Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
bcLKBiuPHu.exe

Overview

General Information

Sample name:bcLKBiuPHu.exe
renamed because original name is a hash value
Original sample name:c13c6923bd8eab75c07640ad362833787d78a005577f8d5e32927139df8e2cd0.exe
Analysis ID:1500523
MD5:667ead6e36314bd21b1fa1fb9f1960b6
SHA1:b14ecebb5df15c8ab0f11663d419c2ccb1944760
SHA256:c13c6923bd8eab75c07640ad362833787d78a005577f8d5e32927139df8e2cd0
Tags:AdvancedPersistentThreatexe
Infos:

Detection

Score:39
Range:0 - 100
Whitelisted:false
Confidence:0%

Signatures

Antivirus detection for URL or domain
Found pyInstaller with non standard icon
AV process strings found (often used to terminate AV products)
Binary contains a suspicious time stamp
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Creates a process in suspended mode (likely to inject code)
Drops PE files
Found dropped PE file which has not been started or loaded
IP address seen in connection with other malware
Installs a raw input device (often for capturing keystrokes)
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • bcLKBiuPHu.exe (PID: 6300 cmdline: "C:\Users\user\Desktop\bcLKBiuPHu.exe" MD5: 667EAD6E36314BD21B1FA1FB9F1960B6)
    • conhost.exe (PID: 1228 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • bcLKBiuPHu.exe (PID: 6508 cmdline: "C:\Users\user\Desktop\bcLKBiuPHu.exe" MD5: 667EAD6E36314BD21B1FA1FB9F1960B6)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus detection for URL or domain
Source: https://github.com/BrowserCompanyLLC/-12/releases/download/semtag/Cloud.batAvira URL Cloud: Label: malware
Source: bcLKBiuPHu.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: bcLKBiuPHu.exeStatic PE information: certificate valid
Source: bcLKBiuPHu.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: Binary string: gcapi_dll.dll.pdb| source: bcLKBiuPHu.exe, 00000000.00000002.1333966196.0000000001257000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1324019828.0000000001257000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: BTR.pdbGCTL source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: MpGear.pdb source: bcLKBiuPHu.exe, 00000000.00000002.1333966196.0000000001257000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1324019828.0000000001257000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: KSLD.pdb source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: KSLDriver.pdbGCTL source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: D:\a\1\b\bin\win32\_decimal.pdb%% source: bcLKBiuPHu.exe, 00000000.00000003.1238747954.000000000642C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: MsMpEngCP.pdb source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: D:\a\1\b\bin\win32\_lzma.pdbOO source: bcLKBiuPHu.exe, 00000000.00000003.1239142078.000000000642C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: BTR.pdb source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: mpengine.pdb source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: D:\a\1\b\bin\win32\_queue.pdb source: bcLKBiuPHu.exe, 00000000.00000003.1239275348.000000000642C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\win32\_lzma.pdb source: bcLKBiuPHu.exe, 00000000.00000003.1239142078.000000000642C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: MsMpEngCP.pdbGCTL source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: gcapi_dll.dll.pdb source: bcLKBiuPHu.exe, 00000000.00000002.1333966196.0000000001257000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1324019828.0000000001257000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: mpengine.pdbOGPS source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: KSLDriver.pdb source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: offreg.pdbH source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: D:\a\1\b\bin\win32\_bz2.pdb source: bcLKBiuPHu.exe, 00000000.00000003.1238533849.000000000642C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\win32\select.pdb source: bcLKBiuPHu.exe, 00000000.00000003.1244326319.000000000642E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: MsMpEngSvc.pdb source: bcLKBiuPHu.exe, 00000000.00000002.1333966196.0000000001257000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1324019828.0000000001257000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: D:\a\1\b\bin\win32\_decimal.pdb source: bcLKBiuPHu.exe, 00000000.00000003.1238747954.000000000642C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\win32\_hashlib.pdb source: bcLKBiuPHu.exe, 00000000.00000003.1238964960.000000000642C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: MsMpEngSvc.pdbGCTL source: bcLKBiuPHu.exe, 00000000.00000002.1333966196.0000000001257000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1324019828.0000000001257000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: KSLD.pdbGCTL source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: offreg.pdb source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: D:\a\1\b\bin\win32\unicodedata.pdb source: bcLKBiuPHu.exe, 00000000.00000003.1244614120.0000000006439000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: MpGear.pdbGCTL source: bcLKBiuPHu.exe, 00000000.00000002.1333966196.0000000001257000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1324019828.0000000001257000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: D:\a\1\b\bin\win32\_socket.pdb source: bcLKBiuPHu.exe, 00000000.00000003.1239360047.000000000642C000.00000004.00000020.00020000.00000000.sdmp
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeFile opened: C:\Users\user~1\AppData\Local\Temp\_MEI63002\Jump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeFile opened: C:\Users\user~1\AppData\Local\Temp\_MEI63002\certifi\Jump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeFile opened: C:\Users\user~1\Jump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeFile opened: C:\Users\user~1\AppData\Local\Temp\_MEI63002\certifi\cacert.pemJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeFile opened: C:\Users\user~1\AppData\Local\Jump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeFile opened: C:\Users\user~1\AppData\Jump to behavior
Source: Joe Sandbox ViewIP Address: 140.82.121.4 140.82.121.4
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: github.com
Source: bcLKBiuPHu.exe, 00000003.00000003.1314799727.0000000008B00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://.../back.jpeg
Source: bcLKBiuPHu.exe, 00000000.00000000.1233156408.0000000000C59000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000000.1252684085.0000000000C59000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://.ocx.cabhtml:file::LowTelemetry
Source: bcLKBiuPHu.exe, 00000000.00000003.1238533849.000000000642C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1238747954.000000000642C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.coZ
Source: bcLKBiuPHu.exe, 00000000.00000003.1244326319.000000000642E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1244614120.0000000006439000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1238533849.000000000642C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000002.1333966196.0000000001257000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1242027207.000000000642E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1239275348.000000000642C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1242754558.000000000642E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1238747954.000000000642C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1241117223.000000000642E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000002.1337076500.0000000006429000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1244614120.000000000642E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1239360047.000000000642C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1238964960.000000000642C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1241117223.0000000006438000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1239142078.000000000642C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1239459058.000000000642C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1333467486.0000000006429000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1324019828.0000000001257000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: bcLKBiuPHu.exe, 00000000.00000003.1244326319.000000000642E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1238533849.000000000642C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000002.1333966196.0000000001257000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1242027207.000000000642E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1239275348.000000000642C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1242754558.000000000642E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1238747954.000000000642C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1241117223.000000000642E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1244614120.000000000642E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1239360047.000000000642C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1238964960.000000000642C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1241117223.0000000006438000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1239142078.000000000642C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1239459058.000000000642C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1324019828.0000000001257000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: bcLKBiuPHu.exe, 00000000.00000003.1244326319.000000000642E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1238533849.000000000642C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000002.1333966196.0000000001257000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1242027207.000000000642E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1239275348.000000000642C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1242754558.000000000642E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1238747954.000000000642C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1241117223.000000000642E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1244614120.000000000642E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1239360047.000000000642C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1238964960.000000000642C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1241117223.0000000006438000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1239142078.000000000642C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1239459058.000000000642C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1324019828.0000000001257000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: bcLKBiuPHu.exe, 00000000.00000003.1244326319.000000000642E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1244614120.0000000006439000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1238533849.000000000642C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000002.1333966196.0000000001257000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1242027207.000000000642E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1239275348.000000000642C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1242754558.000000000642E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1238747954.000000000642C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1241117223.000000000642E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1244614120.000000000642E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1239360047.000000000642C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1238964960.000000000642C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1241117223.0000000006438000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1239142078.000000000642C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1239459058.000000000642C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1324019828.0000000001257000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: bcLKBiuPHu.exe, 00000003.00000003.1305121391.0000000008950000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305400557.0000000008982000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305378289.00000000089A5000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305605705.0000000008982000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305270796.0000000008975000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1303734235.000000000892E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305543531.00000000089A6000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305655841.0000000008986000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305302869.0000000008981000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305820390.000000000898D000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305236312.0000000008964000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.certigna.fr/certignarootca.crl01
Source: bcLKBiuPHu.exe, 00000003.00000003.1303734235.000000000892E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1306585549.000000000892E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1310455367.000000000892E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1318001972.000000000893E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1307739581.000000000892E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1312460362.000000000892E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1303394012.000000000637C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1311527971.000000000637D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: bcLKBiuPHu.exe, 00000003.00000003.1318560773.0000000008940000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1303734235.000000000892E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1306585549.000000000892E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1310455367.000000000892E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1318001972.000000000893E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1307739581.000000000892E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1312460362.000000000892E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl
Source: bcLKBiuPHu.exe, 00000003.00000003.1303394012.000000000637C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1311527971.000000000637D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crls
Source: bcLKBiuPHu.exe, 00000003.00000003.1305121391.0000000008950000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305400557.0000000008982000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305378289.00000000089A5000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305605705.0000000008982000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305270796.0000000008975000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1303734235.000000000892E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305543531.00000000089A6000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305655841.0000000008986000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305302869.0000000008981000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305820390.000000000898D000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305236312.0000000008964000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl
Source: bcLKBiuPHu.exe, 00000003.00000003.1305121391.0000000008950000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305400557.0000000008982000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305605705.0000000008982000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305270796.0000000008975000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1303734235.000000000892E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305655841.0000000008986000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305302869.0000000008981000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305820390.000000000898D000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305236312.0000000008964000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crln
Source: bcLKBiuPHu.exe, 00000003.00000003.1303734235.000000000892E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1306585549.000000000892E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1310455367.000000000892E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1318001972.000000000893E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1307739581.000000000892E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1312460362.000000000892E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1318121001.0000000008942000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl
Source: bcLKBiuPHu.exe, 00000003.00000003.1303253961.00000000088DC000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1307855542.000000000890F000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1303473001.000000000890B000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1302847391.00000000088BC000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305159281.000000000890C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl0
Source: bcLKBiuPHu.exe, 00000003.00000003.1303734235.000000000892E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1306585549.000000000892E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1310455367.000000000892E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1318001972.000000000893E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1307739581.000000000892E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1312460362.000000000892E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1318121001.0000000008942000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl
Source: bcLKBiuPHu.exe, 00000003.00000003.1303253961.00000000088DC000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1307855542.000000000890F000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1303473001.000000000890B000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1302847391.00000000088BC000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305159281.000000000890C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl0
Source: bcLKBiuPHu.exe, 00000003.00000003.1303734235.000000000892E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1306585549.000000000892E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1310455367.000000000892E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1318001972.000000000893E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1307739581.000000000892E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1312460362.000000000892E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1318121001.0000000008942000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl
Source: bcLKBiuPHu.exe, 00000003.00000003.1303394012.000000000637C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1311527971.000000000637D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
Source: bcLKBiuPHu.exe, 00000003.00000003.1303734235.000000000892E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1306585549.000000000892E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1310455367.000000000892E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1318001972.000000000893E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1307739581.000000000892E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1312460362.000000000892E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1318121001.0000000008942000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crlwo
Source: bcLKBiuPHu.exe, 00000000.00000003.1244326319.000000000642E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1244614120.0000000006439000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1238533849.000000000642C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000002.1333966196.0000000001257000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1242027207.000000000642E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1239275348.000000000642C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1242754558.000000000642E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1238747954.000000000642C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1241117223.000000000642E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000002.1337076500.0000000006429000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1244614120.000000000642E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1239360047.000000000642C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1238964960.000000000642C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1241117223.0000000006438000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1239142078.000000000642C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1239459058.000000000642C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1333467486.0000000006429000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1324019828.0000000001257000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: bcLKBiuPHu.exe, 00000000.00000003.1244326319.000000000642E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1238533849.000000000642C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000002.1333966196.0000000001257000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1242027207.000000000642E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1239275348.000000000642C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1242754558.000000000642E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1238747954.000000000642C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1241117223.000000000642E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1244614120.000000000642E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1239360047.000000000642C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1238964960.000000000642C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1241117223.0000000006438000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1239142078.000000000642C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1239459058.000000000642C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1324019828.0000000001257000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: bcLKBiuPHu.exe, 00000000.00000003.1244326319.000000000642E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1238533849.000000000642C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000002.1333966196.0000000001257000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1242027207.000000000642E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1239275348.000000000642C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1242754558.000000000642E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1238747954.000000000642C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1241117223.000000000642E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1244614120.000000000642E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1239360047.000000000642C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1238964960.000000000642C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1241117223.0000000006438000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1239142078.000000000642C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1239459058.000000000642C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1324019828.0000000001257000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: bcLKBiuPHu.exe, 00000000.00000003.1241117223.000000000642E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.c
Source: bcLKBiuPHu.exe, 00000003.00000002.1324019828.0000000001257000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: bcLKBiuPHu.exe, 00000000.00000003.1244326319.000000000642E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1238533849.000000000642C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000002.1333966196.0000000001257000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1242027207.000000000642E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1239275348.000000000642C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1242754558.000000000642E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1238747954.000000000642C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1241117223.000000000642E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1244614120.000000000642E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1239360047.000000000642C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1238964960.000000000642C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1241117223.0000000006438000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1239142078.000000000642C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1239459058.000000000642C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1324019828.0000000001257000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: bcLKBiuPHu.exe, 00000003.00000003.1268981543.00000000088DA000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1269519670.0000000008881000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1269708691.00000000088DA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://curl.haxx.se/rfc/cookie_spec.html
Source: bcLKBiuPHu.exe, 00000000.00000002.1333966196.0000000001257000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1324019828.0000000001257000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest
Source: bcLKBiuPHu.exe, 00000000.00000002.1333966196.0000000001257000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1324019828.0000000001257000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
Source: bcLKBiuPHu.exe, 00000003.00000003.1307501288.00000000084B0000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1308228551.00000000084B3000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1332593026.00000000084B6000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1307937354.00000000084B0000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1309401356.00000000084B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/
Source: bcLKBiuPHu.exe, 00000003.00000003.1307646693.0000000006368000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1307408360.000000000635A000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1304077858.000000000633F000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1309077803.0000000006374000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/mail/
Source: bcLKBiuPHu.exe, 00000003.00000003.1315075445.00000000083F1000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1307501288.00000000084B0000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1308228551.00000000084B3000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1309336493.00000000083EC000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1313374138.00000000084B0000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1308264774.00000000083E6000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1332593026.00000000084B0000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1307501288.00000000083E3000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1314158702.00000000083EF000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1314872948.00000000084B0000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1307937354.00000000084B0000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1332191108.00000000083F3000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1315625084.00000000084B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535
Source: bcLKBiuPHu.exe, 00000000.00000002.1333966196.0000000001257000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1324019828.0000000001257000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://iptc.org/std/Iptc4xmpExt/2008-02-29/
Source: bcLKBiuPHu.exe, 00000000.00000002.1333966196.0000000001257000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1324019828.0000000001257000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://ns.useplus.org/ldf/xmp/1.0/
Source: bcLKBiuPHu.exe, 00000003.00000003.1312460362.000000000892E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es
Source: bcLKBiuPHu.exe, 00000003.00000003.1305121391.0000000008950000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305400557.0000000008976000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305270796.0000000008975000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1303734235.000000000892E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305236312.0000000008964000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es0
Source: bcLKBiuPHu.exe, 00000000.00000003.1244326319.000000000642E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1238533849.000000000642C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000002.1333966196.0000000001257000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1242027207.000000000642E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1239275348.000000000642C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1242754558.000000000642E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1238747954.000000000642C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1241117223.000000000642E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1244614120.000000000642E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1239360047.000000000642C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1238964960.000000000642C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1241117223.0000000006438000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1239142078.000000000642C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1239459058.000000000642C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1324019828.0000000001257000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://ocsp.digicert.com0
Source: bcLKBiuPHu.exe, 00000000.00000003.1244326319.000000000642E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1244614120.0000000006439000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1238533849.000000000642C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000002.1333966196.0000000001257000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1242027207.000000000642E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1239275348.000000000642C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1242754558.000000000642E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1238747954.000000000642C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1241117223.000000000642E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1244614120.000000000642E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1239360047.000000000642C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1238964960.000000000642C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1241117223.0000000006438000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1239142078.000000000642C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1239459058.000000000642C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1324019828.0000000001257000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://ocsp.digicert.com0A
Source: bcLKBiuPHu.exe, 00000000.00000003.1244326319.000000000642E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1244614120.0000000006439000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1238533849.000000000642C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000002.1333966196.0000000001257000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1242027207.000000000642E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1239275348.000000000642C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1242754558.000000000642E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1238747954.000000000642C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1241117223.000000000642E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000002.1337076500.0000000006429000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1244614120.000000000642E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1239360047.000000000642C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1238964960.000000000642C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1241117223.0000000006438000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1239142078.000000000642C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1239459058.000000000642C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1333467486.0000000006429000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1324019828.0000000001257000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://ocsp.digicert.com0C
Source: bcLKBiuPHu.exe, 00000000.00000003.1244326319.000000000642E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1238533849.000000000642C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000002.1333966196.0000000001257000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1242027207.000000000642E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1239275348.000000000642C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1242754558.000000000642E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1238747954.000000000642C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1241117223.000000000642E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1244614120.000000000642E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1239360047.000000000642C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1238964960.000000000642C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1241117223.0000000006438000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1239142078.000000000642C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1239459058.000000000642C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1324019828.0000000001257000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://ocsp.digicert.com0X
Source: bcLKBiuPHu.exe, 00000003.00000003.1312460362.000000000892E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305400557.0000000008952000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/
Source: bcLKBiuPHu.exe, 00000003.00000003.1305121391.0000000008950000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1303734235.000000000892E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305400557.0000000008952000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com//0
Source: bcLKBiuPHu.exe, 00000000.00000002.1333966196.0000000001257000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1324019828.0000000001257000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
Source: bcLKBiuPHu.exe, 00000003.00000003.1314834806.0000000008790000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc6125#section-6.4.3
Source: bcLKBiuPHu.exe, 00000003.00000003.1305121391.0000000008950000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305400557.0000000008976000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305270796.0000000008975000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1303734235.000000000892E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1306585549.000000000892E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1310455367.000000000892E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1318001972.000000000893E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1307739581.000000000892E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1312460362.000000000892E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305236312.0000000008964000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
Source: bcLKBiuPHu.exe, 00000003.00000003.1305121391.0000000008950000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1303734235.000000000892E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305400557.0000000008952000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl
Source: bcLKBiuPHu.exe, 00000003.00000003.1305121391.0000000008950000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305400557.0000000008976000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305270796.0000000008975000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1303734235.000000000892E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305236312.0000000008964000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
Source: bcLKBiuPHu.exe, 00000003.00000003.1314340390.0000000006340000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1304077858.000000000633F000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1314498469.0000000006342000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm
Source: bcLKBiuPHu.exe, 00000003.00000003.1305121391.0000000008950000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305400557.0000000008976000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305270796.0000000008975000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1303734235.000000000892E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305236312.0000000008964000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm0U
Source: bcLKBiuPHu.exe, 00000003.00000003.1314340390.0000000006340000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305121391.0000000008950000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305400557.0000000008976000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305270796.0000000008975000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1303734235.000000000892E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1304077858.000000000633F000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1314498469.0000000006342000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305236312.0000000008964000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es00
Source: bcLKBiuPHu.exe, 00000003.00000001.1254475437.000000000191D000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: bcLKBiuPHu.exe, 00000000.00000002.1333966196.0000000001257000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1324019828.0000000001257000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.avast.com0/
Source: bcLKBiuPHu.exe, 00000003.00000003.1307000166.00000000063BD000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1314036451.00000000063BD000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1331009143.00000000062C0000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1314993847.00000000063BD000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1306567487.00000000063BA000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1303394012.0000000006396000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1315774434.00000000063BD000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1303634656.00000000063B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/
Source: bcLKBiuPHu.exe, 00000003.00000003.1307000166.00000000063BD000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1314036451.00000000063BD000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1314993847.00000000063BD000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1306567487.00000000063BA000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1303394012.0000000006396000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1315774434.00000000063BD000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1303634656.00000000063B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/..m
Source: bcLKBiuPHu.exe, 00000003.00000003.1303394012.000000000637C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1311527971.000000000637D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/0
Source: bcLKBiuPHu.exe, 00000003.00000002.1331009143.00000000062C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/j
Source: bcLKBiuPHu.exe, 00000003.00000003.1264200321.0000000008407000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1264170550.00000000083FE000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1264268695.0000000008417000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cl.cam.ac.uk/~mgk25/iso-time.html
Source: bcLKBiuPHu.exe, 00000000.00000003.1244326319.000000000642E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1238533849.000000000642C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000002.1333966196.0000000001257000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1242027207.000000000642E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1239275348.000000000642C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1242754558.000000000642E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1238747954.000000000642C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1241117223.000000000642E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1244614120.000000000642E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1239360047.000000000642C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1238964960.000000000642C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1241117223.0000000006438000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1239142078.000000000642C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1239459058.000000000642C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1324019828.0000000001257000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.digicert.com/CPS0
Source: bcLKBiuPHu.exe, 00000003.00000003.1305121391.0000000008950000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1307646693.0000000006368000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1303734235.000000000892E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1310335538.000000000845F000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1307408360.000000000635A000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1304077858.000000000633F000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1309077803.0000000006374000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1309941254.0000000008455000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1307501288.0000000008412000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305400557.0000000008952000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.firmaprofesional.com/cps0
Source: bcLKBiuPHu.exe, 00000000.00000002.1333966196.0000000001257000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1324019828.0000000001257000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.gimp.org/xmp/
Source: bcLKBiuPHu.exe, 00000000.00000000.1233156408.0000000000C59000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000000.1252684085.0000000000C59000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web
Source: bcLKBiuPHu.exe, 00000000.00000000.1233156408.0000000000C59000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000000.1252684085.0000000000C59000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=webreferrerEvalError
Source: bcLKBiuPHu.exe, 00000003.00000003.1312262000.0000000008444000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1267331033.0000000008442000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1311142703.0000000008443000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1266939290.0000000008409000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1308057936.0000000008423000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1309911651.0000000008426000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1266879732.0000000008476000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1313158498.0000000008446000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1310049376.000000000842A000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1310419450.0000000008430000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1307501288.0000000008412000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1266939290.0000000008442000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6
Source: bcLKBiuPHu.exe, 00000003.00000003.1264200321.0000000008407000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1264170550.00000000083FE000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1264268695.0000000008417000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1264141063.000000000844C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iana.org/time-zones/repository/tz-link.html
Source: bcLKBiuPHu.exe, 00000003.00000003.1264200321.0000000008407000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1264170550.00000000083FE000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1264268695.0000000008417000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.phys.uu.nl/~vgent/calendar/isocalendar.htm
