A530966FA1	106454588625BCF1A86DB25333BB519E7F09EE61	BAC9384BA44857279AC04865686941243EA4FAC9C08C3D29FEB1B53D92E76EDF
C:\Program Files (x86)\WinSoft Update Service\api-ms-win-crt-locale-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	B23936CF83DAC4B64660A88711B5234A	61431CFB47F8D36E67D2A046DB318015AF4D3107	3927A4B0B4591989F8C7B25E747286B359618B4DE6F7680B2230C1CFB0D12782
C:\Program Files (x86)\WinSoft Update Service\api-ms-win-crt-math-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	C1096DA4634AD3356A10C00B24F53393	6EA87BF1A88E57954F1C34047423BC342CD407CA	A2DBFC1A5BAA66E257A4ACC63289FA73ADBA893F837E2B304097AB829BAB257A
C:\Program Files (x86)\WinSoft Update Service\api-ms-win-crt-multibyte-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	CBF3CFC9EE1FD29707D95C63A5E7A78B	AA91416F203466F24C0685C71A287950851D3D6B	BF1292E2B4808884EF85FB40E75644C813063E34511C01706EBDE9F4B5368C3E
C:\Program Files (x86)\WinSoft Update Service\api-ms-win-crt-process-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	00A0A24BB2E9AADE11494B627EB164C4	98C1121324F8E8AAA64C673D79315CC27FA0D25C	58DCF9EC3D0747A4EC23C7A1CCDB8EB0A6AD3AAEBB0D8C0DD480922D012C8ECD
C:\Program Files (x86)\WinSoft Update Service\api-ms-win-crt-runtime-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	408019E57D3D2DA62A9F28389EED0AC1	E48D1166A8FB95DA90787D820AE7CAE859BC626A	096139CDEAA408C3E3BD393A7188CBD6C296C3FE4E4CC15DA113286A3F713DBD
C:\Program Files (x86)\WinSoft Update Service\api-ms-win-crt-stdio-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	9D66FCC681389EC619D4E801F1DDBB2F	605385439A2B9295EFFF604F27849778696BEFAF	51C54EBAEC17C1216E0FCD926A2DC8A377CF278127E4FBF6CD26E0FDA51C23E1
C:\Program Files (x86)\WinSoft Update Service\api-ms-win-crt-string-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	6C7F782FDBF9AEFFE7663FA1579A610E	D1504BF86117CD552BC1B97A49745780D35007BC	083B8B0E45864B12C60417DD3C5FE88B68FFC45A245D50DF84F2A55B1DFCAB38
C:\Program Files (x86)\WinSoft Update Service\api-ms-win-crt-time-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	39F9D0F1B698D53D78C79576C7C60526	A2015E56318B650DE7436231DB6A09AB95F001DB	7A69214583D61CCA3B8D765B488D6DA070FCCDCC02B76EE4C66AEB809F88C1DA
C:\Program Files (x86)\WinSoft Update Service\api-ms-win-crt-utility-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	9F9FE5F52E9B2AD655C896B849883B1A	FD1119DBD0C38E7FC075BE6A9D0EFE4789F78387	44D5822D611FE29CB8530FE4BB86EAA8F9F2E135504E2304F8AB4AD6E37B8D36
C:\Program Files (x86)\WinSoft Update Service\bootstrap.pyc	data	6582823EDCEEFC21ACE452924AB42149	74AC9475D3C8D93B33C3CB234CAE5730E42F1D1C	060882F97ACE7CB6238E714FD48B3448939699E9F085418AF351C42B401A1227
C:\Program Files (x86)\WinSoft Update Service\libcrypto-1_1.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	AAD424A6A0AE6D6E7D4C50A1D96A17FC	4336017AE32A48315AFE1B10FF14D6159C7923BC	3A2DBA6098E77E36A9D20C647349A478CB0149020F909665D209F548DFA71377
C:\Program Files (x86)\WinSoft Update Service\libssl-1_1.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	697766ABA55F44BBD896CBD091A72B55	D36492BE46EA63CE784E4C1B0103BA21214A76FB	44A228B3646EB3575ABD5CBCB079E018DE11CA6B838A29E4391893DE69E0CF4B
C:\Program Files (x86)\WinSoft Update Service\mfc140u.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	EC85D7A09109D1F52F165CFBA6DB8B33	BCC0A43BEA8E4D0DB781F417CC2FAEFBB034BD36	CFBA55B3D6891A0F9E90726094DC4E57553C3443CEF156E5FFCD5965AC4E8E3F
C:\Program Files (x86)\WinSoft Update Service\pyexpat.pyd	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	187CDD3E6152D56986BB523C3A0F7D3E	ACA59C23E4E4974C37378BC7A2F365467E25C245	7F22B82BFFB4BD87C8C5DC3357C25B5714264B46CE05F6DC8C1FC4C579DCA5FD
C:\Program Files (x86)\WinSoft Update Service\python.exe	PE32 executable (console) Intel 80386, for MS Windows	083F4389A5CB405D0AB6A85952EA14F9	AC1AAD1677C95B9DE407F517CBC9432943C7F432	CA9F2A394EA9A7E0EE58CC39C7F2DCEB4D539223DFBADA1124A215921B0D767D