Source: bcLKBiuPHu.exe, 00000003.00000003.1305121391.0000000008950000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1303734235.000000000892E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps
Source: bcLKBiuPHu.exe, 00000003.00000003.1305121391.0000000008950000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1303734235.000000000892E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps0
Source: bcLKBiuPHu.exe, 00000003.00000003.1268981543.00000000088DA000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1311571579.0000000008888000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1269519670.0000000008881000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1269708691.00000000088DA000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1306494799.0000000008886000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wwwsearch.sf.net/):
Source: bcLKBiuPHu.exe, 00000000.00000002.1333966196.0000000001BF6000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1324019828.0000000001BF6000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://ccleaner.com/go/app_cc_acknowledgements
Source: bcLKBiuPHu.exe, 00000000.00000002.1333966196.0000000001BF6000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1324019828.0000000001BF6000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://ccleaner.com/go/app_cc_license_agreement
Source: bcLKBiuPHu.exe, 00000000.00000002.1333966196.0000000001BF6000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1324019828.0000000001BF6000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://ccleaner.com/go/app_cc_privacy_data_factsheet
Source: bcLKBiuPHu.exe, 00000000.00000002.1333966196.0000000001BF6000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1324019828.0000000001BF6000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://ccleaner.com/go/app_cc_privacy_policy
Source: bcLKBiuPHu.exe, 00000000.00000002.1333966196.0000000001BF6000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1324019828.0000000001BF6000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://ccleaner.com/go/app_cc_privacy_product_policy
Source: bcLKBiuPHu.exe, 00000003.00000003.1266222192.0000000008427000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1266292775.000000000843B000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1264883779.000000000844C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1265498656.000000000844C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1267331033.0000000008442000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1310915948.000000000846C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1266181163.000000000844C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1264268695.000000000844C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1263807175.000000000844C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1263690548.0000000008465000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1266668965.0000000008442000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1310705885.0000000008469000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1265249028.000000000844C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1263965510.0000000008462000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1264392476.000000000844C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1313190548.000000000846D000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1264141063.000000000844C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1264244013.0000000008468000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1266378398.0000000008427000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1266802322.0000000008443000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1313374138.000000000846F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64
Source: bcLKBiuPHu.exe, 00000003.00000002.1332779998.00000000084D0000.00000004.00001000.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1331206241.0000000006312000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1313922728.0000000006310000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1307096445.00000000062FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/BrowserCompanyLLC/-12/releases/download/semtag/Cloud.bat
Source: bcLKBiuPHu.exe, 00000003.00000003.1311571579.0000000008888000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1269519670.0000000008881000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1268766598.0000000008878000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1306494799.0000000008886000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1268832518.0000000008883000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Ousret/charset_normalizer
Source: bcLKBiuPHu.exe, 00000003.00000003.1314520975.0000000006311000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1331206241.0000000006312000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1255437380.0000000006332000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1313922728.0000000006310000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1307096445.00000000062FF000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1255454545.0000000006327000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
Source: bcLKBiuPHu.exe, 00000003.00000002.1331983819.0000000008110000.00000004.00001000.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1255437380.0000000006332000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1255454545.0000000006327000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
Source: bcLKBiuPHu.exe, 00000003.00000003.1255454545.0000000006327000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
Source: bcLKBiuPHu.exe, 00000003.00000003.1314520975.0000000006311000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1331206241.0000000006312000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1255437380.0000000006332000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1313922728.0000000006310000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1307096445.00000000062FF000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1255454545.0000000006327000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
Source: bcLKBiuPHu.exe, 00000003.00000003.1268439386.0000000006397000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1306810010.0000000006396000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1269165843.0000000006397000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1260159474.0000000006349000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1260234135.0000000006362000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1308557594.00000000063A9000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1260328318.000000000844E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1260607479.0000000006397000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1307264135.00000000063A7000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1311250835.00000000063A9000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1309138216.00000000063A9000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1260038704.000000000844C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1307149151.0000000006396000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1260181354.000000000844C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1260905580.0000000006397000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1262187965.0000000006397000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1303394012.0000000006396000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1267244395.0000000006397000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/issues/86361.
Source: bcLKBiuPHu.exe, 00000003.00000003.1314520975.0000000006311000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1331206241.0000000006312000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1255437380.0000000006332000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1313922728.0000000006310000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1307096445.00000000062FF000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1255454545.0000000006327000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
Source: bcLKBiuPHu.exe, 00000003.00000003.1306937644.0000000008862000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1307892105.0000000008863000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1308932104.0000000008868000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.
Source: bcLKBiuPHu.exe, 00000003.00000003.1314834806.0000000008790000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2920
Source: bcLKBiuPHu.exe, 00000003.00000003.1311571579.0000000008888000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1310362216.0000000008858000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1269519670.0000000008881000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1309864755.0000000008854000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1268766598.0000000008878000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1306494799.0000000008886000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1307892105.0000000008851000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1268832518.0000000008883000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/
Source: bcLKBiuPHu.exe, 00000003.00000003.1310362216.0000000008858000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1309864755.0000000008854000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1307892105.0000000008851000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/mail
Source: bcLKBiuPHu.exe, 00000003.00000002.1332191108.00000000083F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/mail/
Source: bcLKBiuPHu.exe, 00000003.00000003.1313703072.000000000885B000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1309864755.000000000885B000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1309546342.000000000885A000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1307892105.0000000008851000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/
Source: bcLKBiuPHu.exe, 00000003.00000003.1268832518.0000000008883000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/
Source: bcLKBiuPHu.exe, 00000003.00000003.1277856120.00000000088D0000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1307892105.0000000008863000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1278810039.00000000088A2000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1306379297.00000000088E2000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1308932104.0000000008868000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/get
Source: bcLKBiuPHu.exe, 00000003.00000003.1314340390.0000000006340000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1314567086.0000000006345000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1304077858.000000000633F000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1314498469.0000000006342000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/post
Source: bcLKBiuPHu.exe, 00000003.00000003.1308107530.0000000008861000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://json.org
Source: bcLKBiuPHu.exe, 00000003.00000003.1270776760.000000000638A000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1306477150.00000000084BF000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1270153053.00000000088FC000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1270521497.00000000088F1000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1270746328.00000000088FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mahler:8092/site-updates.py
Source: bcLKBiuPHu.exe, 00000003.00000003.1259593796.0000000006361000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1259432613.0000000006361000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1332931547.0000000008550000.00000004.00001000.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1259508438.000000000635F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0205/
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.000000000191D000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000000.00000000.1233156408.000000000191D000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1324019828.000000000191D000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.000000000191D000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://piriform.zendesk.com/hc/en-us/articles/204043884-Using-CCleaner-s-Drive-Wiper
Source: bcLKBiuPHu.exe, 00000003.00000001.1254475437.000000000191D000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://piriform.zendesk.com/hc/en-us/articles/218109957-How-do-I-manage-browser-plugins-
Source: bcLKBiuPHu.exe, 00000003.00000003.1314340390.0000000006340000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1314567086.0000000006345000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1304077858.000000000633F000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1314498469.0000000006342000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1277856120.00000000088D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://requests.readthedocs.io
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.000000000191D000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000000.00000002.1333966196.0000000001257000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000000.00000000.1233156408.000000000191D000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1324019828.000000000191D000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.000000000191D000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1324019828.0000000001257000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://sciter.com/forums/topic/plus-custom-output-formatter-wont-work-if-they-are-written-in-htm/#p
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.000000000191D000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000000.00000000.1233156408.000000000191D000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1324019828.000000000191D000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.000000000191D000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://secure.ccleaner.com/502/uurl-90zu4qtn5p?
Source: bcLKBiuPHu.exe, 00000000.00000002.1333966196.0000000001BF6000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1324019828.0000000001BF6000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://secure.ccleaner.com/502/uurl-90zu4qtn5p?x-source=833
Source: bcLKBiuPHu.exe, 00000003.00000003.1310362216.0000000008858000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1309864755.0000000008854000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1307892105.0000000008851000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc2388#section-4.4
Source: bcLKBiuPHu.exe, 00000003.00000003.1311571579.0000000008888000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1269519670.0000000008881000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1268766598.0000000008878000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1306494799.0000000008886000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1268832518.0000000008883000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
Source: bcLKBiuPHu.exe, 00000003.00000003.1314834806.0000000008790000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.apple.com/appleca/0
Source: bcLKBiuPHu.exe, 00000003.00000001.1254475437.000000000191D000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.avast.com/lp-ppc-nbu-fav-cc
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.000000000191D000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000000.00000000.1233156408.000000000191D000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1324019828.000000000191D000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.000000000191D000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.ccleaner.com/business
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.000000000191D000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000000.00000000.1233156408.000000000191D000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1324019828.000000000191D000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.000000000191D000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.ccleaner.com/business/ccleaner-business-edition
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.000000000191D000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000000.00000000.1233156408.000000000191D000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1324019828.000000000191D000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.000000000191D000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.ccleaner.com/ccleaner
Source: bcLKBiuPHu.exe, 00000000.00000002.1333966196.0000000001BF6000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1324019828.0000000001BF6000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.ccleaner.com/ccleaner/browser
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.000000000191D000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000000.00000000.1233156408.000000000191D000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1324019828.000000000191D000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.000000000191D000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.ccleaner.com/docs/ccleaner/ccleaner-settings/choosing-which-cookies-to-keep
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.000000000191D000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000000.00000000.1233156408.000000000191D000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1324019828.000000000191D000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.000000000191D000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.ccleaner.com/docs/ccleaner/using-ccleaner/browser-cleaning
Source: bcLKBiuPHu.exe, 00000003.00000001.1254475437.000000000191D000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.ccleaner.com/docs/ccleaner/using-ccleaner/managing-auto-starting-programs
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.000000000191D000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000000.00000000.1233156408.000000000191D000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1324019828.000000000191D000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.000000000191D000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.ccleaner.com/docs/ccleaner/using-ccleaner/uninstalling-programs
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.000000000191D000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000000.00000000.1233156408.000000000191D000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1324019828.000000000191D000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.000000000191D000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.ccleaner.com/go/app_cc_help_performance_optimizer
Source: bcLKBiuPHu.exe, 00000000.00000002.1333966196.0000000001BF6000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1324019828.0000000001BF6000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.ccleaner.com/go/app_cc_help_preloading
Source: bcLKBiuPHu.exe, 00000000.00000002.1333966196.0000000001BF6000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1324019828.0000000001BF6000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.ccleaner.com/go/app_cc_help_schedule_setup?utm_source=ccleaner&utm_medium=application&ut
Source: bcLKBiuPHu.exe, 00000000.00000002.1333966196.0000000001BF6000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1324019828.0000000001BF6000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.ccleaner.com/go/app_deactivated_help
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.000000000191D000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000000.00000002.1333966196.0000000001BF6000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000000.00000000.1233156408.000000000191D000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1324019828.000000000191D000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.000000000191D000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1324019828.0000000001BF6000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.ccleaner.com/go/app_du_support
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.000000000191D000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000000.00000000.1233156408.000000000191D000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1324019828.000000000191D000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.000000000191D000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.ccleaner.com/go/app_du_survey
Source: bcLKBiuPHu.exe, 00000000.00000002.1333966196.0000000001BF6000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1324019828.0000000001BF6000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.ccleaner.com/go/app_du_systemprotection
Source: bcLKBiuPHu.exe, 00000000.00000002.1333966196.0000000001BF6000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1324019828.0000000001BF6000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.ccleaner.com/go/app_du_systemrestoreinfo
Source: bcLKBiuPHu.exe, 00000000.00000002.1333966196.0000000001BF6000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1324019828.0000000001BF6000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.ccleaner.com/go/app_no_license_error
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.000000000191D000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000000.00000000.1233156408.000000000191D000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1324019828.000000000191D000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.000000000191D000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.ccleaner.com/go/app_po_survey
Source: bcLKBiuPHu.exe, 00000000.00000003.1242027207.000000000642E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.openssl.org/H
Source: bcLKBiuPHu.exe, 00000003.00000003.1314340390.0000000006340000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1314567086.0000000006345000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1304077858.000000000633F000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1314498469.0000000006342000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org
Source: bcLKBiuPHu.exe, 00000003.00000003.1270776760.000000000638A000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1306477150.00000000084BF000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1270153053.00000000088FC000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1270521497.00000000088F1000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1270746328.00000000088FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/
Source: bcLKBiuPHu.exe, 00000003.00000003.1256438125.0000000006349000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1256524327.00000000083D7000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1332883011.0000000008510000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/download/releases/2.3/mro/.
Source: bcLKBiuPHu.exe, 00000003.00000003.1305121391.0000000008950000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1306268970.0000000008991000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305400557.0000000008982000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305605705.0000000008982000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305270796.0000000008975000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1315693300.0000000008999000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1303734235.000000000892E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305655841.0000000008986000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1317685409.0000000008999000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305849534.0000000008990000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305302869.0000000008981000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305820390.000000000898D000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305236312.0000000008964000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/
Source: bcLKBiuPHu.exe, 00000003.00000003.1305121391.0000000008950000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305378289.00000000089A5000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305270796.0000000008975000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1303734235.000000000892E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305543531.00000000089A6000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305302869.0000000008981000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305236312.0000000008964000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/0m
Source: bcLKBiuPHu.exe, 00000003.00000003.1305121391.0000000008950000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1306268970.0000000008991000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305400557.0000000008982000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305605705.0000000008982000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305270796.0000000008975000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1315693300.0000000008999000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1303734235.000000000892E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305655841.0000000008986000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1317685409.0000000008999000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305849534.0000000008990000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305302869.0000000008981000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305820390.000000000898D000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305236312.0000000008964000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/r
Source: bcLKBiuPHu.exe, 00000003.00000003.1310362216.0000000008858000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1309864755.0000000008854000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1307892105.0000000008851000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yahoo.com/
Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
Source: bcLKBiuPHu.exe, 00000000.00000000.1233156408.0000000000C59000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: GetRawInputDatamemstr_8bc9f796-8
Source: bcLKBiuPHu.exeStatic PE information: Resource name: BINARY type: PE32+ executable (DLL) (console) x86-64, for MS Windows
Source: bcLKBiuPHu.exeStatic PE information: Resource name: BINARY type: PE32+ executable (DLL) (console) x86-64, for MS Windows
Source: bcLKBiuPHu.exeStatic PE information: Resource name: BRANDING type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Source: bcLKBiuPHu.exeStatic PE information: Resource name: FILE type: PE32+ executable (DLL) (console) x86-64, for MS Windows
Source: unicodedata.pyd.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: bcLKBiuPHu.exe, 00000000.00000003.1244326319.000000000642E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs bcLKBiuPHu.exe
Source: bcLKBiuPHu.exe, 00000000.00000003.1238533849.000000000642C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs bcLKBiuPHu.exe
Source: bcLKBiuPHu.exe, 00000000.00000000.1233156408.0000000001254000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameMsMpEngCP.exeZ vs bcLKBiuPHu.exe
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilename vs bcLKBiuPHu.exe
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: \Unknown member: doshdr.%spevars not availableUnknown member: pehdr.%sInvalid index in DataDirectory: %dInvalid index in opclog: %dInvalid index in fopclog2: %dInvalid index in epcode: %dInvalid index in fopclog: %dUnknown member: peattributes.%sInvalid section %d or bigger than NumberOfSection=%d!__mmap_ex() failedpe_fofs_to_mofs failed!__mmap_ex(%d) failedmmap_patch(): buffer is emptymmap_patch_buff() failedpe_mofs_to_fofs(%d) failedUfsSeekRead(%d) failedImageName is NULLStringCchCopyA failedFileDescriptionInternalNameCompanyNamepe.get_versioninfo() failed to create the StringVersionIterator: %sInvalid sigattr_head indexpe.vm_search: mask_size != buffer_sizeInvalid index in netmetadata.tokens: %dpe.get_fixedversioninfo() failed to create the StringVersionIterator: %sFileVersionFileTypeFileSubtypeFileDateOriginalFilenameProductVersionFileFlagsMaskFileFlagsFileOSpe.metadata_decode: decode failed for 0x%xInvalid index in v->imps: %dfnrvape.metadata_decode: Invalid field index %d (should be 1-based)9m vs bcLKBiuPHu.exe
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: ClearOriginalFileName vs bcLKBiuPHu.exe
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: $OFNAllowIdenticalNamesClearOriginalFileName vs bcLKBiuPHu.exe
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: mZOriginalFileNameMaintenanceWindow vs bcLKBiuPHu.exe
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: mZOriginalFileNameMaintenanceWindowprocessed%zd files in Moac, %zd skipped (cached), %zd filename setOriginalFileName Maintenance:HintENG:OFNPROCESSED:) vs bcLKBiuPHu.exe
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: .?AVCMaintenanceOriginalFileNameTask@@ vs bcLKBiuPHu.exe
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameBTR.sysZ vs bcLKBiuPHu.exe
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameoffreg.dllj% vs bcLKBiuPHu.exe
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameKSLDriver.sysZ vs bcLKBiuPHu.exe
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameKSLD.sysZ vs bcLKBiuPHu.exe
Source: bcLKBiuPHu.exe, 00000000.00000000.1233156408.0000000000C59000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: GetOriginalFileName vs bcLKBiuPHu.exe
Source: bcLKBiuPHu.exe, 00000000.00000000.1233156408.0000000000C59000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SetOriginalFileName vs bcLKBiuPHu.exe
Source: bcLKBiuPHu.exe, 00000000.00000000.1233156408.0000000000C59000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: ENG:OFNSET:SetOriginalFileNameProcess:process:// vs bcLKBiuPHu.exe
Source: bcLKBiuPHu.exe, 00000000.00000000.1233156408.0000000000C59000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFileName vs bcLKBiuPHu.exe
Source: bcLKBiuPHu.exe, 00000000.00000000.1233156408.0000000000C59000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFileNameCreatorProcessId<Process ProcessId="%u" ProcessCreationTime="%llu" CreatorProcessId="%u" CreatorProcessCreationTime="%llu" Name="%s" IsExcluded="%u" IsFriendly="%u"> vs bcLKBiuPHu.exe
Source: bcLKBiuPHu.exe, 00000000.00000000.1233156408.0000000000C59000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SecondParameterBM_RegistryKeyDeleteBM_RegistryKeyRenameBM_RegistryDeleteValueBM_RegistrySetValueBM_OpenFileBM_DeleteFileBM_RegistryKeyCreateBM_FileMetaDataBM_ProcessCreateBM_RawWriteBM_NetworkDetectionBM_ProcessStartBM_NetworkDataSendBM_NetworkConnectBM_RemoteThreadCreateBM_BootSectorChangeBM_Etw_PsSetLoadImageNotifyRoutineBM_EngineInternalBM_Etw_SetEventHookBM_Etw_TerminateProcessBM_ModuleLoadBM_ArDetectionBM_RegistryBlockDeleteBM_RegistryBlockSetBM_Etw_OpenThreadBM_Etw_OpenProcessBM_Etw_RegisterShutdownBM_Etw_RegisterLastShutdownBM_Etw_NtAdjustPrivilegesBM_Etw_RegisterInputDevicesBM_Etw_WriteMemoryBM_Etw_SetThreadContextBM_RegistryBlockReplaceBM_RegistryBlockRestoreBM_DesktopBM_VolumeMountBM_RegistryRestoreBM_Etw_CreateLinkBM_RegistryBlockRenameBM_RegistryReplaceBM_Etw_SetWindowsHookBM_Etw_BlockExploitBM_CreateFolderBM_Etw_GetAsyncKeyStateBM_BlockOpenProcessBM_OpenProcessBM_Etw_CodeInjectionBM_RegistryBlockCreateBM_EnumFolderBM_Etw_WMIExecMethodBM_Etw_OCTAGON_PROCESS_TOKEN_TAMPERING_ENFORCEBM_RenameFolderBM_Etw_DirEnumBM_Etw_AllocVmLocalBM_Etw_WMIActivityNewBM_Etw_ClearLogBM_Etw_OCTAGON_DANGEROUS_DEVICE_PRESENT_AUDITBM_Etw_OCTAGON_DRIVER_DISPATCH_REDIRECTION_AUDITBM_HardLinkFileBM_Etw_OCTAGON_RUNTIME_CI_FAILURE_AUDITBM_Etw_OCTAGON_DANGEROUS_DEVICE_PRESENT_ENFORCEBM_Etw_OCTAGON_DRIVER_DISPATCH_REDIRECTION_ENFORCEBM_Etw_OCTAGON_PROCESS_TOKEN_TAMPERING_AUDITBM_Etw_OCTAGON_RUNTIME_CI_FAILURE_ENFORCEBM_Etw_CredEnumerateBM_Etw_CredReadCredentialsBM_Etw_CredFindBestCredentialBM_Etw_CredReadDomainCredentialsBM_DLPBM_CopyFileBM_Etw_OCTAGON_PROCESS_TAMPERING_AUDITBM_Etw_OCTAGON_PROCESS_TAMPERING_ENFORCEBM_TaintBM_Etw_VaultGetUniqueCredentialBM_Amsi_MatchBM_Amsi_ScanBM_Etw_CredBackupCredentialsBM_Etw_CredReadByTokenHandleBM_Etw_VaultEnumerateCredentialsBM_Etw_VaultFindCredentialsBM_Etw_LogonFailureBM_Etw_LogonSuccessBM_Etw_AccountPasswordChangedBM_Etw_UserAccountChangedBM_Etw_BITSCreateBM_Etw_LDAPSearchBM_Etw_ScheduledTaskUpdateBM_Etw_ScheduledTaskCreateBM_Etw_ExploitProtectionBM_Etw_UserAccountCreatedBM_Network_VolumeBM_Network_PortOpenBM_Etw_HiveHistoryClearBM_Etw_AccountPasswordResetBM_SignatureTriggerBM_OriginalFileNameBM_Etw_UnloadDriverBM_Etw_LoadDriverBM_Etw_UnloadDeviceBM_Etw_LoadDeviceBM_Etw_ResumeThreadBM_Etw_SuspendThreadBM_Etw_ResumeProcessBM_Etw_SuspendProcessBM_Etw_ServiceHostStartedBM_Etw_ServiceChangeAccountInfoBM_Network_FailureBM_Etw_ServiceStartedBM_Etw_ServiceStopBM_Etw_ProtectVmLocalBM_Etw_ServiceChangeBinaryPathBM_Etw_ServiceChangeStartTypeAL""L"%ls""%hS"BM_Etw_AllocVmRemoteBM_Etw_ProtectVmRemoteBM_Etw_V2CodeInjectionBM_Etw_ReadVmRemoteATTR_%08lxSigSeqThreatName{0, %ls, __attr_none__, %ls, %ls}0x%lXError while processing Event, i.e you're missing an event.Error while processing Event: ID = [%d], HR = [%lx]IsPePlusIsPeFileInfoIsPacked vs bcLKBiuPHu.exe
Source: bcLKBiuPHu.exe, 00000000.00000000.1233156408.0000000000C59000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameCompanyNameCommentsLegalCopyrightProductNameFileDescriptionLegalTrademarksPeStaticCRC3LengthCRC1IatSkipCRC3CRC2CopyrightCommentsArchitectureTrademarksFileVersionPeStaticsEpSecSectionKCRC2KCRC1KCRC3InternalNameFileDescriptionOriginalFileNamePEUnknownx86ia64x64 vs bcLKBiuPHu.exe
Source: bcLKBiuPHu.exe, 00000000.00000002.1333966196.0000000001257000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameMsMpEngSvc.dllZ vs bcLKBiuPHu.exe
Source: bcLKBiuPHu.exe, 00000000.00000002.1333966196.0000000001257000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamempengine.dllZ vs bcLKBiuPHu.exe
Source: bcLKBiuPHu.exe, 00000000.00000002.1333966196.0000000001257000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameMpGear.dllZ vs bcLKBiuPHu.exe
Source: bcLKBiuPHu.exe, 00000000.00000002.1333966196.0000000001257000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamebranding.dll\ vs bcLKBiuPHu.exe
Source: bcLKBiuPHu.exe, 00000000.00000003.1242027207.000000000642E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibsslH vs bcLKBiuPHu.exe
Source: bcLKBiuPHu.exe, 00000000.00000003.1239275348.000000000642C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs bcLKBiuPHu.exe
Source: bcLKBiuPHu.exe, 00000000.00000003.1238747954.000000000642C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_decimal.pyd. vs bcLKBiuPHu.exe
Source: bcLKBiuPHu.exe, 00000000.00000003.1244614120.000000000642E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs bcLKBiuPHu.exe
Source: bcLKBiuPHu.exe, 00000000.00000003.1239360047.000000000642C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs bcLKBiuPHu.exe
Source: bcLKBiuPHu.exe, 00000000.00000003.1238964960.000000000642C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs bcLKBiuPHu.exe
Source: bcLKBiuPHu.exe, 00000000.00000003.1237480769.000000000642C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs bcLKBiuPHu.exe
Source: bcLKBiuPHu.exe, 00000000.00000003.1239142078.000000000642C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs bcLKBiuPHu.exe
Source: bcLKBiuPHu.exe, 00000000.00000003.1239459058.000000000642C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs bcLKBiuPHu.exe
Source: bcLKBiuPHu.exe, 00000003.00000000.1252684085.0000000000C59000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: GetOriginalFileName vs bcLKBiuPHu.exe
Source: bcLKBiuPHu.exe, 00000003.00000000.1252684085.0000000000C59000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SetOriginalFileName vs bcLKBiuPHu.exe
Source: bcLKBiuPHu.exe, 00000003.00000000.1252684085.0000000000C59000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: ENG:OFNSET:SetOriginalFileNameProcess:process:// vs bcLKBiuPHu.exe
Source: bcLKBiuPHu.exe, 00000003.00000000.1252684085.0000000000C59000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFileName vs bcLKBiuPHu.exe
Source: bcLKBiuPHu.exe, 00000003.00000000.1252684085.0000000000C59000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFileNameCreatorProcessId<Process ProcessId="%u" ProcessCreationTime="%llu" CreatorProcessId="%u" CreatorProcessCreationTime="%llu" Name="%s" IsExcluded="%u" IsFriendly="%u"> vs bcLKBiuPHu.exe
Source: bcLKBiuPHu.exe, 00000003.00000000.1252684085.0000000000C59000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SecondParameterBM_RegistryKeyDeleteBM_RegistryKeyRenameBM_RegistryDeleteValueBM_RegistrySetValueBM_OpenFileBM_DeleteFileBM_RegistryKeyCreateBM_FileMetaDataBM_ProcessCreateBM_RawWriteBM_NetworkDetectionBM_ProcessStartBM_NetworkDataSendBM_NetworkConnectBM_RemoteThreadCreateBM_BootSectorChangeBM_Etw_PsSetLoadImageNotifyRoutineBM_EngineInternalBM_Etw_SetEventHookBM_Etw_TerminateProcessBM_ModuleLoadBM_ArDetectionBM_RegistryBlockDeleteBM_RegistryBlockSetBM_Etw_OpenThreadBM_Etw_OpenProcessBM_Etw_RegisterShutdownBM_Etw_RegisterLastShutdownBM_Etw_NtAdjustPrivilegesBM_Etw_RegisterInputDevicesBM_Etw_WriteMemoryBM_Etw_SetThreadContextBM_RegistryBlockReplaceBM_RegistryBlockRestoreBM_DesktopBM_VolumeMountBM_RegistryRestoreBM_Etw_CreateLinkBM_RegistryBlockRenameBM_RegistryReplaceBM_Etw_SetWindowsHookBM_Etw_BlockExploitBM_CreateFolderBM_Etw_GetAsyncKeyStateBM_BlockOpenProcessBM_OpenProcessBM_Etw_CodeInjectionBM_RegistryBlockCreateBM_EnumFolderBM_Etw_WMIExecMethodBM_Etw_OCTAGON_PROCESS_TOKEN_TAMPERING_ENFORCEBM_RenameFolderBM_Etw_DirEnumBM_Etw_AllocVmLocalBM_Etw_WMIActivityNewBM_Etw_ClearLogBM_Etw_OCTAGON_DANGEROUS_DEVICE_PRESENT_AUDITBM_Etw_OCTAGON_DRIVER_DISPATCH_REDIRECTION_AUDITBM_HardLinkFileBM_Etw_OCTAGON_RUNTIME_CI_FAILURE_AUDITBM_Etw_OCTAGON_DANGEROUS_DEVICE_PRESENT_ENFORCEBM_Etw_OCTAGON_DRIVER_DISPATCH_REDIRECTION_ENFORCEBM_Etw_OCTAGON_PROCESS_TOKEN_TAMPERING_AUDITBM_Etw_OCTAGON_RUNTIME_CI_FAILURE_ENFORCEBM_Etw_CredEnumerateBM_Etw_CredReadCredentialsBM_Etw_CredFindBestCredentialBM_Etw_CredReadDomainCredentialsBM_DLPBM_CopyFileBM_Etw_OCTAGON_PROCESS_TAMPERING_AUDITBM_Etw_OCTAGON_PROCESS_TAMPERING_ENFORCEBM_TaintBM_Etw_VaultGetUniqueCredentialBM_Amsi_MatchBM_Amsi_ScanBM_Etw_CredBackupCredentialsBM_Etw_CredReadByTokenHandleBM_Etw_VaultEnumerateCredentialsBM_Etw_VaultFindCredentialsBM_Etw_LogonFailureBM_Etw_LogonSuccessBM_Etw_AccountPasswordChangedBM_Etw_UserAccountChangedBM_Etw_BITSCreateBM_Etw_LDAPSearchBM_Etw_ScheduledTaskUpdateBM_Etw_ScheduledTaskCreateBM_Etw_ExploitProtectionBM_Etw_UserAccountCreatedBM_Network_VolumeBM_Network_PortOpenBM_Etw_HiveHistoryClearBM_Etw_AccountPasswordResetBM_SignatureTriggerBM_OriginalFileNameBM_Etw_UnloadDriverBM_Etw_LoadDriverBM_Etw_UnloadDeviceBM_Etw_LoadDeviceBM_Etw_ResumeThreadBM_Etw_SuspendThreadBM_Etw_ResumeProcessBM_Etw_SuspendProcessBM_Etw_ServiceHostStartedBM_Etw_ServiceChangeAccountInfoBM_Network_FailureBM_Etw_ServiceStartedBM_Etw_ServiceStopBM_Etw_ProtectVmLocalBM_Etw_ServiceChangeBinaryPathBM_Etw_ServiceChangeStartTypeAL""L"%ls""%hS"BM_Etw_AllocVmRemoteBM_Etw_ProtectVmRemoteBM_Etw_V2CodeInjectionBM_Etw_ReadVmRemoteATTR_%08lxSigSeqThreatName{0, %ls, __attr_none__, %ls, %ls}0x%lXError while processing Event, i.e you're missing an event.Error while processing Event: ID = [%d], HR = [%lx]IsPePlusIsPeFileInfoIsPacked vs bcLKBiuPHu.exe
Source: bcLKBiuPHu.exe, 00000003.00000000.1252684085.0000000000C59000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameCompanyNameCommentsLegalCopyrightProductNameFileDescriptionLegalTrademarksPeStaticCRC3LengthCRC1IatSkipCRC3CRC2CopyrightCommentsArchitectureTrademarksFileVersionPeStaticsEpSecSectionKCRC2KCRC1KCRC3InternalNameFileDescriptionOriginalFileNamePEUnknownx86ia64x64 vs bcLKBiuPHu.exe
Source: bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilename vs bcLKBiuPHu.exe
Source: bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: \Unknown member: doshdr.%spevars not availableUnknown member: pehdr.%sInvalid index in DataDirectory: %dInvalid index in opclog: %dInvalid index in fopclog2: %dInvalid index in epcode: %dInvalid index in fopclog: %dUnknown member: peattributes.%sInvalid section %d or bigger than NumberOfSection=%d!__mmap_ex() failedpe_fofs_to_mofs failed!__mmap_ex(%d) failedmmap_patch(): buffer is emptymmap_patch_buff() failedpe_mofs_to_fofs(%d) failedUfsSeekRead(%d) failedImageName is NULLStringCchCopyA failedFileDescriptionInternalNameCompanyNamepe.get_versioninfo() failed to create the StringVersionIterator: %sInvalid sigattr_head indexpe.vm_search: mask_size != buffer_sizeInvalid index in netmetadata.tokens: %dpe.get_fixedversioninfo() failed to create the StringVersionIterator: %sFileVersionFileTypeFileSubtypeFileDateOriginalFilenameProductVersionFileFlagsMaskFileFlagsFileOSpe.metadata_decode: decode failed for 0x%xInvalid index in v->imps: %dfnrvape.metadata_decode: Invalid field index %d (should be 1-based)9m vs bcLKBiuPHu.exe
Source: bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: ClearOriginalFileName vs bcLKBiuPHu.exe
Source: bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: $OFNAllowIdenticalNamesClearOriginalFileName vs bcLKBiuPHu.exe
Source: bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: mZOriginalFileNameMaintenanceWindow vs bcLKBiuPHu.exe
Source: bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: mZOriginalFileNameMaintenanceWindowprocessed%zd files in Moac, %zd skipped (cached), %zd filename setOriginalFileName Maintenance:HintENG:OFNPROCESSED:) vs bcLKBiuPHu.exe
Source: bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: .?AVCMaintenanceOriginalFileNameTask@@ vs bcLKBiuPHu.exe
Source: bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameBTR.sysZ vs bcLKBiuPHu.exe
Source: bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameoffreg.dllj% vs bcLKBiuPHu.exe
Source: bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameKSLDriver.sysZ vs bcLKBiuPHu.exe
Source: bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameKSLD.sysZ vs bcLKBiuPHu.exe
Source: bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000001254000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameMsMpEngCP.exeZ vs bcLKBiuPHu.exe
Source: bcLKBiuPHu.exe, 00000003.00000002.1324019828.0000000001257000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameMsMpEngSvc.dllZ vs bcLKBiuPHu.exe
Source: bcLKBiuPHu.exe, 00000003.00000002.1324019828.0000000001257000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamempengine.dllZ vs bcLKBiuPHu.exe
Source: bcLKBiuPHu.exe, 00000003.00000002.1324019828.0000000001257000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameMpGear.dllZ vs bcLKBiuPHu.exe
Source: bcLKBiuPHu.exe, 00000003.00000002.1324019828.0000000001257000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamebranding.dll\ vs bcLKBiuPHu.exe
Source: bcLKBiuPHu.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: classification engineClassification label: sus39.winEXE@4/19@1/1
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1228:120:WilError_03
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeFile created: C:\Users\user~1\AppData\Local\Temp\_MEI63002Jump to behavior
Source: bcLKBiuPHu.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: bcLKBiuPHu.exe, 00000000.00000000.1233156408.0000000000C59000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000000.1252684085.0000000000C59000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT 1 FROM SQLITE_MASTER WHERE type=? AND name=? LIMIT 1;
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: INSERT INTO FileLowFiAsync(Key, FileName, SigSeq, SigSha, SigIsSync, InstanceTimeStamp) VALUES(?, ? , ? , ? , ? , ?);
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT ID FROM ProcessBlockHistory WHERE ProcessPath = ?;
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: INSERT INTO AnomalyInfo(Key, UnbiasedTime) VALUES (?, ?);
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: UPDATE SQLiteGlobals SET Current = 0 WHERE Current = 1; INSERT INTO SQLiteGlobals(Version, Current, LastUpdated) VALUES(13, 1, date('now'));
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT Count(1) FROM AutoFeatureControl;
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT DISTINCT TableName FROM AnomalyTables;
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT Key FROM FileHashes WHERE FileHashes.Key = ?;
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT Count(1) FROM RansomwareDetections;
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: UPDATE %Q.%s SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT Count(1) FROM NetworkIpFirewallRules;
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: INSERT INTO RollingQueuesValues(EntryTable, EntryKey, EntryValue, InsertTime, ExpireTime) VALUES(? , ? , ? , ? , ?);
Source: bcLKBiuPHu.exe, 00000000.00000000.1233156408.0000000000C59000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000000.1252684085.0000000000C59000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT Key, VSN, FileID, USN, InstanceTimeStamp, SHA1, MD5, SHA256, LSHASH, LSHASHS, CTPH, PartialCRC1, PartialCRC2, PartialCRC3, KCRC1, KCRC2, KCRC3, KCRC3n FROM FileHashes WHERE Key = ?;
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT ProcessPath, TimeStamp, TargetPath, RuleId, IsAudit, Action, ProcessTaintReason, ProcessIntegrity FROM ProcessBlockHistory WHERE ProcessPath = ? ORDER BY TimeStamp DESC;
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT COUNT(1) FROM FileLowFiAsync;
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT ID from RecordIdentifier WHERE Key = ? AND RecordTimeStamp = ? ;
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT Count(1) FROM SystemFileCache WHERE CleanFileShaHash = ?;
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: UPDATE SQLiteGlobals SET Current = 0 WHERE Current = 1; INSERT INTO SQLiteGlobals(Version, Current, LastUpdated) VALUES(6, 1, date('now'));
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: UPDATE SQLiteGlobals SET Current = 0 WHERE Current = 1; INSERT INTO SQLiteGlobals(Version, Current, LastUpdated) VALUES(14, 1, date('now'));
Source: bcLKBiuPHu.exe, 00000000.00000000.1233156408.0000000000C59000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000000.1252684085.0000000000C59000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT ID FROM DynSigRevisions WHERE DynSigRevisions.Key = ?;
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT ProcessPath, TimeStamp, TargetPath, RuleId, IsAudit, Action, ProcessTaintReason, ProcessIntegrity FROM ProcessBlockHistory WHERE ProcessPath = ? AND TimeStamp = ? ORDER BY TimeStamp DESC;
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT ProcessPath, TimeStamp, TargetPath, RuleId, IsAudit, Action, ProcessTaintReason, ProcessIntegrity FROM ProcessBlockHistory WHERE RuleId = ? ORDER BY TimeStamp DESC;
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: UPDATE SQLiteGlobals SET Current = 0 WHERE Current = 1; INSERT INTO SQLiteGlobals(Version, Current, LastUpdated) VALUES(4, 1, date('now'));
Source: bcLKBiuPHu.exe, 00000000.00000000.1233156408.0000000000C59000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000000.1252684085.0000000000C59000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT Key, Name, Capacity, TimeToLive, Mode FROM RollingQueuesTables WHERE Key = ?;
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: INSERT INTO BmFileStartupActions(FilePathHash, FilePath, ActionFlags, ProcessStartCount, FdrFlags, FdrThreatRecordId, EvaluatorThreatRecordId, TrustedInstallerThreatRecordId, LFRThreatRecordId) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?);
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: INSERT INTO BmFileActions(FileInfoId, ThreatRecordId, Action) VALUES (?, ?, ?);
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: UPDATE SQLiteGlobals SET Current = 0 WHERE Current = 1; INSERT INTO SQLiteGlobals(Version, Current, LastUpdated) VALUES(5, 1, date('now'));
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT Key, Name, Count, InsertTime, ExpireTime, UpdateTime, ScalarFactor, LinearFactor, DecayInterval, HighCount, LastDecayTime FROM AtomicCounters WHERE Key = ?;
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT ID FROM FolderGuardPaths WHERE UserIdHash = ? LIMIT 1;
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: INSERT INTO RansomwareDetections(Key, DetectionGuid, LkgTS, NextUSN, DetectionTS, ProvisionalRemedComplTS, RemedComplTS, ImpactedCBPNameSpaces, InstanceTimeStamp) VALUES ( ?, ?, ?, ?, ?, ?, ?, ?, ?);
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: UPDATE SQLiteGlobals SET Current = 0 WHERE Current = 1; INSERT INTO SQLiteGlobals(Version, Current, LastUpdated) VALUES(12, 1, date('now'));
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT CleanFileSha, CleanFileShaHash FROM SystemFileCache WHERE InstanceTimeStamp < ?;
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT PersistId, PersistIdBlob, ExpirationDate FROM AmsiFileCache WHERE ExpirationDate < DateTime(?);
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: INSERT INTO DynSigRevisions(Key, SdnRevision, EsuRevision, BFRevision, EntCertRevision, TamperRevision, AGBlobRevision, BFFileAllowRevision, BFFileBlockRevision, BFCertAllowRevision, BFCertBlockRevision) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?);
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT Key, RecordTimeStamp, Generation FROM RecordIdentifier WHERE RecordIdentifier.ID IN (SELECT FileInstance.RecordID from FileInstance WHERE FileInstance.ParentRecordID = ? );
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT RuleAction, RuleId, IsAudit, IsInherited, State FROM BmHipsRuleInfo WHERE ProcessInfoId = ?;
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT Key, FirewallRuleName, ExpiryTime FROM NetworkIpFirewallRules WHERE ExpiryTime < ?;
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT Count(1) FROM SystemFileCache;
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT ProcessPath, TimeStamp, TargetPath, RuleId, IsAudit, Action, ProcessTaintReason, ProcessIntegrity FROM ProcessBlockHistory WHERE ProcessPath = ? ORDER BY TimeStamp DESC LIMIT 1;
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: INSERT INTO BmFileInfo(NormalizedPathHash, DosPathHash, StructVersion, NormalizedPath, DosPath, Wow64Context, MetaContext, IsFromWeb, IsExecutable) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?);
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT Count(1) FROM SdnEx;
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: UPDATE SQLiteGlobals SET Current = 0 WHERE Current = 1; INSERT INTO SQLiteGlobals(Version, Current, LastUpdated) VALUES(3, 1, date('now'));
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: INSERT INTO FileInstance(InstanceTimeStamp, RecordID, ScanID, TrackingEnabled, StorageEvent, StorageEventState, ModificationsCount, ParentRecordID, Parent_FileEvent, Parent_FileName, Parent_ProcessID, Remote_ProcessID, FileID, FileName, USN, CreateTime, LastAccessTime, LastWriteTime, Signer, SignerHash, Issuer, SigningTime, MOTW, MOTWFromParent,IsValidCert, CertInvalidDetails, IsCatalogSigned) VALUES(?, ? , ?, ?, ?, ? , ? , ? , ? , ? , ?, ?, ?, ?, ?, ? , ? , ? , ? , ? , ?, ?, ?, ?, ?, ?, ?);
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT EntryTable, EntryKey, EntryValue, InsertTime, ExpireTime FROM RollingQueuesValues WHERE EntryTable = ?;
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: INSERT INTO AtomicCounters(Key, Name, Count, InsertTime, ExpireTime, UpdateTime, ScalarFactor, LinearFactor, DecayInterval, HighCount, LastDecayTime) VALUES(? , ? , ? , ? , ? , ? , ? , ? , ? , ? , ?);
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT Version, Current, LastUpdated FROM SQLiteGlobals WHERE Current = 1 ORDER BY Version DESC ;
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT ID FROM AmsiFileCache WHERE AmsiFileCache.PersistId = ?;
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: INSERT INTO AttributeCounts(Key, Name, Count, InsertTime, ExpireTime) VALUES(? , ? , ? , ? , ?);
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: UPDATE SQLiteGlobals SET Current = 0 WHERE Current = 1; INSERT INTO SQLiteGlobals(Version, Current, LastUpdated) VALUES(28, 1, date('now'));
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: INSERT INTO AttributePersistContext(Key, FilePath, Context, InsertTime, ExpireTime) VALUES(? , ? , ? , ? , ?);
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: UPDATE AtomicCounters SET Name = ?, Count = ?, InsertTime = ?, ExpireTime = ?, UpdateTime = ?, ScalarFactor = ?, LinearFactor = ?, DecayInterval = ?, HighCount = ?, LastDecayTime = ?, WHERE Key = ?;
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT ID from File WHERE SHA1 = ? ;
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: INSERT INTO ScanInfo(SigSeq, PersistSigSeq, ProgenitorPersistSigSeq, ScanAgent, NamedAttributes, PeAttributes, SigAttrEvents, ScanReason, WebURL, EngineID, SigSha) VALUES(? , ? , ? , ? , ? , ? , ? , ? , ? , ? , ? );
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT COUNT(DISTINCT ProcessPath) FROM ProcessBlockHistory;
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT ID FROM Engine WHERE EngineVersion = ? AND SigVersion = ? ;
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: INSERT INTO AmsiFileCache(PersistId, PersistIdBlob, ExpirationDate) VALUES (?, ?, DateTime('now', ?));
Source: bcLKBiuPHu.exe, 00000000.00000000.1233156408.0000000000C59000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000000.1252684085.0000000000C59000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT COUNT(1) FROM AttributePersistContext;
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT Count(1) FROM SystemRegistryCache;
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: UPDATE SQLiteGlobals SET Current = 0 WHERE Current = 1; INSERT INTO SQLiteGlobals(Version, Current, LastUpdated) VALUES(24, 1, date('now'));
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT ID, NormalizedPathHash, DosPathHash, StructVersion, NormalizedPath, DosPath, Wow64Context, MetaContext, IsFromWeb, IsExecutable FROM BmFileInfo WHERE NormalizedPathHash = ? OR DosPathHash = ?;
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: UPDATE SQLiteGlobals SET Current = 0 WHERE Current = 1; INSERT INTO SQLiteGlobals(Version, Current, LastUpdated) VALUES(11, 1, date('now'));
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: INSERT INTO RansomwareDetections(Key, DetectionGuid, LkgTS, NextUSN, DetectionTS, ProvisionalRemedComplTS, RemedComplTS, ImpactedCBPNameSpaces, InstanceTimeStamp) VALUES ( ?, ?, ?, ?, ?, ?, ?, ?, ?);DELETE FROM RansomwareDetections WHERE InstanceTimeStamp < ?; SELECT Count(1) FROM RansomwareDetections;DELETE FROM RansomwareDetections WHERE Key = ?;SELECT DetectionGuid, LkgTS, NextUSN, DetectionTS, ProvisionalRemedComplTS, RemedComplTS, ImpactedCBPNameSpaces FROM RansomwareDetections WHERE Key = ?;SELECT ID FROM RansomwareDetections WHERE Key = ?;
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: UPDATE SQLiteGlobals SET Current = 0 WHERE Current = 1; INSERT INTO SQLiteGlobals(Version, Current, LastUpdated) VALUES(31, 1, date('now'));
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT ID FROM BmFileInfo WHERE NormalizedPathHash = ? OR DosPathHash = ?;
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: INSERT INTO BmFileStartupActions(FilePathHash, FilePath, ActionFlags, ProcessStartCount, FdrFlags, FdrThreatRecordId, EvaluatorThreatRecordId, TrustedInstallerThreatRecordId, LFRThreatRecordId) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?);DELETE FROM BmFileStartupActions WHERE BmFileStartupActions.FilePathHash = ?;SELECT Count(1) FROM BmFileStartupActions;SELECT ID FROM BmFileStartupActions WHERE BmFileStartupActions.FilePathHash = ?;SELECT FilePathHash, FilePath, ActionFlags, ProcessStartCount, FdrFlags, FdrThreatRecordId, EvaluatorThreatRecordId, TrustedInstallerThreatRecordId, LFRThreatRecordId FROM BmFileStartupActions WHERE FilePathHash = ?|
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT InfectedFileSHA, ProcFileId, SystemFilePath, CleanFileSha FROM SystemFileCache WHERE InfectedFileSHAHash = ? OR ProcFileIDSystemFileHash = ? ORDER BY InstanceTimeStamp DESC;
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT ProcessPath, TimeStamp, TargetPath, RuleId, IsAudit, Action, ProcessTaintReason, ProcessIntegrity FROM ProcessBlockHistory WHERE RuleId = ? ORDER BY TimeStamp DESC;SELECT ProcessPath, TimeStamp, TargetPath, RuleId, IsAudit, Action, ProcessTaintReason, ProcessIntegrity FROM ProcessBlockHistory WHERE ProcessPath = ? ORDER BY TimeStamp DESC;SELECT ProcessPath, TimeStamp, TargetPath, RuleId, IsAudit, Action, ProcessTaintReason, ProcessIntegrity FROM ProcessBlockHistory ORDER BY TimeStamp DESC;SELECT ProcessPath, TimeStamp, TargetPath, RuleId, IsAudit, Action, ProcessTaintReason, ProcessIntegrity FROM ProcessBlockHistory WHERE ProcessPath = ? AND TimeStamp = ? ORDER BY TimeStamp DESC;SELECT COUNT(DISTINCT ProcessPath) FROM ProcessBlockHistory;DELETE FROM ProcessBlockHistory;SELECT t1.ProcessPath, t1.TimeStamp, t1.TargetPath, t1.RuleId, t1.IsAudit, t1.Action, t1.ProcessTaintReason, t1.ProcessIntegrity FROM ProcessBlockHistory AS t1 INNER JOIN(SELECT ID, ProcessPath, MAX(TimeStamp) AS MostRecentTime FROM ProcessBlockHistory WHERE RuleId = ? GROUP BY ProcessPath) AS t2 ON t1.ID = t2.ID AND t1.TimeStamp = t2.MostRecentTime ORDER BY t1.TimeStamp DESC;SELECT ProcessPath, TimeStamp, TargetPath, RuleId, IsAudit, Action, ProcessTaintReason, ProcessIntegrity FROM ProcessBlockHistory WHERE ProcessPath = ? ORDER BY TimeStamp DESC LIMIT 1;DELETE FROM ProcessBlockHistory WHERE ProcessPath = ? AND TimeStamp = ?;SELECT t1.ProcessPath, t1.TimeStamp, t1.TargetPath, t1.RuleId, t1.IsAudit, t1.Action, t1.ProcessTaintReason, t1.ProcessIntegrity FROM ProcessBlockHistory AS t1 INNER JOIN(SELECT ID, ProcessPath, MAX(TimeStamp) AS MostRecentTime FROM ProcessBlockHistory GROUP BY ProcessPath) AS t2 ON t1.ID = t2.ID AND t1.TimeStamp = t2.MostRecentTime ORDER BY t1.TimeStamp DESC;SELECT ID FROM ProcessBlockHistory WHERE ProcessPath = ?;SELECT COUNT(1) FROM ProcessBlockHistory;DELETE FROM ProcessBlockHistory WHERE TimeStamp < ?;REPLACE INTO ProcessBlockHistory(ProcessPath, TimeStamp, TargetPath, RuleId, IsAudit, Action, ProcessTaintReason, ProcessIntegrity) VALUES (?, ?, ?, ?, ?, ?, ?, ?);SELECT ProcessPath, TimeStamp FROM ProcessBlockHistory ORDER BY TimeStamp ASC LIMIT 1[3
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT t1.ProcessPath, t1.TimeStamp, t1.TargetPath, t1.RuleId, t1.IsAudit, t1.Action, t1.ProcessTaintReason, t1.ProcessIntegrity FROM ProcessBlockHistory AS t1 INNER JOIN(SELECT ID, ProcessPath, MAX(TimeStamp) AS MostRecentTime FROM ProcessBlockHistory GROUP BY ProcessPath) AS t2 ON t1.ID = t2.ID AND t1.TimeStamp = t2.MostRecentTime ORDER BY t1.TimeStamp DESC;
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT Key FROM FileLowFiAsync WHERE FileLowFiAsync.Key = ?; DELETE FROM FileLowFiAsync WHERE FileLowFiAsync.Key = ?; SELECT Key, FileName, SigSeq, SigSha, SigIsSync, InstanceTimeStamp FROM FileLowFiAsync WHERE Key = ?; DELETE FROM FileLowFiAsync WHERE InstanceTimeStamp < ?; SELECT COUNT(1) FROM FileLowFiAsync; INSERT INTO FileLowFiAsync(Key, FileName, SigSeq, SigSha, SigIsSync, InstanceTimeStamp) VALUES(?, ? , ? , ? , ? , ?);
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT ID FROM AutoFeatureControl WHERE AutoFeatureControl.Key = ?;
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: INSERT INTO AnomalyTables(Key, TableKey, TableName, KeyName, FirstSeen, LastSeen, UnbiasedMinutes, Value, Order_) VALUES(? , ? , ? , ? , ? , ? , ? , ? , ?);
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: INSERT INTO SystemFileCache(InfectedFileSHAHash, InfectedFileSHA, ProcFileIDSystemFileHash, ProcFileId, SystemFilePath, CleanFileSha, CleanFileShaHash, InstanceTimeStamp) VALUES ( ?, ?, ?, ?, ?, ?, ?, ?);
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: UPDATE SQLiteGlobals SET Current = 0 WHERE Current = 1; INSERT INTO SQLiteGlobals(Version, Current, LastUpdated) VALUES(16, 1, date('now'));
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: UPDATE SQLiteGlobals SET Current = 0 WHERE Current = 1; INSERT INTO SQLiteGlobals(Version, Current, LastUpdated) VALUES(8, 1, date('now'));
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: UPDATE SQLiteGlobals SET Current = 0 WHERE Current = 1; INSERT INTO SQLiteGlobals(Version, Current, LastUpdated) VALUES(26, 1, date('now'));
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT Key, TableKey, TableName, KeyName, FirstSeen, LastSeen, UnbiasedMinutes, Value, Order_ FROM AnomalyTables WHERE AnomalyTables.TableKey = ?;
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT COUNT(1) FROM AnomalyTables;
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT Count(DISTINCT UserIdHash) FROM FolderGuardPaths;
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT ID, PPIDHash, ProcessStartTime, PID, StructVersion, ImageFileName, MonitoringFlags_Flags, MonitoringFlags_VmHardenType, MonitoringFlags_ExemptVmHardenedTypes, CommandLineArgs, HipsInjectionId, FolderGuardId, Flags, LsassReadMemId, MonitoringFlags_Flags2Low, MonitoringFlags_Flags2High FROM BmProcessInfo WHERE PPIDHash = ?;
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: INSERT INTO AutoFeatureControl(Key, CurrCount, MaxCount, InstanceTimeStamp) VALUES (?, ?, ?, ?);
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT Key FROM AtomicCounters ORDER BY InsertTime ASC LIMIT 1;
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT ID, NormalizedPathHash, DosPathHash, StructVersion, NormalizedPath, DosPath, Wow64Context, MetaContext, IsFromWeb, IsExecutable FROM BmFileInfo WHERE NormalizedPathHash = ? OR DosPathHash = ?;INSERT INTO BmFileActions(FileInfoId, ThreatRecordId, Action) VALUES (?, ?, ?);SELECT ThreatRecordId, Action FROM BmFileActions WHERE FileInfoId == ?;INSERT INTO BmFileInfo(NormalizedPathHash, DosPathHash, StructVersion, NormalizedPath, DosPath, Wow64Context, MetaContext, IsFromWeb, IsExecutable) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?);DELETE FROM BmFileInfo WHERE NormalizedPathHash = ? OR DosPathHash = ?;DELETE FROM BmFileActions;DELETE FROM BmFileInfo;SELECT ID FROM BmFileInfo WHERE NormalizedPathHash = ? OR DosPathHash = ?;SELECT Count(1) FROM BmFileInfo;B
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: UPDATE SQLiteGlobals SET Current = 0 WHERE Current = 1; INSERT INTO SQLiteGlobals(Version, Current, LastUpdated) VALUES(20, 1, date('now'));
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT PersistId, PersistIdBlob, ExpirationDate FROM AmsiFileCache WHERE PersistId = ?;
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT Key FROM AtomicCounters WHERE AtomicCounters.Key = ?;
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: UPDATE SQLiteGlobals SET Current = 0 WHERE Current = 1; INSERT INTO SQLiteGlobals(Version, Current, LastUpdated) VALUES(18, 1, date('now'));
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT ID FROM BmProcessInfo WHERE PPIDHash = ?;
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT COUNT(1) FROM AnomalyInfo;
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT ValueMapArrayBlob FROM ValueMapArray WHERE Key = ? AND RecordType = ?;
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT ID FROM SystemFileCache WHERE InfectedFileSHAHash = ? OR ProcFileIDSystemFileHash = ?;
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT Key FROM AttributeCounts WHERE AttributeCounts.Key = ?;
Source: bcLKBiuPHu.exe, 00000000.00000000.1233156408.0000000000C59000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000000.1252684085.0000000000C59000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT Key, FilePath, Context, InsertTime, ExpireTime FROM AttributePersistContext WHERE Key = ?; SELECT COUNT(1) FROM AttributePersistContext; MpFileStashMaxSizeMpOplocksInSpynetFileSizeLimitMpDisableValidateTrustUseInternalCertFormatMpDisableOSXValidateTrustMpValidateTrustMSIMaxOverlayMpDisableValidateTrustAllowBadCertDirectory%WINDIR%\System32\catroot2%WINDIR%\System32\CatRootMpDisableValidateTrustInternalMachOInfinite loop detected (more that %d instructions executed)PE_SUCCESSPE_END_ENUMERATIONPE_NOMEMORYPE_OVERLAPPINGPE_READPE_WRITEPE_FILEPE_DECOMPRESS_ERRORPE_NOTIMPLEMENTEDPE_UNSUPPORTED_MACHINE_ARCHITECTUREPE_INVALID_SIZEOFOPTIONALHEADERPE_INVALID_OPTIONAL_MAGICPE_INVALID_SIZEOFIMAGEPE_INVALID_IMAGEBASEPE_INVALID_SECTIONALIGNMENTPE_INVALID_FILEALIGNMENTPE_INVALID_DOS_SIGNATUREPE_INVALID_E_LFANEWPE_INVALID_NT_SIGNATUREPE_INVALID_SIZEOFHEADERSPE_INVALID_ARGUMENTSPE_INVALID_VIRTUALSIZEPE_INVALID_VIRTUALADDRESSPE_INVALID_RAWOFFSETPE_INVALID_RAWSIZEPE_INVALID_RVAPE_INVALID_EXPORTSPE_INVALID_DATAPE_ERROR_RESERVEDMpMaxPeExportsInCoreReportsMpMapsHeartbeatDistributionIntervalMpRemediationCheckpointLiveDelayMpMaxSpynetReportsMpMapsHeartbeatDelayOnDetectionMpEnableFriendlyCloudCheckMpDisableMDMPolicyChecksMpHeartbeatControlGroupMpDisableMpsigstubErrorMapsHeartbeatMpDisableExclusionsMapsHeartbeatMpDisableMapsDisableMapsHeartbeatMpDisablePaidEnhancedMapsHeartbeatMpDisableEnhancedMapsHeartbeatMpUrlReputationTimeoutMpMaxRtsdBatchSizeMpEnhancedMapsHeartbeatRateMpDisableRtpChangeMapsHeartbeatMpDisableUninstallMapsHeartbeatMpMapsHeartbeatDelayMpEnableUefiEnumerationInHeartBeatMpDisableUrlReputationMapsMpDisableErrorMapsHeartbeatMpMaxNetworkConnectionReportsInSpynetMpMapsHeartbeatDetectionIntervalMpDisableCachingSampleSubmittedShasMpDisableRemediationCheckpointsMpRemediationCheckpointTimeoutMpSampleSubmissionSizeLimitMpPaidEnhancedMapsHeartbeatDelayMpDisableSetupErrorMapsHeartbeatMpDisableOplocksInSpynetMpMapsHeartbeatRateMpEnhancedMapsHeartbeatDelayMpMaxRtsdCountMpDisablePersistScanHandleOnThreatNotFoundMpDisableAdvSSAndFallbackToWatsonMpDisableSenseHeartbeatEtwMpDisableNetworkInfoInHeartbeatMpDisableRemediationFailTelemetryMpFirmwareEnvironmentVariableQueriesMpDisableDefenderDisableMapsHeartbeatMpDisableTestErrorMapsHeartbeatMpDisableOfflineEnhancedMapsHeartbeatMpOfflineEnhancedMapsHeartbeatRateMpDisableDnsCacheSubmissionWithNRICacheMpOfflineEnhancedMapsHeartbeatDelayMpDisableUrlReputationMapsCachet
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT Key FROM AttributeCounts ORDER BY InsertTime ASC LIMIT 1;
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT t1.ProcessPath, t1.TimeStamp, t1.TargetPath, t1.RuleId, t1.IsAudit, t1.Action, t1.ProcessTaintReason, t1.ProcessIntegrity FROM ProcessBlockHistory AS t1 INNER JOIN(SELECT ID, ProcessPath, MAX(TimeStamp) AS MostRecentTime FROM ProcessBlockHistory WHERE RuleId = ? GROUP BY ProcessPath) AS t2 ON t1.ID = t2.ID AND t1.TimeStamp = t2.MostRecentTime ORDER BY t1.TimeStamp DESC;
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT Key FROM ValueMapArray WHERE ValueMapArray.Key = ? AND ValueMapArray.RecordType = ?;
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: UPDATE SQLiteGlobals SET Current = 0 WHERE Current = 1; INSERT INTO SQLiteGlobals(Version, Current, LastUpdated) VALUES(21, 1, date('now'));
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT Count(1) FROM BmFileInfo;
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT COUNT(1) FROM AtomicCounters;
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT ThreatRecordId, Action FROM BmFileActions WHERE FileInfoId == ?;
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: UPDATE SQLiteGlobals SET Current = 0 WHERE Current = 1; INSERT INTO SQLiteGlobals(Version, Current, LastUpdated) VALUES(17, 1, date('now'));
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: INSERT INTO BmHipsRuleInfo(ProcessInfoId, RuleAction, RuleId, IsAudit, IsInherited, State) VALUES (?, ?, ?, ?, ?, ?);
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: UPDATE AttributePersistContext SET FilePath = ?, Context = ?, InsertTime = ?, ExpireTime = ? WHERE Key = ?;
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: INSERT INTO ProcessInfo(FileName, ProcessId, CommandLine, StartTime, TokenElevation, TokenElevationType, IntegrityLevel) VALUES(? , ? , ? , ? , ? , ? , ? );
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT Key, RecordTimeStamp, Generation FROM RecordIdentifier WHERE ID = ?;
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: INSERT INTO SQLiteGlobals(Version, Current, LastUpdated) VALUES(32, 1, date('now'));
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT Key FROM AttributePersistContext WHERE AttributePersistContext.Key = ?;
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: UPDATE SQLiteGlobals SET Current = 0 WHERE Current = 1; INSERT INTO SQLiteGlobals(Version, Current, LastUpdated) VALUES(19, 1, date('now'));
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT ID FROM NetworkIpFirewallRules WHERE NetworkIpFirewallRules.Key = ?;
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: INSERT INTO BackupProcessInfo(Key, FilePath, FirstStartTime, NextUSN, AutomaticRemovalPolicy, ImpactedCBPNameSpaces, InstanceTimeStamp) VALUES ( ?, ?, ?, ?, ?, ?, ?);
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: UPDATE SQLiteGlobals SET Current = 0 WHERE Current = 1; INSERT INTO SQLiteGlobals(Version, Current, LastUpdated) VALUES(22, 1, date('now'));
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT ID FROM RansomwareDetections WHERE Key = ?;
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT ID FROM SdnEx WHERE SdnEx.Key = ?;
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: UPDATE SQLiteGlobals SET Current = 0 WHERE Current = 1; INSERT INTO SQLiteGlobals(Version, Current, LastUpdated) VALUES(32, 1, date('now'));
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: UPDATE SQLiteGlobals SET Current = 0 WHERE Current = 1; INSERT INTO SQLiteGlobals(Version, Current, LastUpdated) VALUES(29, 1, date('now'));
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT ID FROM SystemRegistryCache WHERE Key = ?;
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT COUNT(1) FROM AttributeCounts;
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT Count(1) FROM AmsiFileCache;
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT Key FROM AnomalyTables WHERE AnomalyTables.TableKey = ?;
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: INSERT INTO SystemRegistryCache(Key, FileIDHash, RegPath, RegOperation, NewRegType, OldRegType, OldRegData, NewRegData, InstanceTimeStamp) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?);
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: INSERT INTO File(SHA1, MD5, lshashs, lshash, PartialCRC1, PartialCRC2, PartialCRC3, KCRC1, KCRC2, KCRC3, KCRC3n, Size, SHA256) VALUES(? , ? , ? , ? , ? , ? , ? , ? , ? , ? , ?, ?, ? );
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: UPDATE SQLiteGlobals SET Current = 0 WHERE Current = 1; INSERT INTO SQLiteGlobals(Version, Current, LastUpdated) VALUES(30, 1, date('now'));
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: UPDATE SQLiteGlobals SET Current = 0 WHERE Current = 1; INSERT INTO SQLiteGlobals(Version, Current, LastUpdated) VALUES(23, 1, date('now'));
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT COUNT(1) FROM RollingQueuesValues;
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: INSERT INTO SdnEx(Key, CurrentCount) VALUES (?, ?);
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: UPDATE SQLiteGlobals SET Current = 0 WHERE Current = 1; INSERT INTO SQLiteGlobals(Version, Current, LastUpdated) VALUES(15, 1, date('now'));
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: UPDATE SQLiteGlobals SET Current = 0 WHERE Current = 1; INSERT INTO SQLiteGlobals(Version, Current, LastUpdated) VALUES(10, 1, date('now'));
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: INSERT INTO BmProcessInfo(PPIDHash, ProcessStartTime, PID, StructVersion, ImageFileName, MonitoringFlags_Flags, MonitoringFlags_VmHardenType, MonitoringFlags_ExemptVmHardenedTypes, CommandLineArgs, HipsInjectionId, FolderGuardId, Flags, LsassReadMemId, MonitoringFlags_Flags2Low, MonitoringFlags_Flags2High)VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?);
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT Count(1) FROM BackupProcessInfo;
Source: bcLKBiuPHu.exe, 00000000.00000000.1233156408.0000000000C59000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000000.1252684085.0000000000C59000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT Key, FilePath, Context, InsertTime, ExpireTime FROM AttributePersistContext WHERE Key = ?;
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT COUNT(1) FROM ValueMapArray WHERE RecordType = ?;
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT FileInstance.ID FROM FileInstance, RecordIdentifier WHERE FileInstance.RecordID = RecordIdentifier.ID AND RecordIdentifier.Key = ?;
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT RecordIdentifier.Key, FileInstance.RecordID, RecordIdentifier.RecordTimeStamp, FileInstance.TrackingEnabled, FileInstance.StorageEvent, FileInstance.StorageEventState, FileInstance.ModificationsCount, FileInstance.ParentRecordID, FileInstance.Parent_FileEvent, FileInstance.Parent_FileName, RecordIdentifier.Generation, FileInstance.FileName, FileInstance.USN, FileInstance.CreateTime, FileInstance.LastAccessTime, FileInstance.LastWriteTime, FileInstance.Signer, FileInstance.SignerHash, FileInstance.Issuer, FileInstance.SigningTime, FileInstance.MOTW, FileInstance.MOTWFromParent, FileInstance.IsValidCert, FileInstance.CertInvalidDetails, FileInstance.IsCatalogSigned, File.SHA1, File.MD5, File.lshashs, File.lshash, File.PartialCRC1, File.PartialCRC2, File.PartialCRC3, File.KCRC1, File.KCRC2, File.KCRC3, File.KCRC3n, File.Size, File.SHA256, ParentProcessInfo.CommandLine, ParentProcessInfo.FileName, ParentProcessInfo.IntegrityLevel, ParentProcessInfo.ProcessId, ParentProcessInfo.StartTime, ParentProcessInfo.TokenElevation, ParentProcessInfo.TokenElevationType, RemoteProcessInfo.CommandLine, RemoteProcessInfo.FileName, RemoteProcessInfo.IntegrityLevel, RemoteProcessInfo.TokenElevation, RemoteProcessInfo.TokenElevationType, ScanInfo.NamedAttributes, ScanInfo.PeAttributes, ScanInfo.PersistSigSeq, ScanInfo.ProgenitorPersistSigSeq, ScanInfo.ScanAgent, ScanInfo.ScanReason, ScanInfo.SigAttrEvents, ScanInfo.SigSeq, ScanInfo.SigSha, ScanInfo.WebURL,Engine.EngineVersion, Engine.SigVersion FROM RecordIdentifier INNER JOIN (FileInstance INNER JOIN File ON FileInstance.FileID = File.ID LEFT OUTER JOIN ProcessInfo as 'ParentProcessInfo' ON FileInstance.Parent_ProcessID = ParentProcessInfo.ID LEFT OUTER JOIN ProcessInfo as 'RemoteProcessInfo' ON FileInstance.Remote_ProcessID = RemoteProcessInfo.ID LEFT OUTER JOIN (ScanInfo INNER JOIN Engine ON ScanInfo.EngineID = Engine.ID) ON FileInstance.ScanID = ScanInfo.ID ) ON RecordIdentifier.ID = FileInstance.RecordID WHERE RecordIdentifier.Key = ?;
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: UPDATE SQLiteGlobals SET Current = 0 WHERE Current = 1; INSERT INTO SQLiteGlobals(Version, Current, LastUpdated) VALUES(9, 1, date('now'));
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT Count(1) FROM DynSigRevisions;
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT COUNT(1) FROM ProcessBlockHistory;
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: INSERT INTO ValueMapArray(Key, RecordType, ValueMapArrayBlob, InstanceTimeStamp) VALUES(?, ? , ? , ?);
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT Key, Name, Count, InsertTime, ExpireTime FROM AttributeCounts WHERE Key = ?;
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT Key, FileName, SigSeq, SigSha, SigIsSync, InstanceTimeStamp FROM FileLowFiAsync WHERE Key = ?;
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT ID FROM BmFileStartupActions WHERE BmFileStartupActions.FilePathHash = ?;
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT COUNT(1) FROM FileHashes;
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT Key FROM FileLowFiAsync WHERE FileLowFiAsync.Key = ?;
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: INSERT INTO RecordIdentifier(Key, RecordTimeStamp, Generation) VALUES(?, ?, ?);
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: INSERT INTO FolderGuardPaths(UserIdHash, UserId, GUID, Path) VALUES ( ?, ?, ?, ? );SELECT Count(DISTINCT UserIdHash) FROM FolderGuardPaths;DELETE FROM FolderGuardPaths WHERE UserIdHash = ?;SELECT ID FROM FolderGuardPaths WHERE UserIdHash = ? LIMIT 1;SELECT UserId, GUID, Path FROM FolderGuardPaths WHERE UserIdHash = ?N
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: UPDATE SQLiteGlobals SET Current = 0 WHERE Current = 1; INSERT INTO SQLiteGlobals(Version, Current, LastUpdated) VALUES(27, 1, date('now'));
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT DetectionGuid, LkgTS, NextUSN, DetectionTS, ProvisionalRemedComplTS, RemedComplTS, ImpactedCBPNameSpaces FROM RansomwareDetections WHERE Key = ?;
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: INSERT INTO NetworkIpFirewallRules(Key, FirewallRuleName, ExpiryTime) VALUES (?, ?, ?);
Source: bcLKBiuPHu.exe, 00000000.00000000.1233156408.0000000000C59000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000000.1252684085.0000000000C59000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: INSERT INTO FileHashes(Key, VSN, FileID, USN, InstanceTimeStamp, SHA1, MD5, SHA256, LSHASH, LSHASHS, CTPH, PartialCRC1, PartialCRC2, PartialCRC3, KCRC1, KCRC2, KCRC3, KCRC3n) VALUES(?, ? , ? , ? , ? , ? , ? , ? , ? , ? , ? , ? , ? , ? , ? , ? , ? , ?);
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT FilePath, FirstStartTime, NextUSN, AutomaticRemovalPolicy, ImpactedCBPNameSpaces FROM BackupProcessInfo WHERE Key = ?;
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: UPDATE SQLiteGlobals SET Current = 0 WHERE Current = 1; INSERT INTO SQLiteGlobals(Version, Current, LastUpdated) VALUES(7, 1, date('now'));
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT Key FROM RollingQueuesTables WHERE RollingQueuesTables.Key = ?;
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT ProcessPath, TimeStamp, TargetPath, RuleId, IsAudit, Action, ProcessTaintReason, ProcessIntegrity FROM ProcessBlockHistory ORDER BY TimeStamp DESC;
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: INSERT INTO DynSigRevisions(Key, SdnRevision, EsuRevision, BFRevision, EntCertRevision, TamperRevision, AGBlobRevision, BFFileAllowRevision, BFFileBlockRevision, BFCertAllowRevision, BFCertBlockRevision) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?);DELETE FROM DynSigRevisions WHERE DynSigRevisions.Key = ?;SELECT Count(1) FROM DynSigRevisions;SELECT ID FROM DynSigRevisions WHERE DynSigRevisions.Key = ?;SELECT Key, SdnRevision, EsuRevision, BFRevision, EntCertRevision, TamperRevision, AGBlobRevision, BFFileAllowRevision, BFFileBlockRevision, BFCertAllowRevision, BFCertBlockRevision FROM DynSigRevisions WHERE Key = ?
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: UPDATE SQLiteGlobals SET Current = 0 WHERE Current = 1; INSERT INTO SQLiteGlobals(Version, Current, LastUpdated) VALUES(2, 1, date('now'));
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: UPDATE AttributeCounts SET Name = ?, Count = ?, InsertTime = ?, ExpireTime = ? WHERE Key = ?;
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT (SELECT COUNT(*) FROM File) + (SELECT COUNT(*) FROM FileInstance);
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: INSERT INTO RollingQueuesTables(Key, Name, Capacity, TimeToLive, Mode) VALUES(? , ? , ? , ? , ?);
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: INSERT INTO FolderGuardPaths(UserIdHash, UserId, GUID, Path) VALUES ( ?, ?, ?, ? );
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT ID FROM BackupProcessInfo WHERE Key = ?;
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: UPDATE SQLiteGlobals SET Current = 0 WHERE Current = 1; INSERT INTO SQLiteGlobals(Version, Current, LastUpdated) VALUES(25, 1, date('now'));
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT Count(1) FROM BmFileStartupActions;
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT Key FROM AttributePersistContext ORDER BY InsertTime ASC LIMIT 1;
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: INSERT INTO Engine(EngineVersion, SigVersion) VALUES(? , ? );
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeFile read: C:\Users\user\Desktop\bcLKBiuPHu.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\bcLKBiuPHu.exe "C:\Users\user\Desktop\bcLKBiuPHu.exe"
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeProcess created: C:\Users\user\Desktop\bcLKBiuPHu.exe "C:\Users\user\Desktop\bcLKBiuPHu.exe"
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeProcess created: C:\Users\user\Desktop\bcLKBiuPHu.exe "C:\Users\user\Desktop\bcLKBiuPHu.exe"Jump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeSection loaded: acgenral.dllJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeSection loaded: samcli.dllJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeSection loaded: msacm32.dllJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeSection loaded: winmmbase.dllJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeSection loaded: winmmbase.dllJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeSection loaded: sfc.dllJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeSection loaded: acgenral.dllJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeSection loaded: samcli.dllJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeSection loaded: msacm32.dllJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeSection loaded: winmmbase.dllJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeSection loaded: winmmbase.dllJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeSection loaded: sfc.dllJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeSection loaded: python3.dllJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeSection loaded: libcrypto-3.dllJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeSection loaded: libssl-3.dllJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeSection loaded: libcrypto-3.dllJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeSection loaded: kernel.appcore.dllJump to behavior
Source: bcLKBiuPHu.exeStatic PE information: certificate valid
Source: bcLKBiuPHu.exeStatic file information: File size 35527104 > 1048576
Source: bcLKBiuPHu.exeStatic PE information: section name: RT_CURSOR
Source: bcLKBiuPHu.exeStatic PE information: section name: RT_BITMAP
Source: bcLKBiuPHu.exeStatic PE information: section name: RT_ICON
Source: bcLKBiuPHu.exeStatic PE information: section name: RT_MENU
Source: bcLKBiuPHu.exeStatic PE information: section name: RT_DIALOG
Source: bcLKBiuPHu.exeStatic PE information: section name: RT_STRING
Source: bcLKBiuPHu.exeStatic PE information: section name: RT_ACCELERATOR
Source: bcLKBiuPHu.exeStatic PE information: section name: RT_GROUP_ICON
Source: bcLKBiuPHu.exeStatic PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x1aae600
Source: bcLKBiuPHu.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: bcLKBiuPHu.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: bcLKBiuPHu.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: bcLKBiuPHu.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: bcLKBiuPHu.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: bcLKBiuPHu.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: bcLKBiuPHu.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: bcLKBiuPHu.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: gcapi_dll.dll.pdb| source: bcLKBiuPHu.exe, 00000000.00000002.1333966196.0000000001257000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1324019828.0000000001257000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: BTR.pdbGCTL source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: MpGear.pdb source: bcLKBiuPHu.exe, 00000000.00000002.1333966196.0000000001257000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1324019828.0000000001257000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: KSLD.pdb source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: KSLDriver.pdbGCTL source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: D:\a\1\b\bin\win32\_decimal.pdb%% source: bcLKBiuPHu.exe, 00000000.00000003.1238747954.000000000642C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: MsMpEngCP.pdb source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: D:\a\1\b\bin\win32\_lzma.pdbOO source: bcLKBiuPHu.exe, 00000000.00000003.1239142078.000000000642C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: BTR.pdb source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: mpengine.pdb source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: D:\a\1\b\bin\win32\_queue.pdb source: bcLKBiuPHu.exe, 00000000.00000003.1239275348.000000000642C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\win32\_lzma.pdb source: bcLKBiuPHu.exe, 00000000.00000003.1239142078.000000000642C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: MsMpEngCP.pdbGCTL source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: gcapi_dll.dll.pdb source: bcLKBiuPHu.exe, 00000000.00000002.1333966196.0000000001257000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1324019828.0000000001257000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: mpengine.pdbOGPS source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: KSLDriver.pdb source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: offreg.pdbH source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: D:\a\1\b\bin\win32\_bz2.pdb source: bcLKBiuPHu.exe, 00000000.00000003.1238533849.000000000642C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\win32\select.pdb source: bcLKBiuPHu.exe, 00000000.00000003.1244326319.000000000642E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: MsMpEngSvc.pdb source: bcLKBiuPHu.exe, 00000000.00000002.1333966196.0000000001257000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1324019828.0000000001257000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: D:\a\1\b\bin\win32\_decimal.pdb source: bcLKBiuPHu.exe, 00000000.00000003.1238747954.000000000642C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\win32\_hashlib.pdb source: bcLKBiuPHu.exe, 00000000.00000003.1238964960.000000000642C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: MsMpEngSvc.pdbGCTL source: bcLKBiuPHu.exe, 00000000.00000002.1333966196.0000000001257000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1324019828.0000000001257000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: KSLD.pdbGCTL source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: offreg.pdb source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: D:\a\1\b\bin\win32\unicodedata.pdb source: bcLKBiuPHu.exe, 00000000.00000003.1244614120.0000000006439000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: MpGear.pdbGCTL source: bcLKBiuPHu.exe, 00000000.00000002.1333966196.0000000001257000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1324019828.0000000001257000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: D:\a\1\b\bin\win32\_socket.pdb source: bcLKBiuPHu.exe, 00000000.00000003.1239360047.000000000642C000.00000004.00000020.00020000.00000000.sdmp
Source: bcLKBiuPHu.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: bcLKBiuPHu.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: bcLKBiuPHu.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: bcLKBiuPHu.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: bcLKBiuPHu.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: VCRUNTIME140.dll.0.drStatic PE information: 0x7EDF1B0D [Sun Jun 14 00:04:29 2037 UTC]
Source: libcrypto-3.dll.0.drStatic PE information: section name: .00cfg
Source: libssl-3.dll.0.drStatic PE information: section name: .00cfg
Source: python311.dll.0.drStatic PE information: section name: PyRuntim
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeCode function: 0_2_00246C13 push ecx; ret 0_2_00246C26