C:\Program Files (x86)\WinSoft Update Service\python3.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	167EBEFCF1A2CB0CE7F4118FE826F58B	5D532467D78DCC2B63848452C4F600513B4136CF	112C98099E5E6156A8844C6C39B2136F3146E1F2221C37B9064AB7AF6FDFABB7
C:\Program Files (x86)\WinSoft Update Service\python37._pth	ASCII text, with CRLF line terminators	597CD2A66DB50FA966D5E02A7019494E	EFF5ACB902D3F10C694EB214B998C6D7DF831F73	21BE885FE858372FF76238A939C0E94F0EE9745FB3C7C67D472A1E97219E891D
C:\Program Files (x86)\WinSoft Update Service\python37.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	465089EACED8159EC533E4A37033E227	074596ADAE6F53F33B8297F02E21F6A6F7AC6FF1	2B29AE140CB9F08AF872ACF9E17F785EF99398EF3367549B55242BC064D6AE40
C:\Program Files (x86)\WinSoft Update Service\python37.zip	Zip archive data, at least v2.0 to extract	C96BA41BEB9677E28ECB7CC6F2601A09	ACFF8E438A1E4E7CF7DA363A9991D4B415033D3A	539A79F716CF359DCEAA290398BC629010B6E02E47EAED2356074BFFA072052F
C:\Program Files (x86)\WinSoft Update Service\pythonw.exe	PE32 executable (GUI) Intel 80386, for MS Windows	8BB08823E77FC6552CA08085E8574148	9EA47CE675474B8A0003773642A9D397AF19F0AE	3945C739FD3750D8CA88489B5878F93476D55CAF40E065CC90B6F6EEC6193359
C:\Program Files (x86)\WinSoft Update Service\select.pyd	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	D3BF89184B94A4120F4F19F5BCD128D6	C7F22BB0B957BD7103CF32F8958CFD2145EAA5B8	568EFDC33F1FCC1AF1D030C75FCCEDC2D9B1FCBF49C239726E2CF49D47ADD902
C:\Program Files (x86)\WinSoft Update Service\sitecustomize.py	ASCII text, with CRLF line terminators	AB68FDABCE788B276E3F83C8007E445E	4C68DC990C0112FAFEA0E1C883E4EAB6FE5DA9D5	30D94609F29DA733604B0212382898286DF9D39A2A6BFFEF811594970750089A
C:\Program Files (x86)\WinSoft Update Service\sqlite3.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	68FCAE2F9BDB38FDFA4E7826A45A494E	8A3C69F5D9140B07A8FCF578CE479CD4B1295003	9DC0373E28A45187528591A3ED0EABC4C4A2A6D3EEB8E38C3F451FC11D9E5B48
C:\Program Files (x86)\WinSoft Update Service\tcl86t.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	30195AA599DD12AC2567DE0815ADE5E6	AA2597D43C64554156AE7CDB362C284EC19668A7	E79443E9413BA9A4442CA7DB8EE91A920E61AC2FB55BE10A6AB9A9C81F646DBB
C:\Program Files (x86)\WinSoft Update Service\tk86t.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	6CADEC733F5BE72697D7112860A0905B	6A6BEEEF3B1BB7C85C63F4A3410E673FCE73F50D	19F70DC79994E46D3E1EF6BE352F5933866DE5736D761FAA8839204136916B3F
C:\Program Files (x86)\WinSoft Update Service\ucrtbase.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	5B55E9A1360A6C52CC988DA6804D6CA2	AB36F680029C672B885D52AE376B80B4752F5F80	AB2BBEC93FA2AF707D9C55B3DB442DDE6561D1799E53E74C7F6345252989798C
C:\Program Files (x86)\WinSoft Update Service\unicodedata.pyd	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	22EE48112415EE74C80B66CC1A8E1CA8	9EB11B06BA0EA22A2F339D0CE300F45F48607D4C	8F38B8891C74DA4AF150B60D21053CDA95A61881C61B8FFF1C8852885DE8B2AF
C:\Program Files (x86)\WinSoft Update Service\vcruntime140.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	AEAB74DB6BC6C914997F1A8A9FF013EC	6B717F23227D158D6AA566498C438B8F305A29B5	18CCB2DD8AF853F4E6221BB5513E3154EF67AE61CEE6EC319A8A97615987DC4B
C:\Program Files (x86)\WinSoft Update Service\winsound.pyd	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	E5892CEBA7B672738704890877D13CF1	C708ECDAE79D2D086171901BBBA68B4D9A22EC91	729956F583AEC78ADC3A0B2A0DBD0635C8B96812740F66144356BD7046FE8C7E

ID:	652527
Product:	CloudBasic
Start time:	22:11:49
Start date:	26.06.2022
Sample:	install.exe
Cookbook:	default.jbs
System description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Architecture:	WINDOWS
MD5:	abc7a9c5b732b72a8f47fd85ee638c09
SHA1:	9876415085f95c02d6bcea9b1fc990d5b5c50d1c
SHA256:	d9ebb6958afcd1907651487062108ec56a2af9eb935f2437156584081cb56b2f
Filetype:	Win32 Executable (generic) a (10002005/4) 99.96%

Windows Analysis Report
install.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Contacted Domains

Windows Analysis Report install.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Contacted Domains

Windows Analysis Report
install.exe