Persistence and Installation Behavior

barindex
Found pyInstaller with non standard icon
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeProcess created: "C:\Users\user\Desktop\bcLKBiuPHu.exe"
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\_lzma.pydJump to dropped file
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\select.pydJump to dropped file
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\_ssl.pydJump to dropped file
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\python311.dllJump to dropped file
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\_hashlib.pydJump to dropped file
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\_bz2.pydJump to dropped file
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\libssl-3.dllJump to dropped file
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\charset_normalizer\md.cp311-win32.pydJump to dropped file
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\VCRUNTIME140.dllJump to dropped file
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\_brotli.cp311-win32.pydJump to dropped file
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\libcrypto-3.dllJump to dropped file
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\_decimal.pydJump to dropped file
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\_queue.pydJump to dropped file
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\charset_normalizer\md__mypyc.cp311-win32.pydJump to dropped file
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\_lzma.pydJump to dropped file
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\_ssl.pydJump to dropped file
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\select.pydJump to dropped file
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\python311.dllJump to dropped file
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\_hashlib.pydJump to dropped file
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\_bz2.pydJump to dropped file
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\charset_normalizer\md.cp311-win32.pydJump to dropped file
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\_brotli.cp311-win32.pydJump to dropped file
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\_decimal.pydJump to dropped file
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\_queue.pydJump to dropped file
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\charset_normalizer\md__mypyc.cp311-win32.pydJump to dropped file
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeFile opened: C:\Users\user~1\AppData\Local\Temp\_MEI63002\Jump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeFile opened: C:\Users\user~1\AppData\Local\Temp\_MEI63002\certifi\Jump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeFile opened: C:\Users\user~1\Jump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeFile opened: C:\Users\user~1\AppData\Local\Temp\_MEI63002\certifi\cacert.pemJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeFile opened: C:\Users\user~1\AppData\Local\Jump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeFile opened: C:\Users\user~1\AppData\Jump to behavior
Source: bcLKBiuPHu.exe, 00000003.00000000.1252684085.0000000000C59000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: detects_vmware
Source: bcLKBiuPHu.exe, 00000003.00000002.1324019828.0000000001257000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: FileKey4=%LocalAppData%\VMware|*.log
Source: bcLKBiuPHu.exe, 00000003.00000002.1324019828.0000000001257000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: FileKey6=%LocalAppData%\Temp|VMware_Horizon_Client*.log
Source: bcLKBiuPHu.exe, 00000003.00000002.1324019828.0000000001257000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: [VMware Horizon Client]
Source: bcLKBiuPHu.exe, 00000003.00000002.1324019828.0000000001257000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: DetectFile1=%ProgramFiles%\VMware\VMware Horizon View Client
Source: bcLKBiuPHu.exe, 00000003.00000002.1324019828.0000000001257000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: FileKey6=%ProgramFiles%\VMware\VMware Workstation\ico|*.ico
Source: bcLKBiuPHu.exe, 00000003.00000000.1252684085.0000000000C59000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: 7zXZ\SystemRoot\Device\0123456789ABCDEF0123456789abcdefpea_epscn_islastpea_epcallnextpea_secmissizepea_epatstartlastsectpea_entrybyte60pea_entrybyte90pea_epiniatpea_usesuninitializedregspea_prefetchtrickspea_issuspiciouspea_isgenericpea_isreportedpea_aggressiveimportpea_enable_binlibpea_enable_lshashpea_many_importspea_self_modifying_codepea_track_direct_importspea_detects_vmpea_detects_vmwarepea_detects_virtualpcpea_is_delphipea_uses_single_steppingpea_uses_bound_exceptionspea_uses_div_by_zeropea_uses_int_overflowpea_uses_invalid_opcodespea_uses_unusual_breakpointpea_checks_if_debugged_documentedpea_disable_io_redirectionpea_suspicious_rebasepea_disable_drop_mz_onlypea_suspicious_stack_geometrypea_suspicious_subsystempea_suspicious_timestamppea_suspicious_valignpea_suspicious_section_fsizepea_suspicious_section_characteristicspea_aggressive_trim_wspea_16bitmachinepea_system_filepea_suspicious_number_of_dirspea_force_unpackingpea_extended_pestaticpea_small_data_directory_countpea_multiple_relocs_same_locationpea_relocs_but_no_relocs_flagpea_suspicious_imagebasepea_no_section_tablepea_no_sectionspea_many_sectionspea_suspicious_image_sizepea_bound_imports_inside_imagepea_delay_load_imports_inside_imagepea_entrypoint_in_import_tablepea_entrypoint_in_headerpea_import_via_tlspea_epsec_not_executablepea_othermachine_imagepea_checks_teb_lasterrorpea_disable_vmprotectpea_checks_teb_laststatuspea_disable_thread_apicall_limitpea_deep_apicall_limitpea_dynmem_uses_div_by_zeropea_dynmem_uses_int_overflowpea_dynmem_uses_bound_exceptionspea_dynmem_uses_privinstrpea_dynmem_uses_breakpointspea_dynmem_uses_single_steppingpea_dynmem_uses_invalid_opcodespea_dynmem_uses_unusual_breakpointpea_dynmem_detects_vmpea_dynmem_detects_vmwarepea_dynmem_detects_virtualpcpea_dynmem_checks_if_debugged_docpea_dynmem_checks_if_debugged_undocpea_dynmem_kernel_scanpea_dynmem_self_modifying_codepea_dt_continue_after_unpackingpea_dt_continue_after_unpacking_damagedpea_loop_jmp_chainpea_droppedpea_reads_vdll_codepea_dynmem_reads_vdll_codepea_verbose_vdll_readspea_scan_internal_datapea_isvbpcodepea_ARM_legacypea_ARM_big_endianpea_ARM_unpredictablepea_isappcontainerpea_checks_ntglobalflagpea_dynmem_checks_ntglobalflagpea_dynmem_checks_processheappea_dt_error_heur_exit_criteriapea_dt_error_too_many_prefixespea_dt_error_invalid_opcodepea_dt_error_too_many_operandspea_dt_error_bb_limitpea_dt_error_loop_too_complexpea_executes_from_last_sectionpea_executes_from_resourcespea_memory_patchedpea_uses_sysenterpea_suspicious_resource_directory_sizepea_suspicious_import_directory_sizepea_invalid_ilt_entrypea_dmg_machinepea_dmg_filealignmentpea_dmg_pointertorawdatapea_dmg_virtualaddresspea_dmg_truncatedpea_dmg_special_sectionpea_dmg_relocationspea_dmg_overlapping_sectionspea_dmg_optional_magicpea_dmg_sizeofheaderspea_dmg_imagebasepea_dmg_imagesizepea_dmg_unsupportedpea_dmg_importspea_dmg_invaliddatapea_dmg_decompresspea_dmg_virtualsizepea_dmg_not_executable_imagepea_dmg_entrypointpea_inv_sizeofoptio
Source: bcLKBiuPHu.exe, 00000003.00000002.1324019828.0000000001257000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: FileKey3=%ProgramData%\VMware\VDM\logs|*.*
Source: bcLKBiuPHu.exe, 00000003.00000000.1252684085.0000000000C59000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: pea_detects_vmware
Source: bcLKBiuPHu.exe, 00000003.00000003.1316711668.000000000635F000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1307718034.000000000635E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1307408360.000000000635A000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1304077858.000000000633F000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1316919597.0000000006363000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: bcLKBiuPHu.exe, 00000003.00000002.1324019828.0000000001257000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: FileKey2=%ProgramData%\VMware\VDM\logs|*.*
Source: bcLKBiuPHu.exe, 00000003.00000002.1324019828.0000000001257000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: [VMware Player]
Source: bcLKBiuPHu.exe, 00000003.00000002.1324019828.0000000001257000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: DetectFile1=%ProgramFiles%\VMware\VMware Player
Source: bcLKBiuPHu.exe, 00000003.00000002.1324019828.0000000001257000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: FileKey4=%LocalAppData%\VMware\VDM\logs|*.*
Source: bcLKBiuPHu.exe, 00000003.00000002.1324019828.0000000001257000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: [VMware Workstation]
Source: bcLKBiuPHu.exe, 00000003.00000002.1324019828.0000000001257000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: DetectFile1=%ProgramFiles%\VMware\VMware Workstation
Source: bcLKBiuPHu.exe, 00000003.00000002.1324019828.0000000001257000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: FileKey4=%LocalAppData%\Temp\vmware-*|*.*
Source: bcLKBiuPHu.exe, 00000003.00000002.1324019828.0000000001257000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: FileKey5=%LocalAppData%\Temp\vmware-*|*.*
Source: bcLKBiuPHu.exe, 00000003.00000002.1324019828.0000000001257000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: FileKey5=%ProgramFiles%\Common Files\VMware\InstallerCache|*.*
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: azurevirtualmachinename_scrubbed
Source: bcLKBiuPHu.exe, 00000003.00000002.1324019828.0000000001257000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: DetectFile2=%ProgramFiles%\VMware\VMware Workstation
Source: bcLKBiuPHu.exe, 00000003.00000002.1324019828.0000000001257000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: FileKey3=%LocalAppData%\Temp\vmware-*|*.*
Source: bcLKBiuPHu.exe, 00000003.00000000.1252684085.0000000000C59000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: VMwareVMware
Source: bcLKBiuPHu.exe, 00000003.00000002.1324019828.0000000001BF6000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: VMware Horizon Client
Source: bcLKBiuPHu.exe, 00000000.00000001.1235527314.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: azurevirtualmachinename
Source: bcLKBiuPHu.exe, 00000003.00000000.1252684085.0000000000C59000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: Unknown member: peattributes.%hspe.set_peattribute(name, state) expects boolean "state"ARM_big_endianARM_legacyARM_unpredictable_16bitmachine_32bitmachineaggressive_trim_wsaggressiveimportamd64_imagearm_imageaslr_bit_setbound_imports_inside_imagebyte_reversed_hibyte_reversed_lowcalls_unimplemented_apichecks_if_debugged_documentedchecks_if_debugged_undocumentedchecks_ntglobalflagchecks_processheapchecks_teb_lasterrorchecks_teb_laststatuscode_on_stackdebug_strippeddeep_analysisdeep_apicall_limitdelay_load_imports_inside_imagedetects_virtualpcdetects_vmdetects_vmwaredirty_wx_branchdisable_apicall_limitdisable_drop_mz_onlydisable_dropper_rescandisable_io_redirectiondisable_microcodedisable_seh_limitdisable_static_unpackingdisable_thread_apicall_limitdisable_vmprotectdmg_decompressdmg_entrypointdmg_filealignmentdmg_imagebasedmg_imagesizedmg_importsdmg_invaliddatadmg_machinedmg_not_executable_imagedmg_notcontiguousdmg_optional_magicdmg_overlapping_sectionsdmg_pointertorawdatadmg_relocationsdmg_resource_levelsdmg_resource_namesdmg_resource_offsetdmg_resource_unordereddmg_sectionalignmentdmg_sizeofheadersdmg_sizeofrawdatadmg_special_sectiondmg_truncateddmg_unsupporteddmg_virtualaddressdmg_virtualsizedroppeddt_continue_after_unpackingdt_continue_after_unpacking_damageddt_error_bb_limitdt_error_failed_to_translatedt_error_heur_API_limitdt_error_heur_exit_criteriadt_error_invalid_opcodedt_error_loop_too_complexdt_error_not_enough_memorydt_error_too_many_operandsdt_error_too_many_prefixesdt_error_vmm_page_faultdynmem_APIcalldynmem_checks_if_debugged_docdynmem_checks_if_debugged_undocdynmem_checks_ntglobalflagdynmem_checks_processheapdynmem_detects_virtualpcdynmem_detects_vmdynmem_detects_vmwaredynmem_kernel_scandynmem_reads_vdll_codedynmem_self_modifying_codedynmem_uses_access_violationdynmem_uses_bound_exceptionsdynmem_uses_breakpointsdynmem_uses_div_by_zerodynmem_uses_int_overflowdynmem_uses_invalid_opcodesdynmem_uses_privinstrdynmem_uses_single_steppingdynmem_uses_udbgrddynmem_uses_udbgwrdynmem_uses_unusual_breakpointenable_binlibenable_lshashenable_vmm_growentrybyte55entrybyte60entrybyte90entrypoint_in_headerentrypoint_in_import_tableepatscnstartepatstartentrysectepatstartlastsectepcallnextepinfirstsectepiniatepoutofimageepscn_eqsizesepscn_falignepscn_islastepscn_valignepscn_vfalignepscn_writableepsec_not_executableexecutable_imageexecutble_imageexecutes_from_dynamic_memoryexecutes_from_last_sectionexecutes_from_resourcesextended_pestaticfirstsectwritableforce_dtforce_expensive_processingforce_unpackinggenpackedhandle_large_vahas_checksumhas_delay_load_importshas_many_resourceshas_msilresourceshasappendeddatahasboundimportshasexportshasstandardentryheaderchecksum0hstr_exhaustiveia64_imageimport_via_tlsinv_argumentsinv_datainv_decompress_errorinv_dos_signatureinv_e_lfanewinv_exportsinv_fileinv_filealignmentinv_filesizeinv_imagebaseinv_nomemoryinv_notimplementedinv_nt_signatureinv_optional_magicinv_overlappinginv_rawoffsetinv_rawsizeinv_readinv_rvainv_sect
Source: bcLKBiuPHu.exe, 00000003.00000000.1252684085.0000000000C59000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: dynmem_detects_vmware
Source: bcLKBiuPHu.exe, 00000003.00000000.1252684085.0000000000C59000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: pea_dynmem_detects_vmware
Source: bcLKBiuPHu.exe, 00000000.00000000.1233156408.0000000000C59000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000000.1252684085.0000000000C59000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: Software\Microsoft\Windows DefenderSOFTWARE\Policies\Microsoft\SQMClient\WindowsPhoneSoftware\Policies\Microsoft\SQMClient%windir%\temp%ProgramFiles(x86)%NtGetCachedSigningLevelSOFTWARE\Microsoft\Windows\CurrentVersion\AppModelUnlockhr=0x%08XThreatTrackingSigSeqEmuldet.Ainvalid hash bucket count&
Source: bcLKBiuPHu.exe, 00000003.00000002.1324019828.0000000001257000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: FileKey1=%ProgramData%\VMware\logs|*.*
Source: bcLKBiuPHu.exe, 00000003.00000002.1324019828.0000000001BF6000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: VMware Player
Source: bcLKBiuPHu.exe, 00000003.00000002.1324019828.0000000001BF6000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: VMware Workstation
Source: bcLKBiuPHu.exe, 00000003.00000002.1324019828.0000000001257000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: FileKey3=%ProgramData%\VMware\vmwetlm\logs|*.*
Source: bcLKBiuPHu.exe, 00000003.00000002.1324019828.0000000001257000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: FileKey2=%Program Files%\VMware\VMware Player\ico|*.*
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeCode function: 0_2_00237B5D IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00237B5D
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeCode function: 0_2_00237B5D IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00237B5D
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeProcess created: C:\Users\user\Desktop\bcLKBiuPHu.exe "C:\Users\user\Desktop\bcLKBiuPHu.exe"Jump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\certifi VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\certifi VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\libssl-3.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\python311.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\select.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\unicodedata.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\_hashlib.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\_socket.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\select.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\_ssl.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\_brotli.cp311-win32.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\_queue.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\charset_normalizer\md.cp311-win32.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\charset_normalizer\md__mypyc.cp311-win32.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\unicodedata.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\_bz2.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\_lzma.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Documents VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\Desktop\bcLKBiuPHu.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\certifi\cacert.pem VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\certifi\cacert.pem VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\certifi\cacert.pem VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bcLKBiuPHu.exeCode function: 0_2_0022AF88 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_0022AF88
Source: bcLKBiuPHu.exe, 00000000.00000002.1333966196.0000000001257000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1324019828.0000000001257000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: DetectFile1=%ProgramFiles%\Malwarebytes' Anti-Malware\mbam.exe
Source: bcLKBiuPHu.exe, 00000000.00000002.1333966196.0000000001257000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1324019828.0000000001257000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: DetectFile2=%ProgramFiles%\Malwarebytes Anti-Malware\mbam.exe

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading		11
Process Injection		11
Process Injection		11
Input Capture		1
System Time Discovery		Remote Services11
Input Capture		2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		1
Timestomp		LSASS Memory21
Security Software Discovery		Remote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
DLL Side-Loading		Security Account Manager1
File and Directory Discovery		SMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Obfuscated Files or Information		NTDS12
System Information Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
bcLKBiuPHu.exe11%ReversingLabsWin32.Trojan.Generic

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\_MEI63002\VCRUNTIME140.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63002\_brotli.cp311-win32.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63002\_bz2.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63002\_decimal.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63002\_hashlib.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63002\_lzma.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63002\_queue.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63002\_socket.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63002\_ssl.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63002\charset_normalizer\md.cp311-win32.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63002\charset_normalizer\md__mypyc.cp311-win32.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63002\libcrypto-3.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63002\libssl-3.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63002\python311.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63002\select.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63002\unicodedata.pyd0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://tools.ietf.org/html/rfc2388#section-4.40%URL Reputationsafe
https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base640%URL Reputationsafe
https://peps.python.org/pep-0205/0%URL Reputationsafe
http://crl.dhimyotis.com/certignarootca.crl0%URL Reputationsafe
http://curl.haxx.se/rfc/cookie_spec.html0%URL Reputationsafe
http://ocsp.accv.es0%URL Reputationsafe
https://httpbin.org/get0%URL Reputationsafe
https://wwww.certigna.fr/autorites/0m0%URL Reputationsafe
https://httpbin.org/0%URL Reputationsafe
https://wwww.certigna.fr/autorites/0%URL Reputationsafe
http://www.cl.cam.ac.uk/~mgk25/iso-time.html0%URL Reputationsafe
http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l5350%URL Reputationsafe
http://crl.securetrust.com/STCA.crl0%URL Reputationsafe
http://wwwsearch.sf.net/):0%URL Reputationsafe
http://tools.ietf.org/html/rfc6125#section-6.4.30%URL Reputationsafe
http://www.cert.fnmt.es/dpcs/0%URL Reputationsafe
http://www.accv.es000%URL Reputationsafe
http://www.phys.uu.nl/~vgent/calendar/isocalendar.htm0%URL Reputationsafe
http://crl.securetrust.com/SGCA.crl0%URL Reputationsafe
http://www.gimp.org/xmp/0%URL Reputationsafe
https://httpbin.org/post0%URL Reputationsafe
https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#0%Avira URL Cloudsafe
http://www.firmaprofesional.com/cps00%URL Reputationsafe
https://www.avast.com/lp-ppc-nbu-fav-cc0%Avira URL Cloudsafe
https://www.ccleaner.com/docs/ccleaner/ccleaner-settings/choosing-which-cookies-to-keep0%Avira URL Cloudsafe
http://crl.securetrust.com/SGCA.crl00%URL Reputationsafe
https://ccleaner.com/go/app_cc_license_agreement0%Avira URL Cloudsafe
https://www.ccleaner.com/business/ccleaner-business-edition0%Avira URL Cloudsafe
https://www.ccleaner.com/ccleaner0%Avira URL Cloudsafe
https://www.ccleaner.com/go/app_du_support0%Avira URL Cloudsafe
https://www.ccleaner.com/docs/ccleaner/using-ccleaner/managing-auto-starting-programs0%Avira URL Cloudsafe
https://piriform.zendesk.com/hc/en-us/articles/218109957-How-do-I-manage-browser-plugins-0%Avira URL Cloudsafe
https://secure.ccleaner.com/502/uurl-90zu4qtn5p?0%Avira URL Cloudsafe
http://crl.securetrust.com/STCA.crl00%URL Reputationsafe
http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-60%URL Reputationsafe
https://html.spec.whatwg.org/multipage/0%URL Reputationsafe
http://www.quovadisglobal.com/cps00%URL Reputationsafe
https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings0%URL Reputationsafe
http://www.iana.org/time-zones/repository/tz-link.html0%URL Reputationsafe
https://requests.readthedocs.io0%URL Reputationsafe
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd0%URL Reputationsafe
http://repository.swisssign.com/0%URL Reputationsafe
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous0%URL Reputationsafe
http://ocsp.accv.es00%URL Reputationsafe
https://json.org0%URL Reputationsafe
http://www.quovadisglobal.com/cps0%URL Reputationsafe
http://crl.xrampsecurity.com/XGCA.crlwo0%Avira URL Cloudsafe
https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L6880%Avira URL Cloudsafe
https://github.com/python/cpython/issues/86361.0%Avira URL Cloudsafe
https://sciter.com/forums/topic/plus-custom-output-formatter-wont-work-if-they-are-written-in-htm/#p0%Avira URL Cloudsafe
https://piriform.zendesk.com/hc/en-us/articles/204043884-Using-CCleaner-s-Drive-Wiper0%Avira URL Cloudsafe
https://ccleaner.com/go/app_cc_privacy_data_factsheet0%Avira URL Cloudsafe
http://ns.useplus.org/ldf/xmp/1.0/0%Avira URL Cloudsafe
https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader0%Avira URL Cloudsafe
https://www.ccleaner.com/go/app_cc_help_preloading0%Avira URL Cloudsafe
https://www.ccleaner.com/go/app_po_survey0%Avira URL Cloudsafe
https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy0%Avira URL Cloudsafe
https://www.ccleaner.com/go/app_cc_help_schedule_setup?utm_source=ccleaner&utm_medium=application&ut0%Avira URL Cloudsafe
http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt00%Avira URL Cloudsafe
http://crl.xrampsecurity.com/XGCA.crl00%Avira URL Cloudsafe
http://www.accv.es/legislacion_c.htm0%Avira URL Cloudsafe
https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py0%Avira URL Cloudsafe
https://google.com/mail0%Avira URL Cloudsafe
https://www.ccleaner.com/go/app_deactivated_help0%Avira URL Cloudsafe
https://wwww.certigna.fr/autorites/r0%Avira URL Cloudsafe
https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.0%Avira URL Cloudsafe
http://google.com/0%Avira URL Cloudsafe
http://.../back.jpeg0%Avira URL Cloudsafe
https://www.python.org/download/releases/2.3/mro/.0%Avira URL Cloudsafe
https://mahler:8092/site-updates.py0%Avira URL Cloudsafe
https://www.ccleaner.com/go/app_du_systemrestoreinfo0%Avira URL Cloudsafe
https://github.com/BrowserCompanyLLC/-12/releases/download/semtag/Cloud.bat100%Avira URL Cloudmalware
http://repository.swisssign.com//00%Avira URL Cloudsafe
https://github.com/Ousret/charset_normalizer0%Avira URL Cloudsafe
https://www.ccleaner.com/go/app_du_systemprotection0%Avira URL Cloudsafe
https://www.ccleaner.com/ccleaner/browser0%Avira URL Cloudsafe
http://www.avast.com0/0%Avira URL Cloudsafe
https://yahoo.com/0%Avira URL Cloudsafe
http://.ocx.cabhtml:file::LowTelemetry0%Avira URL Cloudsafe
https://github.com/urllib3/urllib3/issues/29200%Avira URL Cloudsafe
https://www.ccleaner.com/go/app_du_survey0%Avira URL Cloudsafe
https://www.ccleaner.com/business0%Avira URL Cloudsafe
http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web0%Avira URL Cloudsafe
https://secure.ccleaner.com/502/uurl-90zu4qtn5p?x-source=8330%Avira URL Cloudsafe
http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0%Avira URL Cloudsafe
http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl00%Avira URL Cloudsafe
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest0%Avira URL Cloudsafe
https://www.ccleaner.com/docs/ccleaner/using-ccleaner/browser-cleaning0%Avira URL Cloudsafe
http://www.cert.fnmt.es/dpcs/j0%Avira URL Cloudsafe
http://crl.xrampsecurity.com/XGCA.crl0%Avira URL Cloudsafe
http://www.apache.org/licenses/LICENSE-2.00%Avira URL Cloudsafe
https://www.python.org0%Avira URL Cloudsafe
http://www.accv.es/legislacion_c.htm0U0%Avira URL Cloudsafe
http://crl.dhimyotis.com/certignarootca.crln0%Avira URL Cloudsafe
http://iptc.org/std/Iptc4xmpExt/2008-02-29/0%Avira URL Cloudsafe
https://ccleaner.com/go/app_cc_privacy_product_policy0%Avira URL Cloudsafe
https://twitter.com/0%Avira URL Cloudsafe
https://www.python.org/0%Avira URL Cloudsafe
https://ccleaner.com/go/app_cc_acknowledgements0%Avira URL Cloudsafe
http://cacerts.digicert.coZ0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
github.com
140.82.121.4
truefalse
    		unknown

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    https://www.ccleaner.com/business/ccleaner-business-editionbcLKBiuPHu.exe, 00000000.00000001.1235527314.000000000191D000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000000.00000000.1233156408.000000000191D000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1324019828.000000000191D000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.000000000191D000.00000002.00000001.01000000.00000003.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    https://ccleaner.com/go/app_cc_license_agreementbcLKBiuPHu.exe, 00000000.00000002.1333966196.0000000001BF6000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1324019828.0000000001BF6000.00000002.00000001.01000000.00000003.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    https://www.ccleaner.com/docs/ccleaner/using-ccleaner/managing-auto-starting-programsbcLKBiuPHu.exe, 00000003.00000001.1254475437.000000000191D000.00000002.00000001.01000000.00000003.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    https://www.avast.com/lp-ppc-nbu-fav-ccbcLKBiuPHu.exe, 00000003.00000001.1254475437.000000000191D000.00000002.00000001.01000000.00000003.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#bcLKBiuPHu.exe, 00000003.00000003.1314520975.0000000006311000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1331206241.0000000006312000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1255437380.0000000006332000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1313922728.0000000006310000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1307096445.00000000062FF000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1255454545.0000000006327000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    https://www.ccleaner.com/ccleanerbcLKBiuPHu.exe, 00000000.00000001.1235527314.000000000191D000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000000.00000000.1233156408.000000000191D000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1324019828.000000000191D000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.000000000191D000.00000002.00000001.01000000.00000003.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    https://www.ccleaner.com/docs/ccleaner/ccleaner-settings/choosing-which-cookies-to-keepbcLKBiuPHu.exe, 00000000.00000001.1235527314.000000000191D000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000000.00000000.1233156408.000000000191D000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1324019828.000000000191D000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.000000000191D000.00000002.00000001.01000000.00000003.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    https://secure.ccleaner.com/502/uurl-90zu4qtn5p?bcLKBiuPHu.exe, 00000000.00000001.1235527314.000000000191D000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000000.00000000.1233156408.000000000191D000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1324019828.000000000191D000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.000000000191D000.00000002.00000001.01000000.00000003.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    https://tools.ietf.org/html/rfc2388#section-4.4bcLKBiuPHu.exe, 00000003.00000003.1310362216.0000000008858000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1309864755.0000000008854000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1307892105.0000000008851000.00000004.00000020.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64bcLKBiuPHu.exe, 00000003.00000003.1266222192.0000000008427000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1266292775.000000000843B000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1264883779.000000000844C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1265498656.000000000844C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1267331033.0000000008442000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1310915948.000000000846C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1266181163.000000000844C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1264268695.000000000844C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1263807175.000000000844C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1263690548.0000000008465000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1266668965.0000000008442000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1310705885.0000000008469000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1265249028.000000000844C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1263965510.0000000008462000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1264392476.000000000844C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1313190548.000000000846D000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1264141063.000000000844C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1264244013.0000000008468000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1266378398.0000000008427000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1266802322.0000000008443000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1313374138.000000000846F000.00000004.00000020.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    https://www.ccleaner.com/go/app_du_supportbcLKBiuPHu.exe, 00000000.00000001.1235527314.000000000191D000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000000.00000002.1333966196.0000000001BF6000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000000.00000000.1233156408.000000000191D000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1324019828.000000000191D000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.000000000191D000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1324019828.0000000001BF6000.00000002.00000001.01000000.00000003.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    https://piriform.zendesk.com/hc/en-us/articles/218109957-How-do-I-manage-browser-plugins-bcLKBiuPHu.exe, 00000003.00000001.1254475437.000000000191D000.00000002.00000001.01000000.00000003.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    https://peps.python.org/pep-0205/bcLKBiuPHu.exe, 00000003.00000003.1259593796.0000000006361000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1259432613.0000000006361000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1332931547.0000000008550000.00000004.00001000.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1259508438.000000000635F000.00000004.00000020.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    http://crl.dhimyotis.com/certignarootca.crlbcLKBiuPHu.exe, 00000003.00000003.1305121391.0000000008950000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305400557.0000000008982000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305378289.00000000089A5000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305605705.0000000008982000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305270796.0000000008975000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1303734235.000000000892E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305543531.00000000089A6000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305655841.0000000008986000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305302869.0000000008981000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305820390.000000000898D000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305236312.0000000008964000.00000004.00000020.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    http://curl.haxx.se/rfc/cookie_spec.htmlbcLKBiuPHu.exe, 00000003.00000003.1268981543.00000000088DA000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1269519670.0000000008881000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1269708691.00000000088DA000.00000004.00000020.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    http://ocsp.accv.esbcLKBiuPHu.exe, 00000003.00000003.1312460362.000000000892E000.00000004.00000020.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    http://crl.xrampsecurity.com/XGCA.crlwobcLKBiuPHu.exe, 00000003.00000003.1303734235.000000000892E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1306585549.000000000892E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1310455367.000000000892E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1318001972.000000000893E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1307739581.000000000892E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1312460362.000000000892E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1318121001.0000000008942000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688bcLKBiuPHu.exe, 00000003.00000002.1331983819.0000000008110000.00000004.00001000.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1255437380.0000000006332000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1255454545.0000000006327000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    https://httpbin.org/getbcLKBiuPHu.exe, 00000003.00000003.1277856120.00000000088D0000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1307892105.0000000008863000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1278810039.00000000088A2000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1306379297.00000000088E2000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1308932104.0000000008868000.00000004.00000020.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    http://ns.useplus.org/ldf/xmp/1.0/bcLKBiuPHu.exe, 00000000.00000002.1333966196.0000000001257000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1324019828.0000000001257000.00000002.00000001.01000000.00000003.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    https://sciter.com/forums/topic/plus-custom-output-formatter-wont-work-if-they-are-written-in-htm/#pbcLKBiuPHu.exe, 00000000.00000001.1235527314.000000000191D000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000000.00000002.1333966196.0000000001257000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000000.00000000.1233156408.000000000191D000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1324019828.000000000191D000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.000000000191D000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1324019828.0000000001257000.00000002.00000001.01000000.00000003.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    https://www.ccleaner.com/go/app_cc_help_preloadingbcLKBiuPHu.exe, 00000000.00000002.1333966196.0000000001BF6000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1324019828.0000000001BF6000.00000002.00000001.01000000.00000003.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    https://ccleaner.com/go/app_cc_privacy_data_factsheetbcLKBiuPHu.exe, 00000000.00000002.1333966196.0000000001BF6000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1324019828.0000000001BF6000.00000002.00000001.01000000.00000003.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    https://wwww.certigna.fr/autorites/0mbcLKBiuPHu.exe, 00000003.00000003.1305121391.0000000008950000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305378289.00000000089A5000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305270796.0000000008975000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1303734235.000000000892E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305543531.00000000089A6000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305302869.0000000008981000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305236312.0000000008964000.00000004.00000020.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/readerbcLKBiuPHu.exe, 00000003.00000003.1314520975.0000000006311000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1331206241.0000000006312000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1255437380.0000000006332000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1313922728.0000000006310000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1307096445.00000000062FF000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1255454545.0000000006327000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    https://github.com/python/cpython/issues/86361.bcLKBiuPHu.exe, 00000003.00000003.1268439386.0000000006397000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1306810010.0000000006396000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1269165843.0000000006397000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1260159474.0000000006349000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1260234135.0000000006362000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1308557594.00000000063A9000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1260328318.000000000844E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1260607479.0000000006397000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1307264135.00000000063A7000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1311250835.00000000063A9000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1309138216.00000000063A9000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1260038704.000000000844C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1307149151.0000000006396000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1260181354.000000000844C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1260905580.0000000006397000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1262187965.0000000006397000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1303394012.0000000006396000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1267244395.0000000006397000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    https://httpbin.org/bcLKBiuPHu.exe, 00000003.00000003.1268832518.0000000008883000.00000004.00000020.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    https://wwww.certigna.fr/autorites/bcLKBiuPHu.exe, 00000003.00000003.1305121391.0000000008950000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1306268970.0000000008991000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305400557.0000000008982000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305605705.0000000008982000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305270796.0000000008975000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1315693300.0000000008999000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1303734235.000000000892E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305655841.0000000008986000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1317685409.0000000008999000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305849534.0000000008990000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305302869.0000000008981000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305820390.000000000898D000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305236312.0000000008964000.00000004.00000020.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    http://www.cl.cam.ac.uk/~mgk25/iso-time.htmlbcLKBiuPHu.exe, 00000003.00000003.1264200321.0000000008407000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1264170550.00000000083FE000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1264268695.0000000008417000.00000004.00000020.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    https://piriform.zendesk.com/hc/en-us/articles/204043884-Using-CCleaner-s-Drive-WiperbcLKBiuPHu.exe, 00000000.00000001.1235527314.000000000191D000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000000.00000000.1233156408.000000000191D000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1324019828.000000000191D000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.000000000191D000.00000002.00000001.01000000.00000003.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    https://www.ccleaner.com/go/app_po_surveybcLKBiuPHu.exe, 00000000.00000001.1235527314.000000000191D000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000000.00000000.1233156408.000000000191D000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1324019828.000000000191D000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.000000000191D000.00000002.00000001.01000000.00000003.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535bcLKBiuPHu.exe, 00000003.00000003.1315075445.00000000083F1000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1307501288.00000000084B0000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1308228551.00000000084B3000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1309336493.00000000083EC000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1313374138.00000000084B0000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1308264774.00000000083E6000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1332593026.00000000084B0000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1307501288.00000000083E3000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1314158702.00000000083EF000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1314872948.00000000084B0000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1307937354.00000000084B0000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1332191108.00000000083F3000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1315625084.00000000084B0000.00000004.00000020.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sybcLKBiuPHu.exe, 00000003.00000003.1314520975.0000000006311000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1331206241.0000000006312000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1255437380.0000000006332000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1313922728.0000000006310000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1307096445.00000000062FF000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1255454545.0000000006327000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    https://www.ccleaner.com/go/app_cc_help_schedule_setup?utm_source=ccleaner&utm_medium=application&utbcLKBiuPHu.exe, 00000000.00000002.1333966196.0000000001BF6000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1324019828.0000000001BF6000.00000002.00000001.01000000.00000003.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    http://crl.securetrust.com/STCA.crlbcLKBiuPHu.exe, 00000003.00000003.1303734235.000000000892E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1306585549.000000000892E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1310455367.000000000892E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1318001972.000000000893E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1307739581.000000000892E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1312460362.000000000892E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1318121001.0000000008942000.00000004.00000020.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    http://wwwsearch.sf.net/):bcLKBiuPHu.exe, 00000003.00000003.1268981543.00000000088DA000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1311571579.0000000008888000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1269519670.0000000008881000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1269708691.00000000088DA000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1306494799.0000000008886000.00000004.00000020.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0bcLKBiuPHu.exe, 00000003.00000003.1305121391.0000000008950000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305400557.0000000008976000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305270796.0000000008975000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1303734235.000000000892E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1306585549.000000000892E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1310455367.000000000892E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1318001972.000000000893E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1307739581.000000000892E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1312460362.000000000892E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305236312.0000000008964000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    http://www.accv.es/legislacion_c.htmbcLKBiuPHu.exe, 00000003.00000003.1314340390.0000000006340000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1304077858.000000000633F000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1314498469.0000000006342000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    http://tools.ietf.org/html/rfc6125#section-6.4.3bcLKBiuPHu.exe, 00000003.00000003.1314834806.0000000008790000.00000004.00001000.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    http://crl.xrampsecurity.com/XGCA.crl0bcLKBiuPHu.exe, 00000003.00000003.1303394012.000000000637C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1311527971.000000000637D000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    http://www.cert.fnmt.es/dpcs/bcLKBiuPHu.exe, 00000003.00000003.1307000166.00000000063BD000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1314036451.00000000063BD000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1331009143.00000000062C0000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1314993847.00000000063BD000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1306567487.00000000063BA000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1303394012.0000000006396000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1315774434.00000000063BD000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1303634656.00000000063B2000.00000004.00000020.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    https://google.com/mailbcLKBiuPHu.exe, 00000003.00000003.1310362216.0000000008858000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1309864755.0000000008854000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1307892105.0000000008851000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    https://www.ccleaner.com/go/app_deactivated_helpbcLKBiuPHu.exe, 00000000.00000002.1333966196.0000000001BF6000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1324019828.0000000001BF6000.00000002.00000001.01000000.00000003.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    http://www.accv.es00bcLKBiuPHu.exe, 00000003.00000003.1314340390.0000000006340000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305121391.0000000008950000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305400557.0000000008976000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305270796.0000000008975000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1303734235.000000000892E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1304077858.000000000633F000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1314498469.0000000006342000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305236312.0000000008964000.00000004.00000020.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.pybcLKBiuPHu.exe, 00000003.00000003.1255454545.0000000006327000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    http://www.phys.uu.nl/~vgent/calendar/isocalendar.htmbcLKBiuPHu.exe, 00000003.00000003.1264200321.0000000008407000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1264170550.00000000083FE000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1264268695.0000000008417000.00000004.00000020.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    https://wwww.certigna.fr/autorites/rbcLKBiuPHu.exe, 00000003.00000003.1305121391.0000000008950000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1306268970.0000000008991000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305400557.0000000008982000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305605705.0000000008982000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305270796.0000000008975000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1315693300.0000000008999000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1303734235.000000000892E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305655841.0000000008986000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1317685409.0000000008999000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305849534.0000000008990000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305302869.0000000008981000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305820390.000000000898D000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305236312.0000000008964000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.bcLKBiuPHu.exe, 00000003.00000003.1306937644.0000000008862000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1307892105.0000000008863000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1308932104.0000000008868000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    http://google.com/bcLKBiuPHu.exe, 00000003.00000003.1307501288.00000000084B0000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1308228551.00000000084B3000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1332593026.00000000084B6000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1307937354.00000000084B0000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1309401356.00000000084B4000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    https://mahler:8092/site-updates.pybcLKBiuPHu.exe, 00000003.00000003.1270776760.000000000638A000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1306477150.00000000084BF000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1270153053.00000000088FC000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1270521497.00000000088F1000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1270746328.00000000088FF000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    http://repository.swisssign.com//0bcLKBiuPHu.exe, 00000003.00000003.1305121391.0000000008950000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1303734235.000000000892E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305400557.0000000008952000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    http://crl.securetrust.com/SGCA.crlbcLKBiuPHu.exe, 00000003.00000003.1303734235.000000000892E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1306585549.000000000892E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1310455367.000000000892E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1318001972.000000000893E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1307739581.000000000892E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1312460362.000000000892E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1318121001.0000000008942000.00000004.00000020.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    http://.../back.jpegbcLKBiuPHu.exe, 00000003.00000003.1314799727.0000000008B00000.00000004.00001000.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    https://github.com/BrowserCompanyLLC/-12/releases/download/semtag/Cloud.batbcLKBiuPHu.exe, 00000003.00000002.1332779998.00000000084D0000.00000004.00001000.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1331206241.0000000006312000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1313922728.0000000006310000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1307096445.00000000062FF000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: malware
    		unknown
    https://www.ccleaner.com/ccleaner/browserbcLKBiuPHu.exe, 00000000.00000002.1333966196.0000000001BF6000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1324019828.0000000001BF6000.00000002.00000001.01000000.00000003.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    https://www.ccleaner.com/go/app_du_systemprotectionbcLKBiuPHu.exe, 00000000.00000002.1333966196.0000000001BF6000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1324019828.0000000001BF6000.00000002.00000001.01000000.00000003.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    https://www.python.org/download/releases/2.3/mro/.bcLKBiuPHu.exe, 00000003.00000003.1256438125.0000000006349000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1256524327.00000000083D7000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1332883011.0000000008510000.00000004.00001000.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    https://www.ccleaner.com/go/app_du_systemrestoreinfobcLKBiuPHu.exe, 00000000.00000002.1333966196.0000000001BF6000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1324019828.0000000001BF6000.00000002.00000001.01000000.00000003.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    http://www.gimp.org/xmp/bcLKBiuPHu.exe, 00000000.00000002.1333966196.0000000001257000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1324019828.0000000001257000.00000002.00000001.01000000.00000003.sdmpfalse
    • URL Reputation: safe
    		unknown
    https://httpbin.org/postbcLKBiuPHu.exe, 00000003.00000003.1314340390.0000000006340000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1314567086.0000000006345000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1304077858.000000000633F000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1314498469.0000000006342000.00000004.00000020.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    https://github.com/Ousret/charset_normalizerbcLKBiuPHu.exe, 00000003.00000003.1311571579.0000000008888000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1269519670.0000000008881000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1268766598.0000000008878000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1306494799.0000000008886000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1268832518.0000000008883000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    http://www.firmaprofesional.com/cps0bcLKBiuPHu.exe, 00000003.00000003.1305121391.0000000008950000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1307646693.0000000006368000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1303734235.000000000892E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1310335538.000000000845F000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1307408360.000000000635A000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1304077858.000000000633F000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1309077803.0000000006374000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1309941254.0000000008455000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1307501288.0000000008412000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305400557.0000000008952000.00000004.00000020.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    http://www.avast.com0/bcLKBiuPHu.exe, 00000000.00000002.1333966196.0000000001257000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1324019828.0000000001257000.00000002.00000001.01000000.00000003.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    https://www.ccleaner.com/go/app_du_surveybcLKBiuPHu.exe, 00000000.00000001.1235527314.000000000191D000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000000.00000000.1233156408.000000000191D000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1324019828.000000000191D000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.000000000191D000.00000002.00000001.01000000.00000003.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    https://github.com/urllib3/urllib3/issues/2920bcLKBiuPHu.exe, 00000003.00000003.1314834806.0000000008790000.00000004.00001000.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    http://crl.securetrust.com/SGCA.crl0bcLKBiuPHu.exe, 00000003.00000003.1303253961.00000000088DC000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1307855542.000000000890F000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1303473001.000000000890B000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1302847391.00000000088BC000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305159281.000000000890C000.00000004.00000020.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=webbcLKBiuPHu.exe, 00000000.00000000.1233156408.0000000000C59000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000000.1252684085.0000000000C59000.00000002.00000001.01000000.00000003.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    https://yahoo.com/bcLKBiuPHu.exe, 00000003.00000003.1310362216.0000000008858000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1309864755.0000000008854000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1307892105.0000000008851000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    http://.ocx.cabhtml:file::LowTelemetrybcLKBiuPHu.exe, 00000000.00000000.1233156408.0000000000C59000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000000.1252684085.0000000000C59000.00000002.00000001.01000000.00000003.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    http://crl.securetrust.com/STCA.crl0bcLKBiuPHu.exe, 00000003.00000003.1303253961.00000000088DC000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1307855542.000000000890F000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1303473001.000000000890B000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1302847391.00000000088BC000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305159281.000000000890C000.00000004.00000020.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    https://www.ccleaner.com/businessbcLKBiuPHu.exe, 00000000.00000001.1235527314.000000000191D000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000000.00000000.1233156408.000000000191D000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1324019828.000000000191D000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.000000000191D000.00000002.00000001.01000000.00000003.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6bcLKBiuPHu.exe, 00000003.00000003.1312262000.0000000008444000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1267331033.0000000008442000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1311142703.0000000008443000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1266939290.0000000008409000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1308057936.0000000008423000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1309911651.0000000008426000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1266879732.0000000008476000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1313158498.0000000008446000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1310049376.000000000842A000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1310419450.0000000008430000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1307501288.0000000008412000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1266939290.0000000008442000.00000004.00000020.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    https://secure.ccleaner.com/502/uurl-90zu4qtn5p?x-source=833bcLKBiuPHu.exe, 00000000.00000002.1333966196.0000000001BF6000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1324019828.0000000001BF6000.00000002.00000001.01000000.00000003.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    https://html.spec.whatwg.org/multipage/bcLKBiuPHu.exe, 00000003.00000003.1313703072.000000000885B000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1309864755.000000000885B000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1309546342.000000000885A000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1307892105.0000000008851000.00000004.00000020.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    http://www.quovadisglobal.com/cps0bcLKBiuPHu.exe, 00000003.00000003.1305121391.0000000008950000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1303734235.000000000892E000.00000004.00000020.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crlbcLKBiuPHu.exe, 00000003.00000003.1305121391.0000000008950000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1303734235.000000000892E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305400557.0000000008952000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warningsbcLKBiuPHu.exe, 00000003.00000003.1314834806.0000000008790000.00000004.00001000.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0bcLKBiuPHu.exe, 00000003.00000003.1305121391.0000000008950000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305400557.0000000008976000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305270796.0000000008975000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1303734235.000000000892E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305236312.0000000008964000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    http://www.iana.org/time-zones/repository/tz-link.htmlbcLKBiuPHu.exe, 00000003.00000003.1264200321.0000000008407000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1264170550.00000000083FE000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1264268695.0000000008417000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1264141063.000000000844C000.00000004.00000020.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    https://requests.readthedocs.iobcLKBiuPHu.exe, 00000003.00000003.1314340390.0000000006340000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1314567086.0000000006345000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1304077858.000000000633F000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1314498469.0000000006342000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1277856120.00000000088D0000.00000004.00000020.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdbcLKBiuPHu.exe, 00000000.00000002.1333966196.0000000001257000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1324019828.0000000001257000.00000002.00000001.01000000.00000003.sdmpfalse
    • URL Reputation: safe
    		unknown
    http://repository.swisssign.com/bcLKBiuPHu.exe, 00000003.00000003.1312460362.000000000892E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305400557.0000000008952000.00000004.00000020.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigestbcLKBiuPHu.exe, 00000000.00000002.1333966196.0000000001257000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1324019828.0000000001257000.00000002.00000001.01000000.00000003.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    http://www.cert.fnmt.es/dpcs/jbcLKBiuPHu.exe, 00000003.00000002.1331009143.00000000062C0000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    https://www.ccleaner.com/docs/ccleaner/using-ccleaner/browser-cleaningbcLKBiuPHu.exe, 00000000.00000001.1235527314.000000000191D000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000000.00000000.1233156408.000000000191D000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1324019828.000000000191D000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000001.1254475437.000000000191D000.00000002.00000001.01000000.00000003.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    http://crl.xrampsecurity.com/XGCA.crlbcLKBiuPHu.exe, 00000003.00000003.1303734235.000000000892E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1306585549.000000000892E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1310455367.000000000892E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1318001972.000000000893E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1307739581.000000000892E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1312460362.000000000892E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1318121001.0000000008942000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    http://www.apache.org/licenses/LICENSE-2.0bcLKBiuPHu.exe, 00000003.00000001.1254475437.000000000191D000.00000002.00000001.01000000.00000003.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    https://www.python.orgbcLKBiuPHu.exe, 00000003.00000003.1314340390.0000000006340000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1314567086.0000000006345000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1304077858.000000000633F000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1314498469.0000000006342000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    http://crl.dhimyotis.com/certignarootca.crlnbcLKBiuPHu.exe, 00000003.00000003.1305121391.0000000008950000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305400557.0000000008982000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305605705.0000000008982000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305270796.0000000008975000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1303734235.000000000892E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305655841.0000000008986000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305302869.0000000008981000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305820390.000000000898D000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305236312.0000000008964000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymousbcLKBiuPHu.exe, 00000000.00000002.1333966196.0000000001257000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1324019828.0000000001257000.00000002.00000001.01000000.00000003.sdmpfalse
    • URL Reputation: safe
    		unknown
    http://www.accv.es/legislacion_c.htm0UbcLKBiuPHu.exe, 00000003.00000003.1305121391.0000000008950000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305400557.0000000008976000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305270796.0000000008975000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1303734235.000000000892E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305236312.0000000008964000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    http://iptc.org/std/Iptc4xmpExt/2008-02-29/bcLKBiuPHu.exe, 00000000.00000002.1333966196.0000000001257000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1324019828.0000000001257000.00000002.00000001.01000000.00000003.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    https://ccleaner.com/go/app_cc_privacy_product_policybcLKBiuPHu.exe, 00000000.00000002.1333966196.0000000001BF6000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1324019828.0000000001BF6000.00000002.00000001.01000000.00000003.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    http://ocsp.accv.es0bcLKBiuPHu.exe, 00000003.00000003.1305121391.0000000008950000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305400557.0000000008976000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305270796.0000000008975000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1303734235.000000000892E000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1305236312.0000000008964000.00000004.00000020.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    https://www.python.org/bcLKBiuPHu.exe, 00000003.00000003.1270776760.000000000638A000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1306477150.00000000084BF000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1270153053.00000000088FC000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1270521497.00000000088F1000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1270746328.00000000088FF000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    http://cacerts.digicert.coZbcLKBiuPHu.exe, 00000000.00000003.1238533849.000000000642C000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000000.00000003.1238747954.000000000642C000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    https://json.orgbcLKBiuPHu.exe, 00000003.00000003.1308107530.0000000008861000.00000004.00000020.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    https://ccleaner.com/go/app_cc_acknowledgementsbcLKBiuPHu.exe, 00000000.00000002.1333966196.0000000001BF6000.00000002.00000001.01000000.00000003.sdmp, bcLKBiuPHu.exe, 00000003.00000002.1324019828.0000000001BF6000.00000002.00000001.01000000.00000003.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    https://twitter.com/bcLKBiuPHu.exe, 00000003.00000003.1311571579.0000000008888000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1269519670.0000000008881000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1268766598.0000000008878000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1306494799.0000000008886000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1268832518.0000000008883000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    http://www.quovadisglobal.com/cpsbcLKBiuPHu.exe, 00000003.00000003.1305121391.0000000008950000.00000004.00000020.00020000.00000000.sdmp, bcLKBiuPHu.exe, 00000003.00000003.1303734235.000000000892E000.00000004.00000020.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown

    World Map of Contacted IPs

    • No. of IPs < 25%
    • 25% < No. of IPs < 50%
    • 50% < No. of IPs < 75%
    • 75% < No. of IPs

    Public IPs

    IPDomainCountryFlagASNASN NameMalicious
    140.82.121.4
    		github.comUnited States
    		36459GITHUBUSfalse

    General Information

    Joe Sandbox version:40.0.0 Tourmaline
    Analysis ID:1500523
    Start date and time:2024-08-28 15:56:08 +02:00
    Joe Sandbox product:CloudBasic
    Overall analysis duration:0h 6m 30s
    Hypervisor based Inspection enabled:false
    Report type:full
    Cookbook file name:default.jbs
    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
    Number of analysed new started processes analysed:21
    Number of new started drivers analysed:0
    Number of existing processes analysed:0
    Number of existing drivers analysed:0
    Number of injected processes analysed:0
    Technologies:
    • HCA enabled
    • EGA enabled
    • AMSI enabled
    Analysis Mode:default
    Analysis stop reason:Timeout
    Sample name:bcLKBiuPHu.exe
    renamed because original name is a hash value
    Original Sample Name:c13c6923bd8eab75c07640ad362833787d78a005577f8d5e32927139df8e2cd0.exe
    Detection:SUS
    Classification:sus39.winEXE@4/19@1/1
    EGA Information:
    • Successful, ratio: 100%
    HCA Information:Failed
    Cookbook Comments:
    • Found application associated with file extension: .exe

    Warnings

    • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, conhost.exe, svchost.exe, UsoClient.exe
    • Excluded domains from analysis (whitelisted): login.live.com, ocsps.ssl.com, slscr.update.microsoft.com, settings-win.data.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
    • Not all processes where analyzed, report is missing behavior information
    • VT rate limit hit for: bcLKBiuPHu.exe

    Simulations

    Behavior and APIs

    No simulations

    Joe Sandbox View / Context

    IPs

    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    140.82.121.4RfORrHIRNe.docGet hashmaliciousUnknownBrowse
    • github.com/ssbb36/stv/raw/main/5.mp3

    Domains

    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    github.comrun.exeGet hashmaliciousCrypto MinerBrowse
    • 140.82.121.3
    ATT60255.HTMGet hashmaliciousHTMLPhisherBrowse
    • 140.82.121.3
    DOC-71275297.pdfGet hashmaliciousHTMLPhisherBrowse
    • 140.82.121.4
    phish_alert_iocp_v1.4.48 (39).emlGet hashmaliciousTycoon2FABrowse
    • 140.82.121.3
    phish_alert_iocp_v1.4.48 (38).emlGet hashmaliciousHTMLPhisherBrowse
    • 140.82.121.4
    ATT09876.htmGet hashmaliciousHTMLPhisherBrowse
    • 140.82.121.4
    SecuriteInfo.com.Win64.Evo-gen.19407.6877.exeGet hashmaliciousUnknownBrowse
    • 140.82.121.3
    Request For Quotation.jsGet hashmaliciousSTRRATBrowse
    • 140.82.121.3
    Proof Of Payment.jsGet hashmaliciousSTRRATBrowse
    • 140.82.121.3
    Request For Quotation.jsGet hashmaliciousSTRRATBrowse
    • 140.82.121.3

    ASNs

    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    GITHUBUSrun.exeGet hashmaliciousCrypto MinerBrowse
    • 140.82.121.3
    ATT60255.HTMGet hashmaliciousHTMLPhisherBrowse
    • 140.82.121.3
    DOC-71275297.pdfGet hashmaliciousHTMLPhisherBrowse
    • 140.82.121.4
    phish_alert_iocp_v1.4.48 (39).emlGet hashmaliciousTycoon2FABrowse
    • 140.82.121.3
    phish_alert_iocp_v1.4.48 (38).emlGet hashmaliciousHTMLPhisherBrowse
    • 140.82.121.4
    ATT09876.htmGet hashmaliciousHTMLPhisherBrowse
    • 140.82.121.4
    SecuriteInfo.com.Win64.Evo-gen.19407.6877.exeGet hashmaliciousUnknownBrowse
    • 140.82.121.3
    Request For Quotation.jsGet hashmaliciousSTRRATBrowse
    • 140.82.121.4
    Proof Of Payment.jsGet hashmaliciousSTRRATBrowse
    • 140.82.121.4
    Request For Quotation.jsGet hashmaliciousSTRRATBrowse
    • 140.82.121.4

    JA3 Fingerprints

    No context

    Dropped Files

    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    C:\Users\user\AppData\Local\Temp\_MEI63002\VCRUNTIME140.dllInstall.msiGet hashmaliciousUnknownBrowse
      https://www.gearupbooster.com/ru/Get hashmaliciousUnknownBrowse
        BGG0tq9ujC.exeGet hashmaliciousRedLine, SectopRATBrowse
          CaisseIris-3.3.8.27723-Setup.exeGet hashmaliciousUnknownBrowse

            Created / dropped Files

            C:\Users\user\AppData\Local\Temp\_MEI63002\VCRUNTIME140.dll

            Download File
            Process:C:\Users\user\Desktop\bcLKBiuPHu.exe
            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
            Category:dropped
            Size (bytes):90480
            Entropy (8bit):6.945887440610348
            Encrypted:false
            SSDEEP:1536:ckch/beb1bBhdXPFSAS7wIVktX8/eZT2G//ecb2Z0X3I+zl3z:ck2+1blXPg7wIVkts/UF/ecb2a5F
            MD5:81B11024A8ED0C9ADFD5FBF6916B133C
            SHA1:C87F446D9655BA2F6FDDD33014C75DC783941C33
            SHA-256:EB6A3A491EFCC911F9DFF457D42FED85C4C170139414470EA951B0DAFE352829
            SHA-512:E4B1C694CB028FA960D750FA6A202BC3A477673B097B2A9E0991219B9891B5F879AA13AA741F73ACD41EB23FEEE58E3DD6032821A23E9090ECD9CC2C3EC826A1
            Malicious:false
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            Joe Sandbox View:
            • Filename: Install.msi, Detection: malicious, Browse
            • Filename: , Detection: malicious, Browse
            • Filename: BGG0tq9ujC.exe, Detection: malicious, Browse
            • Filename: CaisseIris-3.3.8.27723-Setup.exe, Detection: malicious, Browse
            Reputation:moderate, very likely benign file
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........=..n..n..n...o..n..in..n..n...n...o...n...o...n...o..n...o..n...n..n...o..nRich..n................PE..L......~.........."!..."............0........................................P.......F....@A........................p........ .......0..................pO...@.......$..T............................#..@............ ...............................text............................... ..`.data...............................@....idata....... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................................................................................................

            C:\Users\user\AppData\Local\Temp\_MEI63002\_brotli.cp311-win32.pyd

            Download File
            Process:C:\Users\user\Desktop\bcLKBiuPHu.exe
            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
            Category:dropped
            Size (bytes):748544
            Entropy (8bit):6.001460160538139
            Encrypted:false
            SSDEEP:12288:4Q0kDJni8jDQJD1nGesPK0vbdujpWY+Bf5Z/CYAHhlyw82XTw05nmZfR:4QbDenAKgDFAEtAmZfR
            MD5:C899169A94FBF06EF0C1330E1B8AD3C5
            SHA1:C872D024B54A6FD44AEE3C512F0AB99C391759C1
            SHA-256:CF36109A0A53C36C9A6EDC98006FFEAEF129C6308068F70D4C6B057A99981979
            SHA-512:40C069C9C08611265B88D7B210BEC41C4785D28273AF64A09A647626DE52C3B3BC11610A5FD04D529609DB12B865FC0380E09A4F2155AEA8D84A54EC73C1BDAE
            Malicious:false
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            Reputation:low
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......(.t.l...l...l...e...d......n...'...n......`......f......i.......o...l...W.......L.......m......m.......m...Richl...........PE..L......d...........!...#.b..........`g....................................................@..........................i..\....i.......................................e..............................8e..@............................................text...;a.......b.................. ..`.rdata...............f..............@..@.data...H............X..............@....rsrc................^..............@..@.reloc...............`..............@..B........................................................................................................................................................................................................................................................................................................

            C:\Users\user\AppData\Local\Temp\_MEI63002\_bz2.pyd

            Download File
            Process:C:\Users\user\Desktop\bcLKBiuPHu.exe
            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
            Category:dropped
            Size (bytes):81176
            Entropy (8bit):6.785872405308554
            Encrypted:false
            SSDEEP:1536:lN4S0hPglsjrfr8eNGfq8f7DpIVCVFe77SynFxa:nUIlsH1Gftf7DpIVCVF8l2
            MD5:51DE41BDC71FC00669842F6AB9E3E67C
            SHA1:58E3CA046145E61808FA97D2F87B5A0FCECDB1AB
            SHA-256:3346A214D1ABBF7570D12082B1853F95F279C16A7802A64D64CF6A859B79AFB8
            SHA-512:BB5825B3001385BD390CED3A8001C7459EB4473CBEEF8674F281CBD6E965BEE9278D1DAA4FEF3FC892ECECF2A31A618FAF859A2967C56F4BD81C165E49A20057
            Malicious:false
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            Reputation:low
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......v..92..j2..j2..j;..j8..j...k0..j...j1..j...k>..j...k8..j...k0..j...k1..jy.k0..j2..jn..j...k:..j...k3..j..}j3..j...k3..jRich2..j........PE..L......e...........!...#.....F......!........................................@............@.............................H............ .................../...0..........T........................... ...@...............8............................text............................... ..`.rdata...........0..................@..@.data...8...........................@....rsrc........ ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................................................................................................

            C:\Users\user\AppData\Local\Temp\_MEI63002\_decimal.pyd

            Download File
            Process:C:\Users\user\Desktop\bcLKBiuPHu.exe
            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
            Category:modified
            Size (bytes):199960
            Entropy (8bit):6.892069397658368
            Encrypted:false
            SSDEEP:6144:Xx4FHSDFuewx5lsattrCuqpC/3vMW5gn4vweTML:XWJSDYewx5lsCXRwZ
            MD5:8D48BB13D4621011E2C75726552DAB94
            SHA1:07156ECD3C422A1065F0DDAAF4D0927E645AC872
            SHA-256:C6EA79AA895C978B10C6961501D09E5FEA2385D6A2319FAF68B9A4DD2B2F60A9
            SHA-512:FD31C9A2F2A1244FEF1536255C87892A1B2DE3E3AD2C58C025B7F6967692668054447C22BFB4AABC5889F60BF6FE91D9CD2D47C69FBF8D80BFE69978FD107C64
            Malicious:false
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            Reputation:low
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........?f.jQ5.jQ5.jQ5...5.jQ5l.P4.jQ5l.T4.jQ5l.U4.jQ5l.R4.jQ5..P4.jQ5..P4.jQ5.jP5HjQ5..Y4.jQ5..Q4.jQ5...5.jQ5..S4.jQ5Rich.jQ5........PE..L......e...........!...#..................... .......................................c....@.............................P................................/..............T..............................@............ ..h............................text............................... ..`.rdata..D.... ......................@..@.data...............................@....rsrc...............................@..@.reloc........... ..................@..B........................................................................................................................................................................................................................................................................................................

            C:\Users\user\AppData\Local\Temp\_MEI63002\_hashlib.pyd

            Download File
            Process:C:\Users\user\Desktop\bcLKBiuPHu.exe
            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
            Category:dropped
            Size (bytes):49944
            Entropy (8bit):6.737427317769819
            Encrypted:false
            SSDEEP:1536:BMiPZIjlyT0uwVDmhIVOIdzYV7SyU3xZ+/:BfPYDdmhIVOIdz8Sn+/
            MD5:46A2C1412A5C6310B1F0AEEE6BBA9518
            SHA1:CB7147C4565B887B7699F450C557055D51DC0159
            SHA-256:06E05614C8CA3F54D08F88134A175E4BD760BBFAFB97685D0CD1FF7660560C97
            SHA-512:E384E024548CD4D6697FA8164C011173B1C4D25F19C97FAB15530CEE53F3012997E9848928A0834145C24B135BA21D0E2EA703D2B0C15085F2FB2E6817DB21E5
            Malicious:false
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            Reputation:low
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........A.RK ..K ..K ..BX[.O ...\..I ...\..@ ...\..A ...\..J ...X..I ...]..N ..K ... ...]..J ...]..J ...]7.J ...]..J ..RichK ..........PE..L......e...........!...#.@...T.......D.......P......................................B.....@..........................w..P... x.........................../...........s..T...........................(s..@............P...............................text...g>.......@.................. ..`.rdata...4...P...6...D..............@..@.data...d............z..............@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................

            C:\Users\user\AppData\Local\Temp\_MEI63002\_lzma.pyd

            Download File
            Process:C:\Users\user\Desktop\bcLKBiuPHu.exe
            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
            Category:dropped
            Size (bytes):149272
            Entropy (8bit):7.021218121183973
            Encrypted:false
            SSDEEP:3072:ZHC2Ujp8exmcXl2VZuEXHeligl2VpJiGHH0Dy2MzHf/9mNol85pIVZ1kHr6A9:e7TyfX+Mh2oHYOW5N9
            MD5:FFFE5C4AAFF41572BA3324B4ABEDA333
            SHA1:B5A4D126AF1DA4B5786E86CD52495DF0D7F262BD
            SHA-256:6BEC1D6BB71DA6F743E1DB6140C63487BD590572F28EB3542184FDDBB76D61C2
            SHA-512:17416F6F1B6AC44B3EF878C13641D015BBF7F62C3AEEBA8511293EBB867B30EA34F5EDA5B870F2018EF7C19B61DA52EF2932C6A27E158D3F786B10FA83BFD506
            Malicious:false
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............f.Q.f.Q.f.Q..3Q.f.Q...P.f.Q...P.f.Q...P.f.Q...P.f.Qk..P.f.Q...P.f.Q.f.Q.f.Qk..P.f.Qk..P.f.Qk._Q.f.Qk..P.f.QRich.f.Q................PE..L......e...........!...#.j..........>n.......................................@............@.............................L.......x.... .................../...0..h.......T...............................@...............|............................text...[h.......j.................. ..`.rdata..............n..............@..@.data...............................@....rsrc........ ......................@..@.reloc..h....0......................@..B................................................................................................................................................................................................................................................................................................

            C:\Users\user\AppData\Local\Temp\_MEI63002\_queue.pyd

            Download File
            Process:C:\Users\user\Desktop\bcLKBiuPHu.exe
            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
            Category:dropped
            Size (bytes):28440
            Entropy (8bit):6.8587028166225865
            Encrypted:false
            SSDEEP:384:UQUgs86Jljl4qpg6rDYQyJsdGkQ9IVQUgHQIYiSy1pCQjdH1AM+o/8E9VF0NyLCx:UQUU6y96ryQxQ9IVQUa5YiSyvjAMxkE6
            MD5:E488BECAB5189E96E24314B960B64533
            SHA1:0A71D196AB07BA353D5053DC79712513DB923CFD
            SHA-256:C4400868C02CE5ABA5B48CED18B6315AE4FDA14C2C8A23A0EB3A05B24F690308
            SHA-512:BA6F5FBBEAC6A9EE97FD9FE108C0DC8AC3A993905FFA8C7CF6B07B02129FE923AE2CC8E17E0D5798867BFD3285414AAF39C407A01D6368FE13E57A073FD593C5
            Malicious:false
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...................y...8.....8.....8.....8.....^.................^.....^.....^.....^.....Rich....................PE..L......e...........!...#.....*......3........0.......................................P....@..........................=..L...\=..d....`...............@.../...p..`...(9..T...........................h8..@............0...............................text............................... ..`.rdata..`....0......................@..@.data...<....P.......0..............@....rsrc........`.......2..............@..@.reloc..`....p.......<..............@..B................................................................................................................................................................................................................................................................................................

            C:\Users\user\AppData\Local\Temp\_MEI63002\_socket.pyd

            Download File
            Process:C:\Users\user\Desktop\bcLKBiuPHu.exe
            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
            Category:dropped
            Size (bytes):68888
            Entropy (8bit):6.766113027029255
            Encrypted:false
            SSDEEP:1536:1oOr3OlTJQMT9f8+CeazfOIQlkJ9IVLwIuuy7Syqxa:JiqMT9f8DeazfOIHJ9IVLwIryL
            MD5:14B6EEC2249265534320F4AF78D25AAE
            SHA1:A8443EE02AED5B610E06765CB3F990FCC49C7789
            SHA-256:B3EA7C7E3FE0ACDEC27D0E8E046D102A909973B3A4D269A0FEC3B94F056E696D
            SHA-512:59F9FEE3A501704C28A6F5754E9DD037C279C5C43BDF90686E7012E98BB8598DBF3AA11E3FF878F33CB3136BE292A0ED76C273FD2C380B19AC60329362FF1FF1
            Malicious:false
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........D..*..*..*....*.P.+..*.P./..*.P....*.P.)..*.6.+..*..+.].*...+..*.6."..*.6.*..*.6...*.6.(..*.Rich.*.................PE..L......e...........!...#.b...|.......h....................................................@.............................P...`............................/..............T...........................0...@............................................text....a.......b.................. ..`.rdata..j[.......\...f..............@..@.data...8...........................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

            C:\Users\user\AppData\Local\Temp\_MEI63002\_ssl.pyd

            Download File
            Process:C:\Users\user\Desktop\bcLKBiuPHu.exe
            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
            Category:dropped
            Size (bytes):155416
            Entropy (8bit):6.451936276287884
            Encrypted:false
            SSDEEP:3072:rxka2B9wnzjDX8/E4plP6Z3OS5wNWXWSWupIVC76W6:rxka2B9wzX8/HplP6Z3LGNWXWBu0
            MD5:55C985ABCB2408694CEDFF9862B115CC
            SHA1:747F954EBE4CA63E34746568A78607C229B57755
            SHA-256:2750D8D79179E34DE65E044D396849889824A5C10F5C1195A4A8916CC3864DA6
            SHA-512:6A5B3A8746864F39D085375AB469DC98907DA8E3104CB022F11345D4C389D5E697D3153A8E93852D332AE4EB16E721D7AAE2FA4F899DB4152157D5000A69D84A
            Malicious:false
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......=r..y...y...y...pk..}....o..{....o..u....o..s....o..x...n......y.......2k..~...n..{...n..x...nj.x...n..x...Richy...................PE..L......e...........!...#.....................................................`......v.....@.........................@...d............ ...............0.../...0... ..@...T...............................@...............$............................text...M........................... ..`.rdata..............................@..@.data...@].......Z..................@....rsrc........ ......................@..@.reloc... ...0..."..................@..B................................................................................................................................................................................................................................................................................................

            C:\Users\user\AppData\Local\Temp\_MEI63002\base_library.zip

            Download File
            Process:C:\Users\user\Desktop\bcLKBiuPHu.exe
            File Type:Zip archive data, at least v2.0 to extract, compression method=store
            Category:dropped
            Size (bytes):1440734
            Entropy (8bit):5.590383253842785
            Encrypted:false
            SSDEEP:24576:mQR5pATG8/R5lUKdcubgAnyfb8h30iwhBdYf9PfeYHHc:mQR5pE/RbPu
            MD5:D220B7E359810266FE6885A169448FA0
            SHA1:556728B326318B992B0DEF059ECA239EB14BA198
            SHA-256:CA40732F885379489D75A2DEC8EB68A7CCE024F7302DD86D63F075E2745A1E7D
            SHA-512:8F802C2E717B0CB47C3EEEA990FFA0214F17D00C79CE65A0C0824A4F095BDE9A3D9D85EFB38F8F2535E703476CB6F379195565761A0B1D738D045D7BB2C0B542
            Malicious:false
            Preview:PK..........!.h%..b...b......._collections_abc.pyc............................................d.Z.d.d.l.m.Z.m.Z...d.d.l.Z...e.e.e.........................Z...e.d...............Z.d...Z...e.e...............Z.[.g.d...Z.d.Z...e...e.d.............................Z...e...e...e...........................................Z...e...e.i.................................................................Z...e...e.i.................................................................Z...e...e.i.................................................................Z...e...e.g.............................Z...e...e...e.g...........................................Z...e...e...e.d...........................................Z...e...e...e.d.d.z.............................................Z...e...e...e...........................................Z...e...e.d.............................Z ..e...e.d.............................Z!..e...e...e"..........................................Z#..e.i.......................................

            C:\Users\user\AppData\Local\Temp\_MEI63002\certifi\cacert.pem

            Download File
            Process:C:\Users\user\Desktop\bcLKBiuPHu.exe
            File Type:ASCII text
            Category:dropped
            Size (bytes):281617
            Entropy (8bit):6.048201407322743
            Encrypted:false
            SSDEEP:6144:QW1H/M8fRR1mNplkXURrVADwYCuCigT/Q5MSRqNb7d8iu5f:QWN/TR8NLWURrI55MWavdF0f
            MD5:78D9DD608305A97773574D1C0FB10B61
            SHA1:9E177F31A3622AD71C3D403422C9A980E563FE32
            SHA-256:794D039FFDF277C047E26F2C7D58F81A5865D8A0EB7024A0FAC1164FEA4D27CF
            SHA-512:0C2D08747712ED227B4992F6F8F3CC21168627A79E81C6E860EE2B5F711AF7F4387D3B71B390AA70A13661FC82806CC77AF8AB1E8A8DF82AD15E29E05FA911BF
            Malicious:false
            Preview:.# Issuer: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Subject: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Label: "GlobalSign Root CA".# Serial: 4835703278459707669005204.# MD5 Fingerprint: 3e:45:52:15:09:51:92:e1:b7:5d:37:9f:b1:87:29:8a.# SHA1 Fingerprint: b1:bc:96:8b:d4:f4:9d:62:2a:a8:9a:81:f2:15:01:52:a4:1d:82:9c.# SHA256 Fingerprint: eb:d4:10:40:e4:bb:3e:c7:42:c9:e3:81:d3:1e:f2:a4:1a:48:b6:68:5c:96:e7:ce:f3:c1:df:6c:d4:33:1c:99.-----BEGIN CERTIFICATE-----.MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG.A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv.b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw.MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i.YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT.aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ.jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp.xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz

            C:\Users\user\AppData\Local\Temp\_MEI63002\charset_normalizer\md.cp311-win32.pyd

            Download File
            Process:C:\Users\user\Desktop\bcLKBiuPHu.exe
            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
            Category:dropped
            Size (bytes):8704
            Entropy (8bit):5.1148399549625045
            Encrypted:false
            SSDEEP:96:0WUpRoDPmhcl0dhRSKc65WJ1ks/vnnZjOwCFNrTMmGffQJykT16:fuRoDPmV7SK3WJzvZjOVMVnCd4
            MD5:E13DB7820E187E370F711F31A5151BC6
            SHA1:04B19B9548A99845937683AFEBCFEDDBA6F9706D
            SHA-256:4BF3600DF9B4FF165AD3BE28A89D2036F9D8B3AB8FD856FE0CF8826694D38E97
            SHA-512:C73C82A152E2DE05EB4E4D415516960755AA0BD5B175C2AF5A0671C84EFB3433458D87967207E746BEA02F6421E657CBFEA1D0137056730615EC0A1C7DE298EC
            Malicious:false
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................=...0..........0.....0.....0.............V.....V.....V.Q...V.....Rich............PE..L......e...........!...#..................... ...............................`............@.........................@%..l....%..d....@.......................P..T....!...............................!..@............ ..x............................text............................... ..`.rdata.. .... ......................@..@.data........0......................@....rsrc........@......................@..@.reloc..T....P....... ..............@..B........................................................................................................................................................................................................................................................................................................

            C:\Users\user\AppData\Local\Temp\_MEI63002\charset_normalizer\md__mypyc.cp311-win32.pyd

            Download File
            Process:C:\Users\user\Desktop\bcLKBiuPHu.exe
            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
            Category:dropped
            Size (bytes):95744
            Entropy (8bit):6.492446567147659
            Encrypted:false
            SSDEEP:1536:XaFaJSV9hRxI5RQYDp/pV78Tp4fqpsDRPOqksLDYY0E:KcMFRERQGQpuqpWPSsLDb
            MD5:A8B91C193070245362D46B62A16EAE5D
            SHA1:9C4A5DD9E306557EED2D4D8ECE7638F5FB63E72C
            SHA-256:AA7D447208FCEFDB6FBE0DA78D6C931DDCCBD7B501AEA88FEF536B256C3BECAA
            SHA-512:ADC6D590B8DFE9C16A921FBBA7011120EB89423AD71A9205462243D3642D9675E8DB9AB7335F98F94CAED5B11093F4839DE38A28B0A6A9D5D6880092DF6AEA5C
            Malicious:false
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......u.If1.'51.'51.'58..57.'5..&43.'5z.&43.'5.."4=.'5..#4;.'5..$43.'5+.&42.'51.&5..'5./40.'5.'40.'5..50.'5.%40.'5Rich1.'5........PE..L......e...........!...#.....|......@.....................................................@.........................@B..`....B..x....................................>...............................=..@...............<............................text............................... ..`.rdata...@.......B..................@..@.data........`.......B..............@....rsrc................Z..............@..@.reloc...............\..............@..B........................................................................................................................................................................................................................................................................................................

            C:\Users\user\AppData\Local\Temp\_MEI63002\libcrypto-3.dll

            Download File
            Process:C:\Users\user\Desktop\bcLKBiuPHu.exe
            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
            Category:dropped
            Size (bytes):3477272
            Entropy (8bit):6.045929515051374
            Encrypted:false
            SSDEEP:49152:ATzvl4LDpNkmTOVrYqSeGvDKfuvEKzF5++/u1CPwDvt3uFlDCJc9uHDU:Izvl43ToLM5+P1CPwDvt3uFlDCK
            MD5:9A76997E6836C479C5E1993CBB3CEFAE
            SHA1:6747A82434DAA76239C68E1F75C26F4420F4832D
            SHA-256:BDBF2FF122354B0E219DF81293DE186CECFD966FCE64E3831B798FFD7C3FC815
            SHA-512:5FB3F7EEB770F1BDCB06558081441E9FC9BBC618059E33F6864AFEB3474033EC1BE036CBC5503B74CB56B82894976F03F87E15F1EF5E5BF779DE78E15A0C2CDF
            Malicious:false
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.....d...d...d.......d...e...d...a...d...`...d...g...d...e...d.N.e...d..`.j.d..d...d......d..f...d.Rich..d.........................PE..L...R..e...........!...#..%.........>.........&..............................@5.......5...@.........................../.0....53.T....`3.|.............4../...p3....X./.8...........................p./.@............03..............................text.....%.......%................. ..`.rdata........&.......%.............@..@.data...0>....2.......2.............@....idata..(....03.......2.............@..@.00cfg.......P3.......3.............@..@.rsrc...|....`3.......3.............@..@.reloc.......p3.......3.............@..B................................................................................................................................................................................................................

            C:\Users\user\AppData\Local\Temp\_MEI63002\libssl-3.dll

            Download File
            Process:C:\Users\user\Desktop\bcLKBiuPHu.exe
            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
            Category:dropped
            Size (bytes):637720
            Entropy (8bit):5.821457180009035
            Encrypted:false
            SSDEEP:12288:xWkw3Hj9L2fnecKCBd3uxPJdVMB//rxBuvEjmIFe9Xb1OYm:xWk85Vy/1DjmIFe9Xb1OYm
            MD5:E228C3449BDC21F4A9C370B622DF29C9
            SHA1:F6066335CD5DBCA359092497854BCFDCF4A19DCD
            SHA-256:09476CAFB962F5AEB646663A852745B65D53C4AF4F3F8C68077216FECC393434
            SHA-512:3323EB1F03F2E5113D7808F7CDD28C597D339E760858D486E208B4FCE552D0C2E5C483CBAF7D9B311C159E0B5D0701D7B7D9D88ABBA1589AE52B37A814ED5A6F
            Malicious:false
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ti.[...[...[...Rm..U....i..Y....m..Y....i..P....i..Q....i..Y....h..X...[...B....h..j....h..Z....h..Z....h..Z...Rich[...................PE..L......e...........!...#............P$....................................................@..........................i...Q...........`..s................/...p...F.. X..8...........................8W..@............................................text............................... ..`.rdata..x...........................@..@.data....<.......:..................@....idata..<K.......L..................@..@.00cfg.......P.......2..............@..@.rsrc...s....`.......4..............@..@.reloc..5O...p...P...<..............@..B................................................................................................................................................................................................................

            C:\Users\user\AppData\Local\Temp\_MEI63002\python311.dll

            Download File
            Process:C:\Users\user\Desktop\bcLKBiuPHu.exe
            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
            Category:dropped
            Size (bytes):4951320
            Entropy (8bit):6.568678064005723
            Encrypted:false
            SSDEEP:49152:wHC3UZTlq9UE7fpKNsyRRLffWFn888cms8l3HIL+3+HFuMZn7PHqtqgQvTwZN0Ix:V3h9p7poLbg81LiL4+HQMZLqMHvs0rX+
            MD5:736100C9F091C30B40FC4F51D0AA4872
            SHA1:16563E0D1A38D22E83DE00A13830D21D936C5965
            SHA-256:22DFA280DFFD308965C7990CB3F9C452D2437A145C9E36F82E84E8642FD45034
            SHA-512:52A7B7CD2CBF3D1B88EF9F72EC5FDE778E14F659E3C081C1D8A0E15FAB88137D0C719095512A20B06B123EC0B66533F1958D1AD434C9D9718A105B1C99EBEA01
            Malicious:false
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............v..v..v.Y.w..v.Y...v.Y.s..v.Y.r..v.Y.u..v......v...w..v..w...v.?.~. .v.?.v..v.?...v.?.t..v.Rich.v.................PE..L......e...........!...#.Z%...(.....4[%......p%..............................PN......}L...@...........................;.......;...... K..............^K../...0K.4....:.T.............................:.@............p%..............................text....Y%......Z%................. ..`.rdata......p%......^%.............@..@.data.........<.......;.............@...PyRuntimXL....I..N....F.............@....rsrc........ K......6H.............@..@.reloc..4....0K......@H.............@..B........................................................................................................................................................................................................................................................

            C:\Users\user\AppData\Local\Temp\_MEI63002\select.pyd

            Download File
            Process:C:\Users\user\Desktop\bcLKBiuPHu.exe
            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
            Category:dropped
            Size (bytes):27416
            Entropy (8bit):6.8592225305142005
            Encrypted:false
            SSDEEP:768:8IoqIIEnqwtl9IVQGJV5YiSyvAAMxkEkX:8lqwtl9IVQGx7SyWxi
            MD5:0DEE667531FD7F97DD1714AD1BA8C1DD
            SHA1:ADF5E25BFEFA53BDC018CC65D1696875DB1165DE
            SHA-256:6E3E63B55E261000DBB657BB16AF37E37405F2919331CE4C9AECD87C2E9D4B5B
            SHA-512:AFB2D14395DE45B1F1220018AF612200E2B900708B5AD8207147318FCFC35619DEFFC6DA2212BF5F14188C9C98F5F51B5655EA862A51E4D4B6EA64536E6BBA45
            Malicious:false
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........|...............eF.....ja......ja......ja......ja.......`...............e.......`.......`.......`*......`......Rich....................PE..L......e...........!...#....."......=........0............................................@..........................;..L...\;..x....`...............<.../...p.......7..T...........................P6..@............0...............................text...;........................... ..`.rdata..n....0......................@..@.data........P......................@....rsrc........`.......0..............@..@.reloc.......p.......:..............@..B................................................................................................................................................................................................................................................................................................

            C:\Users\user\AppData\Local\Temp\_MEI63002\unicodedata.pyd

            Download File
            Process:C:\Users\user\Desktop\bcLKBiuPHu.exe
            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
            Category:dropped
            Size (bytes):1132312
            Entropy (8bit):5.442159481332278
            Encrypted:false
            SSDEEP:12288:b7yonRiPDjR0O518AfjwR6nb6EPYPx++ZisNqGZ5KXyVH4+GCva:b7y0IDacpMNEwPgPscG6Xyd4fCi
            MD5:5D9174C5834499882969C15EE55DCC85
            SHA1:B921CE1702A44CAEE5FC1BF559D51DE0E002BB9B
            SHA-256:0BCE170BE38E5B8F711B2A1FBCC6B61B3715275A6F0356AC698CE696B7C848C0
            SHA-512:FD46E3D6E620314A7CAF7978811D3562AF269E1451D2CDA330709DA654EAFE6241326F55A0F3C69429ABE3BE3CF299D0E040FFA4339394AE1B9707AE9E82CD4C
            Malicious:false
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........N".. q.. q.. q...q.. q..!p.. q..%p.. q..$p.. q..#p.. qr.!p.. q.!p.. q..!q.. qr.(p.. qr. p.. qr..q.. qr."p.. qRich.. q........PE..L......e...........!...#.4..........#9.......P...............................P............@.............................X...(........0.................../...@..........T...............................@............P..,............................text....2.......4.................. ..`.rdata..6....P.......8..............@..@.data... .... ......................@....rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................................................................................

            \Device\ConDrv

            Download File
            Process:C:\Users\user\Desktop\bcLKBiuPHu.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):71
            Entropy (8bit):4.346192633791265
            Encrypted:false
            SSDEEP:3:sQV6ZMBFReNmI4kqUAuF5QEyn:sQIZgMmI4kS3
            MD5:D01B207BC2B680A8F5CE6E949E47B943
            SHA1:4CF7CB01984527895D6C252CE05E320642F43184
            SHA-256:18968E5F09362ACF3ED5F9574B4D008B90DD872B5416708ECB2F379DDA65455B
            SHA-512:7CDAB77F343B4A52CFF0FBEEF8C67BE14934374375222AEE30C1E284BE9616C64FECCFA2E72BC6425169A29BE1BCDF1B2956403816EB745720A835BBD8DE64A2
            Malicious:false
            Preview:[6508] Failed to execute script 'dropper' due to unhandled exception!..

            Static File Info

            General

            File type:PE32 executable (console) Intel 80386, for MS Windows
            Entropy (8bit):7.241570122063655
            TrID:
            • Win32 Executable (generic) a (10002005/4) 99.96%
            • Generic Win/DOS Executable (2004/3) 0.02%
            • DOS Executable Generic (2002/1) 0.02%
            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
            File name:bcLKBiuPHu.exe
            File size:35'527'104 bytes
            MD5:667ead6e36314bd21b1fa1fb9f1960b6
            SHA1:b14ecebb5df15c8ab0f11663d419c2ccb1944760
            SHA256:c13c6923bd8eab75c07640ad362833787d78a005577f8d5e32927139df8e2cd0
            SHA512:d8b8f8b128439ae512275a69ec56fdc139c45dbca735077cd287ed6494559a6f497992cf897c68be781149bb88f5461582c35127500f0dcc2549d2de958a5493
            SSDEEP:393216:16Csu5h4Lj92HygC5Ou2hFJ4X5g/nC1utUUplcc+Z0B1+IgWxlq5L0acaoaSOXEJ:10urM5oGiQV0B1+IgWx0tHcuUDF
            TLSH:0A77AE17B294C095D1B6D134C62287B6EB717C1AD72196CB37AC7E163F332E08A3A791
            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........;...;...;...p...7...p.......p.../.....U.?...............)......./...p...<...;...K...............:...Rich;...........PE..L..

            File Icon

            Icon Hash:2f232d67b7934633

            Static PE Info

            General

            Entrypoint:0x40ab30
            Entrypoint Section:.text
            Digitally signed:true
            Imagebase:0x400000
            Subsystem:windows cui
            Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
            DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
            Time Stamp:0x66B24CA5 [Tue Aug 6 16:17:41 2024 UTC]
            TLS Callbacks:
            CLR (.Net) Version:
            OS Version Major:5
            OS Version Minor:1
            File Version Major:5
            File Version Minor:1
            Subsystem Version Major:5
            Subsystem Version Minor:1
            Import Hash:7f6374fa43fb59c8c933315a94a24259

            Authenticode Signature

            Signature Valid:true
            Signature Issuer:CN=SSL.com EV Code Signing Intermediate CA RSA R3, O=SSL Corp, L=Houston, S=Texas, C=US
            Signature Validation Error:The operation completed successfully
            Error Number:0
            Not Before, Not After
            • 04/07/2024 09:15:01 04/07/2025 06:27:09
            Subject Chain
            • OID.1.3.6.1.4.1.311.60.2.1.3=CN, OID.2.5.4.15=Private Organization, CN="Hebei Yingtong Pipeline Co., Ltd.", SERIALNUMBER=91130900335872388P, O="Hebei Yingtong Pipeline Co., Ltd.", L=Cangzhou, S=Hebei, C=CN
            Version:3
            Thumbprint MD5:3AFEC48ADFA00ED083999F0A15FE4EE8
            Thumbprint SHA-1:B8B63B45242CF37561729AA4CB601CFE67E9DBFA
            Thumbprint SHA-256:D592E1FD6B5E33BF819D4A0CBE876A3E9BE9A3621B9EAF29A7BA5A11A3A6084C
            Serial:7F71AF692330002E03E1311EB8A8B7E0

            Entrypoint Preview

            Instruction
            call 00007F25A0B48235h
            jmp 00007F25A0B47BFDh
            push ebp
            mov ebp, esp
            push 00000000h
            call dword ptr [0042809Ch]
            push dword ptr [ebp+08h]
            call dword ptr [00428098h]
            push C0000409h
            call dword ptr [00428064h]
            push eax
            call dword ptr [004280A0h]
            pop ebp
            ret
            push ebp
            mov ebp, esp
            sub esp, 00000324h
            push 00000017h
            call dword ptr [004280A4h]
            test eax, eax
            je 00007F25A0B47D97h
            push 00000002h
            pop ecx
            int 29h
            mov dword ptr [00437D10h], eax
            mov dword ptr [00437D0Ch], ecx
            mov dword ptr [00437D08h], edx
            mov dword ptr [00437D04h], ebx
            mov dword ptr [00437D00h], esi
            mov dword ptr [00437CFCh], edi
            mov word ptr [00437D28h], ss
            mov word ptr [00437D1Ch], cs
            mov word ptr [00437CF8h], ds
            mov word ptr [00437CF4h], es
            mov word ptr [00437CF0h], fs
            mov word ptr [00437CECh], gs
            pushfd
            pop dword ptr [00437D20h]
            mov eax, dword ptr [ebp+00h]
            mov dword ptr [00437D14h], eax
            mov eax, dword ptr [ebp+04h]
            mov dword ptr [00437D18h], eax
            lea eax, dword ptr [ebp+08h]
            mov dword ptr [00437D24h], eax
            mov eax, dword ptr [ebp-00000324h]
            mov dword ptr [00437C60h], 00010001h

            Data Directories

            NameVirtual AddressVirtual Size Is in Section
            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
            IMAGE_DIRECTORY_ENTRY_IMPORT0x34ffc0x50.rdata
            IMAGE_DIRECTORY_ENTRY_RESOURCE0x390000x1aae582.rsrc
            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
            IMAGE_DIRECTORY_ENTRY_SECURITY0x21def000x2ac0
            IMAGE_DIRECTORY_ENTRY_BASERELOC0x1ae80000x1de8.reloc
            IMAGE_DIRECTORY_ENTRY_DEBUG0x340700x1c.rdata
            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x33fb00x40.rdata
            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
            IMAGE_DIRECTORY_ENTRY_IAT0x280000x1a0.rdata
            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

            Sections

            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
            .text0x10000x262320x26400f80c3fd7ad1a8cf3a54222f6018adcdbFalse0.5587660845588235MPEG-4 LOAS6.653161377041795IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            .rdata0x280000xd9cc0xda0034618ea748e3a6e21f718ba57aff88b1False0.5518026089449541data6.149306418621418IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
            .data0x360000x283c0xc00f5f73af017de2fad03fc4d7bf2b307ecFalse0.14811197916666666Matlab v4 mat-file (little endian) \261\031\277D\377\377\377\377\001, text, rows 4294967295, columns 01.8822452400123328IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
            .rsrc0x390000x1aae5820x1aae600c80df4f21dac2c8951d7119d7abbc6e9unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
            .reloc0x1ae80000x1de80x1e00e362055a417e12207d1379ccc331e417False0.8122395833333333data6.683048233878239IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

            Resources

            NameRVASizeTypeLanguageCountryZLIB Complexity
            AFX_DIALOG_LAYOUT0x52b180x2dataEnglishGreat Britain5.0
            AFX_DIALOG_LAYOUT0x52b1c0x2dataEnglishGreat Britain5.0
            AFX_DIALOG_LAYOUT0x52b200x2dataEnglishGreat Britain5.0
            AFX_DIALOG_LAYOUT0x52b240x2dataEnglishGreat Britain5.0
            AFX_DIALOG_LAYOUT0x52b280x2dataEnglishGreat Britain5.0
            AFX_DIALOG_LAYOUT0x52b2c0x2dataEnglishGreat Britain5.0
            AFX_DIALOG_LAYOUT0x52b300x2dataEnglishGreat Britain5.0
            AFX_DIALOG_LAYOUT0x52b340x2dataEnglishGreat Britain5.0
            AFX_DIALOG_LAYOUT0x52b380x2dataEnglishGreat Britain5.0
            AFX_DIALOG_LAYOUT0x52b3c0x2dataEnglishGreat Britain5.0
            AFX_DIALOG_LAYOUT0x52b400x2dataEnglishGreat Britain5.0
            AFX_DIALOG_LAYOUT0x52b440x2dataEnglishGreat Britain5.0
            AFX_DIALOG_LAYOUT0x52b480x2dataEnglishGreat Britain5.0
            AFX_DIALOG_LAYOUT0x52b4c0x2dataEnglishGreat Britain5.0
            AFX_DIALOG_LAYOUT0x52b500x2dataEnglishGreat Britain5.0
            AFX_DIALOG_LAYOUT0x52b540x2dataEnglishGreat Britain5.0
            AFX_DIALOG_LAYOUT0x52b580x2dataEnglishGreat Britain5.0
            BINARY0x52b5c0x1046a08PE32+ executable (DLL) (console) x86-64, for MS Windows0.5078086853027344
            BINARY0x10995640x97c38PE32+ executable (DLL) (console) x86-64, for MS Windows0.48935208421811255
            BRANDING0x113119c0xc9a0PE32 executable (DLL) (GUI) Intel 80386, for MS Windows0.7315561066336019
            CSS0x113db3c0x13f0assembler source, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.23119122257053293
            CSS0x113ef2c0x1060ASCII text, with CRLF line terminatorsEnglishGreat Britain0.2972328244274809
            CSS0x113ff8c0x5a55ASCII text, with CRLF line terminatorsEnglishGreat Britain0.1152
            CSS0x11459e40x1975ASCII text, with CRLF line terminatorsEnglishGreat Britain0.21819855761853613
            CSS0x114735c0x711ASCII text, with CRLF line terminatorsEnglishGreat Britain0.32117191818684354
            CSS0x1147a700x2439ASCII text, with CRLF line terminatorsEnglishGreat Britain0.19271001833279414
            CSS0x1149eac0xf54ASCII text, with CRLF line terminatorsEnglishGreat Britain0.25076452599388377
            CSS0x114ae000x508ASCII text, with CRLF line terminatorsEnglishGreat Britain0.3703416149068323
            CSS0x114b3080xbf4ASCII text, with CRLF line terminatorsEnglishGreat Britain0.26830065359477123
            CSS0x114befc0x5d49ASCII text, with CRLF line terminatorsEnglishGreat Britain0.1835769021397764
            CSS0x1151c480xe3bASCII text, with CRLF line terminatorsEnglishGreat Britain0.27559703541037606
            CSS0x1152a840xa59ASCII text, with CRLF line terminatorsEnglishGreat Britain0.30539826349565874
            CSS0x11534e00x3eaASCII text, with CRLF line terminatorsEnglishGreat Britain0.405189620758483
            CSS0x11538cc0xe0bASCII text, with CRLF line terminatorsEnglishGreat Britain0.24200278164116829
            CSS0x11546d80x10e0ASCII text, with CRLF line terminatorsEnglishGreat Britain0.22407407407407406
            CSS0x11557b80x2fbASCII text, with CRLF line terminatorsEnglishGreat Britain0.47706422018348627
            CSS0x1155ab40x1a1ASCII text, with CRLF line terminatorsEnglishGreat Britain0.4172661870503597
            CSS0x1155c580x67d9assembler source, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.15839759262742148
            CSS0x115c4340x36bASCII text, with CRLF line terminatorsEnglishGreat Britain0.38057142857142856
            CSS0x115c7a00x2936ASCII text, with CRLF line terminatorsEnglishGreat Britain0.19734597156398104
            CSS0x115f0d80x35feASCII text, with CRLF line terminatorsEnglishGreat Britain0.11148893069020402
            CSS0x11626d80x1b4ASCII text, with CRLF line terminatorsEnglishGreat Britain0.43119266055045874
            CSS0x116288c0x1e38ASCII text, with CRLF line terminatorsEnglishGreat Britain0.22401758014477766
            CSS0x11646c40x827ASCII text, with CRLF line terminatorsEnglishGreat Britain0.3526593195975084
            CSS0x1164eec0xcaUnicode text, UTF-8 (with BOM) text, with CRLF line terminatorsEnglishGreat Britain0.7920792079207921
            CSS0x1164fb80x705ASCII text, with CRLF line terminatorsEnglishGreat Britain0.3094045631608236
            CSS0x11656c00xb2cassembler source, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.2923076923076923
            CSS0x11661ec0xa138Unicode text, UTF-8 (with BOM) text, with CRLF line terminatorsEnglishGreat Britain0.1559895328552045
            CSS0x11703240x12a0ASCII text, with CRLF line terminatorsEnglishGreat Britain0.2514681208053691
            CSS0x11715c40x8dfASCII text, with CRLF line terminatorsEnglishGreat Britain0.30647291941875826
            CSS0x1171ea40x1120ASCII text, with CRLF line terminatorsEnglishGreat Britain0.2050638686131387
            CSS0x1172fc40x3b73ASCII text, with CRLF line terminatorsEnglishGreat Britain0.15835468821867402
            CSS0x1176b380x497dASCII text, with CRLF line terminatorsEnglishGreat Britain0.1582947961515973
            CSS0x117b4b80x68fASCII text, with CRLF line terminatorsEnglishGreat Britain0.3156640857653365
            CSS0x117bb480x548ASCII text, with CRLF line terminatorsEnglishGreat Britain0.375
            CSS0x117c0900xb2aASCII text, with CRLF line terminatorsEnglishGreat Britain0.3002099370188943
            CSS0x117cbbc0x4f0ASCII text, with CRLF line terminatorsEnglishGreat Britain0.3362341772151899
            CSS0x117d0ac0x19caASCII text, with CRLF line terminatorsEnglishGreat Britain0.20372614359285066
            CSS0x117ea780x571assembler source, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.3488872936109117
            CSS0x117efec0x17bcassembler source, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.23452929558920343
            CSS0x11807a80x4a1assembler source, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.39071729957805906
            CSS0x1180c4c0x110ASCII text, with CRLF line terminatorsEnglishGreat Britain0.4375
            CSS0x1180d5c0x1ac4ASCII text, with CRLF line terminatorsEnglishGreat Britain0.24022183304144776
            CSS0x11828200x3ffaASCII text, with CRLF line terminatorsEnglishGreat Britain0.19868115765050678
            CSS0x118681c0x3eaASCII text, with CRLF line terminatorsEnglishGreat Britain0.405189620758483
            CSS0x1186c080x2303ASCII text, with CRLF line terminatorsEnglishGreat Britain0.23139573803414035
            CSS0x1188f0c0x11bbASCII text, with CRLF line terminatorsEnglishGreat Britain0.2337519277373871
            CSS0x118a0c80x1009ASCII text, with CRLF line terminatorsEnglishGreat Britain0.23483556638246042
            CSS0x118b0d40x47dASCII text, with CRLF line terminatorsEnglishGreat Britain0.4151436031331593
            CSS0x118b5540x1902Unicode text, UTF-8 (with BOM) text, with CRLF line terminatorsEnglishGreat Britain0.23586379256482348
            CSS0x118ce580xcbeASCII text, with CRLF line terminatorsEnglishGreat Britain0.3240343347639485
            CSS0x118db180xca3ASCII text, with CRLF line terminatorsEnglishGreat Britain0.32364760432766615
            CSS0x118e7bc0x6d7ASCII text, with CRLF line terminatorsEnglishGreat Britain0.32838378069674473
            CSS0x118ee940x1537ASCII text, with CRLF line terminatorsEnglishGreat Britain0.25151905726385565
            FILE0x11903cc0xb9200PE32+ executable (DLL) (console) x86-64, for MS Windows0.4532067648548278
            INI0x12495cc0x6a70ISO-8859 text, with CRLF line terminatorsEnglishUnited States0.17248972401644158
            INI0x125003c0x701Generic INItialization configuration [Missing Shared DLLs]EnglishUnited States0.369771332961517
            INI0x12507400x41046Unicode text, UTF-8 text, with CRLF line terminatorsEnglishUnited States0.14956629491945478
            PNG0x12917880x792PNG image data, 60 x 61, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0056759545923633
            PNG0x1291f1c0x85fPNG image data, 60 x 61, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0051329911339244
            PNG0x129277c0x884PNG image data, 60 x 61, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.005045871559633
            PNG0x12930000x72fcPNG image data, 920 x 400, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9665375730398152
            PNG0x129a2fc0x63fPNG image data, 61 x 61, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0068792995622264
            PNG0x129a93c0x5d5PNG image data, 61 x 60, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0073677160080374
            PNG0x129af140x1ad8bPNG image data, 558 x 419, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.996353318843611
            PNG0x12b5ca00x260PNG image data, 40 x 40, 8-bit colormap, non-interlacedEnglishGreat Britain1.018092105263158
            PNG0x12b5f000x27c6PNG image data, 95 x 95, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0010803378511097
            PNG0x12b86c80x4867PNG image data, 151 x 151, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0008632317237658
            PNG0x12bcf300x282PNG image data, 100 x 100, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.6417445482866043
            PNG0x12bd1b40x219PNG image data, 34 x 21, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0204841713221602
            PNG0x12bd3d00x8ddPNG image data, 80 x 81, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.004847950639048
            PNG0x12bdcb00x63cPNG image data, 80 x 80, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0068922305764412
            PNG0x12be2ec0xe79PNG image data, 113 x 113, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0029689608636978
            PNG0x12bf1680xa5ePNG image data, 40 x 40, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0041446872645063
            PNG0x12bfbc80xa0ePNG image data, 40 x 40, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0042735042735043
            PNG0x12c05d80x320PNG image data, 20 x 20, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.01375
            PNG0x12c08f80x440PNG image data, 24 x 24, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.010110294117647
            PNG0x12c0d380x7ccPNG image data, 33 x 33, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0055110220440882
            PNG0x12c15040xbfbPNG image data, 43 x 40, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.003586566677535
            PNG0x12c21000x29bPNG image data, 16 x 16, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0164917541229386
            PNG0x12c239c0x240PNG image data, 45 x 30, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0190972222222223
            PNG0x12c25dc0x334fPNG image data, 200 x 238, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.000685192234488
            PNG0x12c592c0x2716PNG image data, 158 x 188, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0010993403957626
            PNG0x12c80440x29d5PNG image data, 170 x 203, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0010271734055467
            PNG0x12caa1c0x100bPNG image data, 78 x 91, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0026783540297053
            PNG0x12cba280x17caPNG image data, 105 x 123, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0018062397372742
            PNG0x12cd1f40xfdb0PNG image data, 383 x 455, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9996150529687116
            PNG0x12dcfa40xd3d3PNG image data, 440 x 523, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9990410681026057
            PNG0x12ea3780x3f9PNG image data, 80 x 80, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0108161258603736
            PNG0x12ea7740xb3a1PNG image data, 1150 x 501, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9669892356203109
            PNG0x12f5b180x2aaPNG image data, 32 x 32, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0161290322580645
            PNG0x12f5dc40x954PNG image data, 100 x 100, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.004606365159129
            PNG0x12f67180x787PNG image data, 116 x 116, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.00570835495589
            PNG0x12f6ea00x56aPNG image data, 48 x 48, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.007936507936508
            PNG0x12f740c0xd28PNG image data, 116 x 116, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0032660332541568
            PNG0x12f81340x10ePNG image data, 14 x 11, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0407407407407407
            PNG0x12f82440x144PNG image data, 17 x 14, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0339506172839505
            PNG0x12f83880x187PNG image data, 22 x 18, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0281329923273657
            PNG0x12f85100x1d7PNG image data, 28 x 23, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0233545647558386
            PNG0x12f86e80xd1PNG image data, 11 x 9, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0287081339712918
            PNG0x12f87bc0xe42PNG image data, 80 x 80, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.003013698630137
            PNG0x12f96000x1471PNG image data, 116 x 116, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0021020447162239
            PNG0x12faa740x743PNG image data, 40 x 40, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0059171597633136
            PNG0x12fb1b80xcecPNG image data, 120 x 120, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9948609431680774
            PNG0x12fbea40x524PNG image data, 61 x 60, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0083586626139818
            PNG0x12fc3c80x68bPNG image data, 116 x 116, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9958208955223881
            PNG0x12fca540x6a8PNG image data, 116 x 116, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9865023474178404
            PNG0x12fd0fc0x3c0PNG image data, 32 x 32, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0114583333333333
            PNG0x12fd4bc0x2e9ePNG image data, 460 x 200, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9783810960281548
            PNG0x130035c0x2a3bPNG image data, 460 x 200, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9827028027009528
            PNG0x1302d980x7a43PNG image data, 1150 x 500, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9364835937250391
            PNG0x130a7dc0xd49PNG image data, 58 x 58, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0032343428403412
            PNG0x130b5280xdccPNG image data, 69 x 69, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.003114382785957
            PNG0x130c2f40x12bbPNG image data, 92 x 92, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0022940563086549
            PNG0x130d5b00x1b9fPNG image data, 115 x 115, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.001555649837364
            PNG0x130f1500x97dPNG image data, 46 x 46, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0045286125977768
            PNG0x130fad00x10dPNG image data, 12 x 12, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0148698884758365
            PNG0x130fbe00xffPNG image data, 12 x 12, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.011764705882353
            PNG0x130fce00x3a8PNG image data, 50 x 24, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0117521367521367
            PNG0x13100880x33bPNG image data, 50 x 24, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0133010882708586
            PNG0x13103c40x8a94PNG image data, 208 x 198, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.000591949486977
            PNG0x1318e580x7a12PNG image data, 426 x 262, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.900864
            PNG0x132086c0x453PNG image data, 19 x 19, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.009936766034327
            PNG0x1320cc00x5dfPNG image data, 23 x 23, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0073186959414504
            PNG0x13212a00x8cdPNG image data, 30 x 30, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0048823790501553
            PNG0x1321b700xd0aPNG image data, 38 x 38, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0032953864589575
            PNG0x132287c0x307PNG image data, 15 x 15, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0141935483870967
            PNG0x1322b840x6590PNG image data, 460 x 200, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9503461538461538
            PNG0x13291140x475dPNG image data, 122 x 115, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0008758005364278
            PNG0x132d8740x284bPNG image data, 207 x 53, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0010664081434804
            PNG0x13300c00x153PNG image data, 27 x 22, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0147492625368733
            PNG0x13302140x2a6PNG image data, 32 x 32, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0162241887905605
            PNG0x13304bc0x49aPNG image data, 20 x 20, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0093378607809846
            PNG0x13309580x5bfPNG image data, 24 x 24, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0074779061862678
            PNG0x1330f180x889PNG image data, 32 x 32, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0050343249427918
            PNG0x13317a40xbc3PNG image data, 40 x 40, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0036532713384259
            PNG0x13323680x345PNG image data, 16 x 16, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.013142174432497
            PNG0x13326b00x7bdPNG image data, 46 x 47, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.00555275113579
            PNG0x1332e700x9b4PNG image data, 120 x 120, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9887278582930756
            PNG0x13338240x176c5PNG image data, 641 x 481, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9903169656351299
            PNG0x134aeec0x28fPNG image data, 33 x 32, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.016793893129771
            PNG0x134b17c0x9c3PNG image data, 61 x 61, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0044017607042817
            PNG0x134bb400x1278PNG image data, 120 x 121, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.002326565143824
            PNG0x134cdb80x136bPNG image data, 120 x 121, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0022128344397505
            PNG0x134e1240x1ae5PNG image data, 313 x 133, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.00159767610748
            PNG0x134fc0c0x112bPNG image data, 218 x 100, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0025028441410695
            PNG0x1350d380x142ePNG image data, 253 x 118, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0021293070073558
            PNG0x13521680x235PNG image data, 33 x 32, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0194690265486726
            PNG0x13523a00x32dPNG image data, 100 x 100, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.7515375153751538
            PNG0x13526d00x2e36PNG image data, 95 x 95, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.000929839391378
            PNG0x13555080x559fPNG image data, 163 x 157, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0007299603084083
            PNG0x135aaa80x146fPNG image data, 100 x 100, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0021028484037469
            PNG0x135bf180x252PNG image data, 61 x 60, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0185185185185186
            PNG0x135c16c0x7692PNG image data, 635 x 346, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9722277129867563
            PNG0x13638000x4da3PNG image data, 1040 x 330, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9602515723270441
            PNG0x13685a40x343PNG image data, 64 x 65, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0131736526946107
            PNG0x13688e80x207PNG image data, 32 x 32, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0211946050096339
            PNG0x1368af00x22fPNG image data, 60 x 60, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0196779964221825
            PNG0x1368d200x1c6PNG image data, 29 x 29, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.024229074889868
            PNG0x1368ee80x194PNG image data, 20 x 14, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0272277227722773
            PNG0x136907c0x13f3PNG image data, 100 x 100, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0021539064029763
            PNG0x136a4700x13b9PNG image data, 120 x 111, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0021786492374727
            PNG0x136b82c0x464PNG image data, 33 x 32, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0097864768683273
            PNG0x136bc900xec3PNG image data, 116 x 116, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0029108229690393
            PNG0x136cb540x1454PNG image data, 118 x 121, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0021137586471944
            PNG0x136dfa80xd1bPNG image data, 87 x 88, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0032786885245901
            PNG0x136ecc40x595PNG image data, 20 x 20, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0076976906927921
            PNG0x136f25c0x720PNG image data, 24 x 24, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.006030701754386
            PNG0x136f97c0x900PNG image data, 32 x 32, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0047743055555556
            PNG0x137027c0xd3ePNG image data, 40 x 40, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.003244837758112
            PNG0x1370fbc0x459PNG image data, 16 x 16, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.009883198562444
            PNG0x13714180x38fPNG image data, 20 x 20, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0120746432491767
            PNG0x13717a80x482PNG image data, 24 x 24, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.009532062391681
            PNG0x1371c2c0x5e2PNG image data, 32 x 32, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0073041168658698
            PNG0x13722100x7dcPNG image data, 40 x 40, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0054671968190856
            PNG0x13729ec0x291PNG image data, 16 x 16, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0167427701674276
            PNG0x1372c800x1baPNG image data, 20 x 20, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0248868778280542
            PNG0x1372e3c0x1baPNG image data, 20 x 20, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0248868778280542
            PNG0x1372ff80x1c2PNG image data, 20 x 20, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0244444444444445
            PNG0x13731bc0x1c2PNG image data, 20 x 20, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0244444444444445
            PNG0x13733800x3969PNG image data, 425 x 222, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9865278628291488
            PNG0x1376cec0x368PNG image data, 30 x 30, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0126146788990826
            PNG0x13770540x2a1PNG image data, 199 x 32, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0163447251114412
            PNG0x13772f80x155PNG image data, 15 x 15, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.032258064516129
            PNG0x13774500x16cPNG image data, 18 x 18, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0302197802197801
            PNG0x13775bc0x1c3PNG image data, 24 x 24, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.024390243902439
            PNG0x13777800x20dPNG image data, 30 x 30, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.020952380952381
            PNG0x13779900xf8PNG image data, 12 x 12, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0443548387096775
            PNG0x1377a880x647PNG image data, 40 x 40, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0068450528935906
            PNG0x13780d00x5ebPNG image data, 59 x 58, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0072607260726072
            PNG0x13786bc0x26aPNG image data, 61 x 60, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0177993527508091
            PNG0x13789280x24aPNG image data, 61 x 60, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0187713310580204
            PNG0x1378b740x4dePNG image data, 61 x 60, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0088282504012842
            PNG0x13790540x25ePNG image data, 30 x 24, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.018151815181518
            PNG0x13792b40x34ePNG image data, 60 x 61, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0130023640661938
            PNG0x13796040x761PNG image data, 116 x 116, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0
            PNG0x1379d680xedePNG image data, 87 x 87, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0028901734104045
            PNG0x137ac480x101aPNG image data, 87 x 87, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.002668607472101
            PNG0x137bc640xe9bPNG image data, 87 x 87, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0029419630917358
            PNG0x137cb000x1108PNG image data, 87 x 87, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0025229357798164
            PNG0x137dc080xd63PNG image data, 87 x 87, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0032098044937263
            PNG0x137e96c0x10888PNG image data, 925 x 498, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.961901949202599
            PNG0x138f1f40x10b44PNG image data, 925 x 498, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9689125986553639
            PNG0x139fd380x44dPNG image data, 20 x 20, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0099909173478656
            PNG0x13a01880x5b9PNG image data, 24 x 24, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0075085324232083
            PNG0x13a07440x837PNG image data, 32 x 32, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0052306229196386
            PNG0x13a0f7c0xc26PNG image data, 40 x 40, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0035369774919614
            PNG0x13a1ba40x2faPNG image data, 16 x 16, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0144356955380578
            PNG0x13a1ea00x11b05PNG image data, 740 x 555, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9808841593860848
            PNG0x13b39a80x1a4PNG image data, 29 x 29, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.026190476190476
            PNG0x13b3b4c0xf7PNG image data, 31 x 31, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.008097165991903
            PNG0x13b3c440xfebPNG image data, 87 x 87, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0026993865030676
            PNG0x13b4c300x1e0PNG image data, 40 x 41, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0229166666666667
            PNG0x13b4e100x2b6PNG image data, 40 x 41, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.015850144092219
            PNG0x13b50c80x4b8PNG image data, 35 x 35, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0091059602649006
            PNG0x13b55800x558PNG image data, 42 x 42, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0080409356725146
            PNG0x13b5ad80x6a4PNG image data, 56 x 56, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0064705882352942
            PNG0x13b617c0x7f7PNG image data, 70 x 70, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0053948013732221
            PNG0x13b69740x3e5PNG image data, 28 x 28, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0110330992978938
            PNG0x13b6d5c0x274PNG image data, 40 x 40, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.017515923566879
            PNG0x13b6fd00x12114PNG image data, 780 x 518, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9719744878655208
            PNG0x13c90e40xcf35PNG image data, 793 x 483, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9669148835894052
            PNG0x13d601c0xb9c4PNG image data, 843 x 468, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9459584489864581
            PNG0x13e19e00xbe2dPNG image data, 843 x 435, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.968758344459279
            PNG0x13ed8100x5e5aPNG image data, 808 x 450, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.8673097623582016
            PNG0x13f366c0x2d68PNG image data, 95 x 95, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0009463179628355
            PNG0x13f63d40x56acPNG image data, 163 x 163, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0007211105101856
            PNG0x13fba800xb83PNG image data, 100 x 101, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.003732609433322
            PNG0x13fc6040xa11PNG image data, 100 x 101, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.004268529297633
            PNG0x13fd0180xe1aPNG image data, 100 x 101, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0030470914127423
            PNG0x13fde340xd77PNG image data, 88 x 88, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0031911807368727
            PNG0x13febac0xd26PNG image data, 97 x 97, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0032679738562091
            PNG0x13ff8d40x15c3PNG image data, 100 x 101, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0019745108598097
            PNG0x1400e980x1393PNG image data, 97 x 97, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.002195170624626
            PNG0x140222c0x36fPNG image data, 33 x 32, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.012514220705347
            PNG0x140259c0x941PNG image data, 120 x 120, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9983115238497257
            PNG0x1402ee00x9d1PNG image data, 100 x 89, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0043772383605252
            PNG0x14038b40xe5fPNG image data, 116 x 116, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0029899429192715
            PNG0x14047140x911PNG image data, 58 x 58, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.004739336492891
            PNG0x14050280x6d9PNG image data, 60 x 61, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0062749572162009
            PNG0x14057040x703PNG image data, 61 x 61, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0061281337047354
            PNG0x1405e080x379PNG image data, 37 x 36, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0123734533183353
            PNG0x14061840x445PNG image data, 48 x 48, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.010064043915828
            PNG0x14065cc0x623PNG image data, 72 x 72, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0070019096117122
            PNG0x1406bf00x80fPNG image data, 96 x 96, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0053320407174018
            PNG0x14074000x250PNG image data, 24 x 24, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0185810810810811
            PNG0x14076500x6b90PNG image data, 1027 x 421, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9461795467751307
            PNG0x140e1e00x138PNG image data, 20 x 177, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9102564102564102
            PNG0x140e3180x147PNG image data, 20 x 232, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.8623853211009175
            PNG0x140e4600x572PNG image data, 80 x 80, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0078909612625537
            PNG0x140e9d40x5fcPNG image data, 80 x 80, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0071801566579635
            PNG0x140efd00x67dPNG image data, 81 x 81, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0066225165562914
            PNG0x140f6500x80cPNG image data, 151 x 151, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.996116504854369
            PNG0x140fe5c0x975PNG image data, 151 x 151, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9983477901693515
            PNG0x14107d40x9fbPNG image data, 151 x 151, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9980430528375733
            PNG0x14111d00xdbPNG image data, 33 x 21, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9954337899543378
            PNG0x14112ac0x10aPNG image data, 41 x 26, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0150375939849625
            PNG0x14113b80x1e0PNG image data, 32 x 32, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0229166666666667
            PNG0x14115980x1e6bPNG image data, 460 x 161, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9922948503916784
            PNG0x14134040x1d12PNG image data, 460 x 161, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9963719430260682
            PNG0x14151180xc49PNG image data, 80 x 80, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0034976152623212
            PNG0x1415d640x184PNG image data, 44 x 19, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0283505154639174
            PNG0x1415ee80x11dPNG image data, 15 x 17, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0210526315789474
            PNG0x14160080x371PNG image data, 30 x 29, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0124858115777526
            PNG0x141637c0x371PNG image data, 30 x 29, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0124858115777526
            PNG0x14166f00x29cPNG image data, 29 x 29, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0164670658682635
            PNG0x141698c0x339PNG image data, 40 x 40, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0133333333333334
            PNG0x1416cc80xd90PNG image data, 90 x 93, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0031682027649769
            PNG0x1417a580x195ePNG image data, 100 x 100, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.001693871265784
            PNG0x14193b80x415PNG image data, 20 x 20, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0105263157894737
            PNG0x14197d00x530PNG image data, 24 x 24, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0082831325301205
            PNG0x1419d000x732PNG image data, 32 x 32, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.005971769815418
            PNG0x141a4340x92aPNG image data, 40 x 40, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.004688832054561
            PNG0x141ad600x311PNG image data, 16 x 16, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0140127388535032
            PNG0x141b0740x2733PNG image data, 553 x 241, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.977179870453413
            PNG0x141d7a80x299ePNG image data, 460 x 201, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.977191665102309
            PNG0x14201480xf53PNG image data, 87 x 88, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0028039765485597
            PNG0x142109c0x874PNG image data, 39 x 46, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.005083179297597
            PNG0x14219100xaa2PNG image data, 47 x 56, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0040411462160177
            PNG0x14223b40xe19PNG image data, 62 x 74, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.003047935716265
            PNG0x14231d00x1279PNG image data, 78 x 93, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.002326073165574
            PNG0x142444c0x66fPNG image data, 31 x 37, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0066788099574986
            PNG0x1424abc0x24c1PNG image data, 95 x 95, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0011690934211925
            PNG0x1426f800x47c5PNG image data, 163 x 158, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0008708430849615
            PNG0x142b7480x3322PNG image data, 125 x 125, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0000763941940412
            PNG0x142ea6c0x40c9PNG image data, 150 x 150, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9990352728369009
            PNG0x1432b380x5457PNG image data, 200 x 200, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.998517900977259
            PNG0x1437f900x815dPNG image data, 250 x 250, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9968596189268352
            PNG0x14400f00x21caPNG image data, 100 x 100, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.001271676300578
            PNG0x14422bc0xa89PNG image data, 64 x 65, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.004078605858361
            PNG0x1442d480x1aaPNG image data, 32 x 32, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0258215962441315
            PNG0x1442ef40x13a1PNG image data, 135 x 135, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.002189054726368
            PNG0x14442980x509PNG image data, 18 x 26, 8-bit/color RGBA, interlacedEnglishGreat Britain1.008533747090768
            PNG0x14447a40x53ePNG image data, 21 x 32, 8-bit/color RGBA, interlacedEnglishGreat Britain1.0081967213114753
            PNG0x1444ce40x648PNG image data, 28 x 42, 8-bit/color RGBA, interlacedEnglishGreat Britain1.0068407960199004
            PNG0x144532c0x86cPNG image data, 35 x 53, 8-bit/color RGBA, interlacedEnglishGreat Britain1.0051020408163265
            PNG0x1445b980x394PNG image data, 14 x 21, 8-bit/color RGBA, interlacedEnglishGreat Britain1.012008733624454
            PNG0x1445f2c0x116PNG image data, 900 x 3, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9892086330935251
            PNG0x14460440x263PNG image data, 30 x 31, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0180032733224222
            PNG0x14462a80x1ca6PNG image data, 305 x 228, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9269157349331879
            PNG0x1447f500x2f41PNG image data, 98 x 95, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.000909316359428
            PNG0x144ae940x5ae9PNG image data, 163 x 158, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0006874919434539
            PNG0x14509800x3e4PNG image data, 65 x 65, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0110441767068272
            PNG0x1450d640x6f2PNG image data, 61 x 61, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0061867266591675
            PNG0x14514580x28ePNG image data, 24 x 24, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0168195718654434
            PNG0x14516e80x79PNG image data, 10 x 1, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9586776859504132
            PNG0x14517640x802PNG image data, 58 x 59, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0053658536585366
            PNG0x1451f680x325PNG image data, 40 x 40, 8-bit/color RGB, non-interlacedEnglishGreat Britain1.013664596273292
            PNG0x14522900x1cd8PNG image data, 460 x 161, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9958017334777898
            PNG0x1453f680x2c9PNG image data, 64 x 65, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9761570827489481
            PNG0x14542340x3c3PNG image data, 64 x 65, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.011422637590862
            PNG0x14545f80x80fPNG image data, 87 x 87, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0053320407174018
            PNG0x1454e080x81ePNG image data, 357 x 101, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.005293551491819
            PNG0x14556280x48aPNG image data, 175 x 89, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0094664371772806
            PNG0x1455ab40x22ePNG image data, 32 x 32, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0197132616487454
            PNG0x1455ce40x340PNG image data, 32 x 32, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0132211538461537
            PNG0x14560240x5437PNG image data, 601 x 303, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9858063917621411
            PNG0x145b45c0x367PNG image data, 20 x 20, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0126291618828933
            PNG0x145b7c40x4adPNG image data, 24 x 24, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.009189640768588
            PNG0x145bc740x89cPNG image data, 33 x 33, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0049909255898366
            PNG0x145c5100xd7ePNG image data, 43 x 40, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0031847133757963
            PNG0x145d2900x2c9PNG image data, 16 x 16, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0154277699859748
            PNG0x145d55c0x57d5PNG image data, 875 x 359, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9641538803646875
            PNG0x1462d340x377PNG image data, 58 x 51, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.012401352874859
            PNG0x14630ac0x58aPNG image data, 58 x 51, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0077574047954867
            PNG0x14636380x50cPNG image data, 61 x 61, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.008513931888545
            PNG0x1463b440x37d8PNG image data, 1150 x 501, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9017207610520426
            PNG0x146731c0x184PNG image data, 32 x 32, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0231958762886597
            PNG0x14674a00x230PNG image data, 32 x 32, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.019642857142857
            PNG0x14676d00x960PNG image data, 43 x 38, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0045833333333334
            PNG0x14680300x1452PNG image data, 123 x 142, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0021145713187236
            PNG0x14694840x2b4dPNG image data, 95 x 95, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0009923319801535
            PNG0x146bfd40x4974PNG image data, 151 x 151, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0008508827908955
            PNG0x14709480x11f29PNG image data, 615 x 387, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9874171915171466
            PNG0x14828740x6e30PNG image data, 1104 x 481, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9422504254112308
            PNG0x14896a40x145bfPNG image data, 741 x 554, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9785228621793719
            PNG0x149dc640xa8f3PNG image data, 1105 x 481, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9715613511826316
            PNG0x14a85580x3839PNG image data, 1105 x 481, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9046758841103314
            PNG0x14abd940xdab6PNG image data, 1104 x 481, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9766565458117521
            PNG0x14b984c0x51ePNG image data, 21 x 21, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0083969465648854
            PNG0x14b9d6c0x6f1PNG image data, 26 x 26, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0061902082160945
            PNG0x14ba4600x8a6PNG image data, 34 x 34, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0049683830171634
            PNG0x14bad080xe78PNG image data, 43 x 43, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0029697624190064
            PNG0x14bbb800x39cPNG image data, 17 x 17, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0119047619047619
            PNG0x14bbf1c0x3d6PNG image data, 20 x 20, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0112016293279023
            PNG0x14bc2f40x4d5PNG image data, 24 x 24, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0088924818108327
            PNG0x14bc7cc0x69fPNG image data, 32 x 32, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0064896755162243
            PNG0x14bce6c0x887PNG image data, 40 x 40, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0050389372423272
            PNG0x14bd6f40x2e1PNG image data, 16 x 16, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0149253731343284
            PNG0x14bd9d80x1d53PNG image data, 460 x 161, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9928067137338484
            PNG0x14bf72c0x75bPNG image data, 48 x 48, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0058417419012216
            PNG0x14bfe880x26cPNG image data, 40 x 40, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.017741935483871
            PNG0x14c00f40x2aePNG image data, 39 x 39, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0160349854227406
            PNG0x14c03a40x1caPNG image data, 14 x 14, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0240174672489082
            PNG0x14c05700x235PNG image data, 17 x 17, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0194690265486726
            PNG0x14c07a80x251PNG image data, 22 x 22, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0185497470489038
            PNG0x14c09fc0x383PNG image data, 28 x 28, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0122358175750834
            PNG0x14c0d800x157PNG image data, 11 x 11, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.032069970845481
            PNG0x14c0ed80x474PNG image data, 41 x 40, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0096491228070175
            PNG0x14c134c0x6e9PNG image data, 80 x 80, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0062182023742228
            PNG0x14c1a380x8e0PNG image data, 116 x 116, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0048415492957747
            PNG0x14c23180x704PNG image data, 96 x 96, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0061247216035634
            PNG0x14c2a1c0x6c6PNG image data, 87 x 87, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0063437139561706
            PNG0x14c30e40x29cPNG image data, 29 x 29, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0164670658682635
            PNG0x14c33800x517PNG image data, 33 x 32, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0084420567920185
            PNG0x14c38980x137dPNG image data, 118 x 118, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0022048506714774
            PNG0x14c4c180x9bePNG image data, 45 x 56, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0044105854049719
            PNG0x14c55d80x210PNG image data, 32 x 32, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0208333333333333
            PNG0x14c57e80x399PNG image data, 33 x 32, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.011943539630836
            PNG0x14c5b840xf867PNG image data, 565 x 297, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9984589014168672
            PNG0x14d53ec0x22d6PNG image data, 125 x 125, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0012334604171338
            PNG0x14d76c40x2bbaPNG image data, 150 x 150, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9997319992853314
            PNG0x14da2800x3832PNG image data, 200 x 200, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9958292784651744
            PNG0x14ddab40x5026PNG image data, 250 x 250, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9962471975826104
            PNG0x14e2adc0x1fefPNG image data, 90 x 90, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0013455657492354
            PNG0x14e4acc0x196bPNG image data, 88 x 88, 8-bit/color RGBA, interlacedEnglishGreat Britain1.0016904871676655
            PNG0x14e64380x1f1fPNG image data, 105 x 105, 8-bit/color RGBA, interlacedEnglishGreat Britain1.0013806953683946
            PNG0x14e83580x2a2cPNG image data, 140 x 140, 8-bit/color RGBA, interlacedEnglishGreat Britain1.0010188958873656
            PNG0x14ead840x365cPNG image data, 175 x 175, 8-bit/color RGBA, interlacedEnglishGreat Britain1.0007904570278816
            PNG0x14ee3e00x130dPNG image data, 70 x 70, 8-bit/color RGBA, interlacedEnglishGreat Britain1.0022554849292598
            PNG0x14ef6f00x1938PNG image data, 100 x 100, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0017038413878563
            PNG0x14f10280x3dfPNG image data, 58 x 59, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0110998990918265
            PNG0x14f14080x272PNG image data, 42 x 42, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0175718849840256
            PNG0x14f167c0x8730PNG image data, 920 x 401, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9569174757281553
            PNG0x14f9dac0x30c6PNG image data, 461 x 202, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9646804420951466
            PNG0x14fce740x12aePNG image data, 113 x 131, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0023002927645337
            PNG0x14fe1240x1b28PNG image data, 340 x 20, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0015822784810127
            PNG0x14ffc4c0x715PNG image data, 84 x 42, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0060672917815774
            PNG0x15003640xedcPNG image data, 87 x 88, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0028916929547844
            PNG0x15012400x9d2PNG image data, 59 x 59, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0043754972155927
            PNG0x1501c140x2f1PNG image data, 64 x 65, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0146082337317397
            PNG0x1501f080x51bPNG image data, 81 x 82, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.008416220351951
            PNG0x15024240x42fPNG image data, 48 x 48, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0102707749766573
            PNG0x15028540x1fbPNG image data, 21 x 21, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0216962524654833
            PNG0x1502a500x229PNG image data, 26 x 26, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0198915009041591
            PNG0x1502c7c0x2a2PNG image data, 34 x 34, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0163204747774481
            PNG0x1502f200x2e8PNG image data, 43 x 43, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0147849462365592
            PNG0x15032080x19dPNG image data, 17 x 17, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.026634382566586
            PNG0x15033a80x20cdPNG image data, 460 x 200, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9799928545909253
            PNG0x15054780x423aPNG image data, 460 x 200, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9866698124336439
            PNG0x15096b40x10dePNG image data, 99 x 99, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0025474756831867
            PNG0x150a7940x3edPNG image data, 50 x 24, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0109452736318407
            PNG0x150ab840x38cPNG image data, 50 x 24, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0121145374449338
            PNG0x150af100x4c0PNG image data, 20 x 20, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.009046052631579
            PNG0x150b3d00x64dPNG image data, 24 x 24, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0068195908245505
            PNG0x150ba200xa2bPNG image data, 32 x 32, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0042258932001538
            PNG0x150c44c0xf05PNG image data, 40 x 40, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0028608582574772
            PNG0x150d3540x36aPNG image data, 16 x 16, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0125858123569793
            PNG0x150d6c00xaf91PNG image data, 1151 x 500, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9652686616976305
            PNG0x15186540x3ed6PNG image data, 460 x 200, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9801690911351486
            PNG0x151c52c0x19e1ePNG image data, 641 x 481, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9901899749089743
            PNG0x153634c0x25dPNG image data, 18 x 18, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.018181818181818
            PNG0x15365ac0x3a6PNG image data, 26 x 26, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.011777301927195
            PNG0x15369540x4d2PNG image data, 60 x 61, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0089141004862237
            PNG0x1536e280x60bPNG image data, 121 x 120, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9541047188106012
            PNG0x15374340xd742PNG image data, 641 x 481, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.980637317170544
            PNG0x1544b780x11ccPNG image data, 100 x 100, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.002414398595259
            PNG0x1545d440x1614PNG image data, 78 x 98, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0019462137296533
            PNG0x15473580xd95PNG image data, 87 x 99, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.003163646821973
            PNG0x15480f00xe88PNG image data, 116 x 116, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0029569892473118
            PNG0x1548f780xc52PNG image data, 96 x 96, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0034876347495245
            PNG0x1549bcc0xc26PNG image data, 87 x 88, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0035369774919614
            PNG0x154a7f40x80cPNG image data, 61 x 61, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0053398058252427
            PNG0x154b0000x7dfPNG image data, 60 x 60, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0054590570719604
            PNG0x154b7e00x4ccPNG image data, 61 x 61, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.008957654723127
            PNG0x154bcac0x4e8PNG image data, 41 x 40, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0087579617834395
            PNG0x154c1940x9aaPNG image data, 40 x 40, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0044462409054162
            PNG0x154cb400xc8dPNG image data, 81 x 80, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0034235916588858
            PNG0x154d7d00x7abPNG image data, 61 x 60, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0056036678553235
            PNG0x154df7c0x73cPNG image data, 61 x 61, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.005939524838013
            PNG0x154e6b80x961PNG image data, 165 x 73, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0045814244064972
            PNG0x154f01c0x16aPNG image data, 14 x 14, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0303867403314917
            PNG0x154f1880x190PNG image data, 17 x 17, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0275
            PNG0x154f3180x167PNG image data, 22 x 22, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0306406685236769
            PNG0x154f4800x22dPNG image data, 28 x 28, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0197486535008977
            PNG0x154f6b00xdcPNG image data, 11 x 11, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0363636363636364
            PNG0x154f78c0x2015PNG image data, 200 x 201, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0013393400706196
            PNG0x15517a40x10e7PNG image data, 78 x 79, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0025421770279639
            PNG0x155288c0x149aPNG image data, 93 x 95, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0020857034508912
            PNG0x1553d280x1b06PNG image data, 124 x 126, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0015900549291703
            PNG0x15558300x25b8PNG image data, 155 x 158, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0011391880695941
            PNG0x1557de80xc1ePNG image data, 62 x 63, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.00354609929078
            PNG0x1558a080xaf7PNG image data, 120 x 120, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0039187744923406
            PNG0x15595000x21aaPNG image data, 460 x 200, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9727314922255744
            PNG0x155b6ac0x2e0PNG image data, 32 x 32, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.014945652173913
            PNG0x155b98c0x15b1PNG image data, 70 x 90, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0019809112191609
            PNG0x155cf400xd951PNG image data, 581 x 435, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9871838656912264
            PNG0x156a8940x750PNG image data, 64 x 65, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0058760683760684
            PNG0x156afe40x1a4fPNG image data, 100 x 100, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0016332590942836
            PNG0x156ca340x23c2PNG image data, 83 x 103, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0012016604762946
            PNG0x156edf80x2e4PNG image data, 51 x 50, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0148648648648648
            PNG0x156f0dc0xc8fPNG image data, 87 x 87, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.003421461897356
            PNG0x156fd6c0x36cPNG image data, 23 x 23, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0125570776255708
            PNG0x15700d80x3d5PNG image data, 27 x 27, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0112130479102956
            PNG0x15704b00x4cfPNG image data, 36 x 36, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0089358245329
            PNG0x15709800x695PNG image data, 45 x 45, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0065281899109793
            PNG0x15710180x237PNG image data, 18 x 18, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0194003527336861
            PNG0x15712500x27667PNG image data, 375 x 376, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0003470006134476
            PNG0x15988b80x608PNG image data, 81 x 80, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0071243523316062
            PNG0x1598ec00x16153PNG image data, 375 x 376, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9995688273208698
            PNG0x15af0140x728PNG image data, 81 x 80, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0060043668122272
            PNG0x15af73c0x8cc1PNG image data, 375 x 376, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9971692615102823
            PNG0x15b84000x771PNG image data, 81 x 80, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.005774278215223
            PNG0x15b8b740x9fadPNG image data, 375 x 376, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9994862636690559
            PNG0x15c2b240x340PNG image data, 41 x 41, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0132211538461537
            PNG0x15c2e640x662PNG image data, 96 x 96, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0067319461444308
            PNG0x15c34c80x35fPNG image data, 59 x 59, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0127462340672073
            PNG0x15c38280x10dPNG image data, 15 x 15, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0408921933085502
            PNG0x15c39380x122PNG image data, 18 x 18, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0379310344827586
            PNG0x15c3a5c0x51ePNG image data, 44 x 44, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0083969465648854
            PNG0x15c3f7c0x178PNG image data, 24 x 24, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0292553191489362
            PNG0x15c40f40x1b0PNG image data, 30 x 30, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.025462962962963
            PNG0x15c42a40x4023PNG image data, 1151 x 500, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9058407942018394
            PNG0x15c82c80xc5PNG image data, 12 x 12, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0304568527918783
            PNG0x15c83900xc54PNG image data, 55 x 56, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0034854245880862
            PNG0x15c8fe40xf01PNG image data, 66 x 68, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0028638375423067
            PNG0x15c9ee80x1486PNG image data, 88 x 90, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0020936429387133
            PNG0x15cb3700x1a92PNG image data, 110 x 113, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0016171714201705
            PNG0x15cce040x8faPNG image data, 44 x 45, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.004786771105309
            PNG0x15cd7000x5f5PNG image data, 60 x 60, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0072131147540984
            PNG0x15cdcf80xab6PNG image data, 80 x 81, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0040116703136397
            PNG0x15ce7b00x375PNG image data, 60 x 60, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0124293785310734
            PNG0x15ceb280x170bbPNG image data, 925 x 498, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9793950950791885
            PNG0x15e5be40x706PNG image data, 64 x 65, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0061179087875418
            PNG0x15e62ec0x262PNG image data, 83 x 84, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.8442622950819673
            PNG0x15e65500x24aPNG image data, 81 x 80, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.8156996587030717
            PNG0x15e679c0x26ePNG image data, 45 x 45, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.017684887459807
            PNG0x15e6a0c0x1b6PNG image data, 45 x 46, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0251141552511416
            PNG0x15e6bc40x272PNG image data, 46 x 48, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0175718849840256
            PNG0x15e6e380x1e2PNG image data, 46 x 48, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0228215767634854
            PNG0x15e701c0x266PNG image data, 23 x 23, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.017915309446254
            PNG0x15e72840x2c9PNG image data, 28 x 28, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0154277699859748
            PNG0x15e75500x386PNG image data, 37 x 37, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0121951219512195
            PNG0x15e78d80x470PNG image data, 46 x 46, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0096830985915493
            PNG0x15e7d480x1f4PNG image data, 18 x 18, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.022
            PNG0x15e7f3c0x72dPNG image data, 61 x 60, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0059880239520957
            PNG0x15e866c0x804PNG image data, 61 x 61, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0053606237816763
            PNG0x15e8e700x83e6PNG image data, 460 x 200, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9396434283006575
            PNG0x15f12580x892PNG image data, 40 x 40, 8-bit/color RGB, non-interlacedEnglishGreat Britain1.0050136736554238
            PNG0x15f1aec0x10dPNG image data, 40 x 32, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0
            PNG0x15f1bfc0x1e0PNG image data, 50 x 40, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0041666666666667
            PNG0x15f1ddc0x17dPNG image data, 60 x 48, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.979002624671916
            PNG0x15f1f5c0x165PNG image data, 80 x 64, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.7703081232492998
            PNG0x15f20c40x20ePNG image data, 100 x 80, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.8098859315589354
            PNG0x15f22d40x10dPNG image data, 40 x 32, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0
            PNG0x15f23e40x1efPNG image data, 50 x 40, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0121212121212122
            PNG0x15f25d40x1baPNG image data, 60 x 48, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9932126696832579
            PNG0x15f27900x165PNG image data, 80 x 64, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.7675070028011205
            PNG0x15f28f80x20bPNG image data, 100 x 80, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.8107074569789675
            PNG0x15f2b040x1fbdPNG image data, 88 x 88, 8-bit/color RGBA, interlacedEnglishGreat Britain1.0013538461538463
            PNG0x15f4ac40x26aePNG image data, 105 x 105, 8-bit/color RGBA, interlacedEnglishGreat Britain1.0011108866895577
            PNG0x15f71740x367aPNG image data, 140 x 140, 8-bit/color RGBA, interlacedEnglishGreat Britain1.0007887566327263
            PNG0x15fa7f00x4868PNG image data, 175 x 175, 8-bit/color RGBA, interlacedEnglishGreat Britain1.0008631851532153
            PNG0x15ff0580x17c2PNG image data, 70 x 70, 8-bit/color RGBA, interlacedEnglishGreat Britain1.0018086155869779
            PNG0x160081c0xfebePNG image data, 925 x 498, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9718158677584567
            PNG0x16106dc0x36faPNG image data, 460 x 200, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9881341480744635
            PNG0x1613dd80x2badPNG image data, 460 x 200, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9757624541633128
            PNG0x16169880x79a8PNG image data, 921 x 401, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9704276907269458
            PNG0x161e3300x1a64PNG image data, 201 x 201, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9989638839550029
            PNG0x161fd940xce4PNG image data, 96 x 96, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0033333333333334
            PNG0x1620a780x631PNG image data, 48 x 48, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0069400630914827
            PNG0x16210ac0x5cdPNG image data, 20 x 20, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0074074074074073
            PNG0x162167c0x6aaPNG image data, 24 x 24, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0064478311840563
            PNG0x1621d280x7b1PNG image data, 32 x 32, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.005586592178771
            PNG0x16224dc0x71aPNG image data, 40 x 40, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.006050605060506
            PNG0x1622bf80x497PNG image data, 16 x 16, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0093617021276595
            PNG0x16230900x56cePNG image data, 425 x 223, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.998739987399874
            PNG0x16287600x68a7PNG image data, 510 x 267, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9916389832406405
            PNG0x162f0080x8e94PNG image data, 680 x 356, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9783561643835617
            PNG0x1637e9c0xbf8cPNG image data, 850 x 445, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9634350273268619
            PNG0x1643e280x3e17PNG image data, 340 x 178, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0006920415224914
            PNG0x1647c400x59a5PNG image data, 576 x 260, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9837029935944921
            PNG0x164d5e80xfePNG image data, 33 x 28, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0
            PNG0x164d6e80x18fPNG image data, 19 x 18, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0275689223057645
            PNG0x164d8780x238PNG image data, 19 x 18, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0193661971830985
            PNG0x164dab00x5059PNG image data, 205 x 45, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.996159268802567
            PNG0x1652b0c0x219PNG image data, 19 x 18, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0204841713221602
            PNG0x1652d280x258PNG image data, 19 x 18, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0183333333333333
            PNG0x1652f800x106PNG image data, 24 x 24, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0076335877862594
            PNG0x16530880x358PNG image data, 40 x 40, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0128504672897196
            PNG0x16533e00x145PNG image data, 24 x 24, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0184615384615385
            PNG0x16535280x1a2PNG image data, 24 x 24, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0263157894736843
            PNG0x16536cc0x15aPNG image data, 24 x 24, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0173410404624277
            PNG0x16538280x114ePNG image data, 49 x 46, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0024830699774265
            PNG0x16549780x18a8PNG image data, 61 x 57, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.001742712294043
            PNG0x16562200x1e62PNG image data, 73 x 69, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.001414245307277
            PNG0x16580840x30a5PNG image data, 98 x 92, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.000883321288043
            PNG0x165b12c0x475dPNG image data, 122 x 115, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0008758005364278
            PNG0x165f88c0x6328PNG image data, 206 x 48, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.44425622439331863
            PNG0x1665bb40x608PNG image data, 60 x 60, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0071243523316062
            PNG0x16661bc0x801PNG image data, 60 x 60, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0053684724255734
            PNG0x16669c00x782PNG image data, 60 x 60, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.005723204994797
            PNG0x16671440x7c3PNG image data, 60 x 60, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0055359838953195
            PNG0x16679080x210PNG image data, 24 x 24, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0208333333333333
            PNG0x1667b180x278PNG image data, 31 x 31, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0174050632911393
            PNG0x1667d900x2f1PNG image data, 37 x 36, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0146082337317397
            PNG0x16680840x3d0PNG image data, 48 x 48, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0112704918032787
            PNG0x16684540x4e4PNG image data, 61 x 60, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0087859424920127
            PNG0x16689380x1bfPNG image data, 24 x 24, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0246085011185682
            PNG0x1668af80x1fcPNG image data, 31 x 30, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0216535433070866
            PNG0x1668cf40x254PNG image data, 36 x 36, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0184563758389262
            PNG0x1668f480x323PNG image data, 48 x 48, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0136986301369864
            PNG0x166926c0x3f0PNG image data, 60 x 60, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0109126984126984
            PNG0x166965c0x21ePNG image data, 24 x 24, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0202952029520296
            PNG0x166987c0x28ePNG image data, 31 x 31, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0168195718654434
            PNG0x1669b0c0x319PNG image data, 37 x 37, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0138713745271122
            PNG0x1669e280x400PNG image data, 48 x 48, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0107421875
            PNG0x166a2280x4d2PNG image data, 61 x 61, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0089141004862237
            PNG0x166a6fc0x3b6PNG image data, 37 x 37, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0115789473684211
            PNG0x166aab40x4bePNG image data, 47 x 46, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0090609555189456
            PNG0x166af740x597PNG image data, 56 x 56, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0076869322152342
            PNG0x166b50c0x699PNG image data, 74 x 74, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0065127294256957
            PNG0x166bba80x98fPNG image data, 92 x 92, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0044953003677972
            PNG0x166c5380x1b8PNG image data, 24 x 24, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.025
            PNG0x166c6f00x220PNG image data, 31 x 30, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0202205882352942
            PNG0x166c9100x24dPNG image data, 36 x 36, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0186757215619695
            PNG0x166cb600x306PNG image data, 48 x 48, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0142118863049097
            PNG0x166ce680x3baPNG image data, 60 x 60, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0115303983228512
            PNG0x166d2240x3f16PNG image data, 490 x 270, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9763467492260062
            PNG0x167113c0x7b96PNG image data, 205 x 257, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9983564068525191
            PNG0x1678cd40x13dPNG image data, 16 x 16, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.003154574132492
            PNG0x1678e140x167PNG image data, 20 x 20, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0139275766016713
            PNG0x1678f7c0x182PNG image data, 24 x 24, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0129533678756477
            PNG0x16791000x197PNG image data, 32 x 32, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0171990171990173
            PNG0x16792980x213PNG image data, 40 x 40, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0207156308851224
            PNG0x16794ac0x28aPNG image data, 32 x 32, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0169230769230768
            PNG0x16797380x330PNG image data, 41 x 41, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0134803921568627
            PNG0x1679a680x371PNG image data, 48 x 48, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0124858115777526
            PNG0x1679ddc0x4d4PNG image data, 65 x 65, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0088996763754046
            PNG0x167a2b00x5e1PNG image data, 80 x 80, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0073089700996678
            PNG0x167a8940x41dPNG image data, 50 x 50, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0104463437796771
            PNG0x167acb40x4fbPNG image data, 60 x 60, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.008627450980392
            PNG0x167b1b00x6b0PNG image data, 80 x 80, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0064252336448598
            PNG0x167b8600x896PNG image data, 100 x 100, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0050045495905369
            PNG0x167c0f80x111PNG image data, 31 x 31, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0073260073260073
            PNG0x167c20c0x19cPNG image data, 36 x 37, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0266990291262137
            PNG0x167c3a80x1ecPNG image data, 48 x 48, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.983739837398374
            PNG0x167c5940x225PNG image data, 60 x 61, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.010928961748634
            PNG0x167c7bc0x11ePNG image data, 31 x 31, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.006993006993007
            PNG0x167c8dc0x14ePNG image data, 37 x 37, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0149700598802396
            PNG0x167ca2c0x196PNG image data, 48 x 48, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9901477832512315
            PNG0x167cbc40x1f4PNG image data, 61 x 61, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.012
            PNG0x167cdb80x202PNG image data, 31 x 31, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0214007782101167
            PNG0x167cfbc0x27cPNG image data, 36 x 37, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0172955974842768
            PNG0x167d2380x31aPNG image data, 48 x 48, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.013853904282116
            PNG0x167d5540x40cPNG image data, 60 x 61, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0106177606177607
            PNG0x167d9600x196PNG image data, 31 x 31, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0270935960591132
            PNG0x167daf80x1daPNG image data, 36 x 36, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0232067510548524
            PNG0x167dcd40x230PNG image data, 48 x 48, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.019642857142857
            PNG0x167df040x2c3PNG image data, 60 x 60, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0155586987270155
            PNG0x167e1c80x1f4PNG image data, 18 x 18, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.022
            PNG0x167e3bc0x266PNG image data, 23 x 23, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.017915309446254
            PNG0x167e6240x2c9PNG image data, 28 x 28, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0154277699859748
            PNG0x167e8f00x386PNG image data, 37 x 37, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0121951219512195
            PNG0x167ec780x470PNG image data, 46 x 46, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0096830985915493
            PNG0x167f0e80x10dPNG image data, 40 x 32, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0
            PNG0x167f1f80x1efPNG image data, 50 x 40, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0121212121212122
            PNG0x167f3e80x1baPNG image data, 60 x 48, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9932126696832579
            PNG0x167f5a40x165PNG image data, 80 x 64, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.7675070028011205
            PNG0x167f70c0x20bPNG image data, 100 x 80, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.8107074569789675
            PNG0x167f9180x10dPNG image data, 40 x 32, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0
            PNG0x167fa280x1e0PNG image data, 50 x 40, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0041666666666667
            PNG0x167fc080x17dPNG image data, 60 x 48, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.979002624671916
            PNG0x167fd880x165PNG image data, 80 x 64, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.7703081232492998
            PNG0x167fef00x20ePNG image data, 100 x 80, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.8098859315589354
            PNG0x16801000xf3PNG image data, 40 x 32, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9794238683127572
            PNG0x16801f40xfaPNG image data, 50 x 40, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.948
            PNG0x16802f00x119PNG image data, 60 x 48, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9466192170818505
            PNG0x168040c0x14bPNG image data, 80 x 64, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.7190332326283988
            PNG0x16805580x17ePNG image data, 100 x 80, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.6544502617801047
            PNG0x16806d80xefPNG image data, 40 x 32, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9832635983263598
            PNG0x16807c80xfePNG image data, 50 x 40, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9803149606299213
            PNG0x16808c80x11aPNG image data, 60 x 48, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9680851063829787
            PNG0x16809e40x14fPNG image data, 80 x 64, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.7194029850746269
            PNG0x1680b340x181PNG image data, 100 x 80, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.6311688311688312
            PNG0x1680cb80x105PNG image data, 40 x 32, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9693486590038314
            PNG0x1680dc00x115PNG image data, 50 x 40, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0
            PNG0x1680ed80x122PNG image data, 60 x 48, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9896551724137931
            PNG0x1680ffc0x16cPNG image data, 80 x 64, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.8159340659340659
            PNG0x16811680x1a1PNG image data, 100 x 80, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.7553956834532374
            PNG0x168130c0x103PNG image data, 40 x 32, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.972972972972973
            PNG0x16814100x118PNG image data, 50 x 40, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.975
            PNG0x16815280x126PNG image data, 60 x 48, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9285714285714286
            PNG0x16816500x16fPNG image data, 80 x 64, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.8092643051771117
            PNG0x16817c00x1a5PNG image data, 100 x 80, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.7505938242280285
            PNG0x16819680xdePNG image data, 40 x 32, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9234234234234234
            PNG0x1681a480xe9PNG image data, 50 x 40, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9313304721030042
            PNG0x1681b340xf0PNG image data, 60 x 48, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.875
            PNG0x1681c240x138PNG image data, 80 x 64, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.6538461538461539
            PNG0x1681d5c0x16aPNG image data, 100 x 80, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.5994475138121547
            PNG0x1681ec80xdcPNG image data, 40 x 32, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9090909090909091
            PNG0x1681fa40xe8PNG image data, 50 x 40, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9353448275862069
            PNG0x168208c0xf2PNG image data, 60 x 48, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9132231404958677
            PNG0x16821800x13dPNG image data, 80 x 64, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.6624605678233438
            PNG0x16822c00x16fPNG image data, 100 x 80, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.6103542234332425
            PNG0x16824300x1b7PNG image data, 16 x 16, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0250569476082005
            PNG0x16825e80x21cPNG image data, 20 x 20, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0203703703703704
            PNG0x16828040x279PNG image data, 24 x 24, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0173775671406002
            PNG0x1682a800x310PNG image data, 32 x 32, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0140306122448979
            PNG0x1682d900x3bcPNG image data, 40 x 40, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0115062761506277
            PNG0x168314c0x386PNG image data, 16 x 16, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0121951219512195
            PNG0x16834d40x4c2PNG image data, 20 x 20, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0090311986863711
            PNG0x16839980x665PNG image data, 24 x 24, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0067196090409285
            PNG0x16840000x998PNG image data, 32 x 32, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0044788273615635
            PNG0x16849980xd0fPNG image data, 40 x 40, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.003290457672749
            PNG0x16856a80x2b0PNG image data, 32 x 16, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0159883720930232
            PNG0x16859580x3c5PNG image data, 42 x 21, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.01139896373057
            PNG0x1685d200x4a3PNG image data, 52 x 26, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0092670598146587
            PNG0x16861c40x5d7PNG image data, 63 x 31, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0073578595317725
            PNG0x168679c0x715PNG image data, 84 x 42, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0060672917815774
            PNG0x1686eb40x5e2PNG image data, 40 x 40, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0073041168658698
            PNG0x16874980x6f5PNG image data, 50 x 50, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0061763054463784
            PNG0x1687b900x7cbPNG image data, 60 x 60, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0055137844611528
            PNG0x168835c0xa5fPNG image data, 80 x 80, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0041431261770244
            PNG0x1688dbc0xcfaPNG image data, 100 x 100, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9993979530403372
            PNG0x1689ab80x7c6PNG image data, 40 x 40, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0055276381909548
            PNG0x168a2800x7a2PNG image data, 50 x 50, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0056294779938588
            PNG0x168aa240xa9ePNG image data, 60 x 60, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.004047093451067
            PNG0x168b4c40x11ecPNG image data, 80 x 80, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0023975588491718
            PNG0x168c6b00x176ePNG image data, 100 x 100, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.001833944648216
            PNG0x168de200x823PNG image data, 40 x 40, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0052808449351895
            PNG0x168e6440xa2cPNG image data, 50 x 50, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0042242703533026
            PNG0x168f0700xc07PNG image data, 60 x 60, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0035725885027607
            PNG0x168fc780x102fPNG image data, 80 x 80, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0026550808592807
            PNG0x1690ca80x125fPNG image data, 100 x 100, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.002338932596215
            PNG0x1691f080x6b6PNG image data, 40 x 40, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0064027939464493
            PNG0x16925c00x8b7PNG image data, 50 x 50, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0049305244285074
            PNG0x1692e780xafcPNG image data, 60 x 60, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0039118065433854
            PNG0x16939740x110ePNG image data, 80 x 80, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0025194686211636
            PNG0x1694a840x146aPNG image data, 100 x 100, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9980864906238041
            PNG0x1695ef00x109PNG image data, 16 x 16, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0075471698113208
            PNG0x1695ffc0x464PNG image data, 20 x 20, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.7135231316725978
            PNG0x16964600x462PNG image data, 24 x 24, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.7112299465240641
            PNG0x16968c40x479PNG image data, 32 x 32, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.7170305676855895
            PNG0x1696d400x4b9PNG image data, 40 x 40, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.7377998345740281
            PNG0x16971fc0x6dcPNG image data, 24 x 23, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.00626423690205
            PNG0x16978d80x939PNG image data, 30 x 29, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0046590427784836
            PNG0x16982140xb1fPNG image data, 36 x 34, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0038637161924833
            PNG0x1698d340x1151PNG image data, 48 x 46, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0024813895781637
            PNG0x1699e880x17bePNG image data, 60 x 57, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0018098058571898
            PNG0x169b6480x7a9PNG image data, 68 x 22, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0056093829678736
            PNG0x169bdf40x8fcPNG image data, 40 x 40, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0047826086956522
            PNG0x169c6f00xc39PNG image data, 50 x 50, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0035155001597955
            PNG0x169d32c0xf8fPNG image data, 60 x 60, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0027617373838815
            PNG0x169e2bc0x1599PNG image data, 80 x 80, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.001989509857117
            PNG0x169f8580x1ea6PNG image data, 100 x 100, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.00140198827428
            PNG0x16a17000x122PNG image data, 9 x 8, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.006896551724138
            PNG0x16a18240x103PNG image data, 9 x 8, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0038610038610039
            PNG0x16a19280x146PNG image data, 14 x 14, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0153374233128833
            PNG0x16a1a700x134PNG image data, 14 x 14, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0064935064935066
            PNG0x16a1ba40x164PNG image data, 14 x 14, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0196629213483146
            PNG0x16a1d080x1daPNG image data, 17 x 17, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0232067510548524
            PNG0x16a1ee40x246PNG image data, 21 x 20, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0189003436426116
            PNG0x16a212c0x29cPNG image data, 26 x 24, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0164670658682635
            PNG0x16a23c80x358PNG image data, 33 x 32, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0128504672897196
            PNG0x16a27200x423PNG image data, 41 x 39, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0103871576959396
            PNG0x16a2b440x1524PNG image data, 64 x 60, 8-bit/color RGB, non-interlacedEnglishGreat Britain1.0020325203252032
            PNG0x16a40680x1d78PNG image data, 80 x 75, 8-bit/color RGB, non-interlacedEnglishGreat Britain1.001458112407211
            PNG0x16a5de00x27c8PNG image data, 96 x 90, 8-bit/color RGB, non-interlacedEnglishGreat Britain1.0010801256873527
            PNG0x16a85a80x3a7aPNG image data, 128 x 120, 8-bit/color RGB, non-interlacedEnglishGreat Britain1.0007348029392118
            PNG0x16ac0240x51f4PNG image data, 160 x 150, 8-bit/color RGB, non-interlacedEnglishGreat Britain1.0007626310772164
            PNG0x16b12180x3946PNG image data, 120 x 113, 8-bit/color RGB, non-interlacedEnglishGreat Britain1.0007502387123175
            PNG0x16b4b600x4aadPNG image data, 150 x 141, 8-bit/color RGB, non-interlacedEnglishGreat Britain1.000836951404509
            PNG0x16b96100x6301PNG image data, 180 x 169, 8-bit/color RGB, non-interlacedEnglishGreat Britain1.000631288222529
            PNG0x16bf9140xaa7bPNG image data, 240 x 226, 8-bit/color RGB, non-interlacedEnglishGreat Britain1.000481176821025
            PNG0x16ca3900xcc64PNG image data, 300 x 282, 8-bit/color RGB, non-interlacedEnglishGreat Britain1.000496903906429
            PNG0x16d6ff40x107fPNG image data, 48 x 48, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0026047833293867
            PNG0x16d80740x157dPNG image data, 60 x 60, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.00199963642974
            PNG0x16d95f40x1dc2PNG image data, 72 x 72, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0014439485429247
            PNG0x16db3b80x2facPNG image data, 96 x 96, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0009013438216978
            PNG0x16de3640x432cPNG image data, 120 x 120, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0009304489416144
            PNG0x16e26900x102PNG image data, 40 x 32, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9922480620155039
            PNG0x16e27940x1b6PNG image data, 50 x 40, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9908675799086758
            PNG0x16e294c0x16cPNG image data, 60 x 48, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9752747252747253
            PNG0x16e2ab80x170PNG image data, 80 x 64, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.779891304347826
            PNG0x16e2c280x201PNG image data, 100 x 80, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.8031189083820662
            PNG0x16e2e2c0xf6PNG image data, 40 x 32, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9959349593495935
            PNG0x16e2f240xffPNG image data, 50 x 40, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.984313725490196
            PNG0x16e30240x118PNG image data, 60 x 48, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9714285714285714
            PNG0x16e313c0x14fPNG image data, 80 x 64, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.7253731343283583
            PNG0x16e328c0x182PNG image data, 100 x 80, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.6373056994818653
            PNG0x16e34100xddPNG image data, 40 x 32, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9140271493212669
            PNG0x16e34f00xe9PNG image data, 50 x 40, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9356223175965666
            PNG0x16e35dc0xf3PNG image data, 60 x 48, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9135802469135802
            PNG0x16e36d00x13ePNG image data, 80 x 64, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.6666666666666666
            PNG0x16e38100x16fPNG image data, 100 x 80, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.6076294277929155
            PNG0x16e39800x112PNG image data, 40 x 32, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9817518248175182
            PNG0x16e3a940x119PNG image data, 50 x 40, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9786476868327402
            PNG0x16e3bb00x127PNG image data, 60 x 48, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9322033898305084
            PNG0x16e3cd80x170PNG image data, 80 x 64, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.8097826086956522
            PNG0x16e3e480x1a6PNG image data, 100 x 80, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.7535545023696683
            PNG0x16e3ff00xc6PNG image data, 9 x 8, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9949494949494949
            PNG0x16e40b80xfdPNG image data, 11 x 10, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0
            PNG0x16e41b80x121PNG image data, 13 x 12, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0069204152249136
            PNG0x16e42dc0xedPNG image data, 18 x 16, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0
            PNG0x16e43cc0x115PNG image data, 22 x 20, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0
            PNG0x16e44e40xc5PNG image data, 9 x 8, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9898477157360406
            PNG0x16e45ac0xfaPNG image data, 11 x 10, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.004
            PNG0x16e46a80xddPNG image data, 13 x 12, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9547511312217195
            PNG0x16e47880x14aPNG image data, 18 x 16, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.009090909090909
            PNG0x16e48d40x128PNG image data, 22 x 20, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.010135135135135
            PNG0x16e49fc0xc0PNG image data, 8 x 9, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.984375
            PNG0x16e4abc0xcbPNG image data, 10 x 11, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9852216748768473
            PNG0x16e4b880x116PNG image data, 12 x 13, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0071942446043165
            PNG0x16e4ca00xebPNG image data, 16 x 18, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9957446808510638
            PNG0x16e4d8c0x11bPNG image data, 20 x 22, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0
            PNG0x16e4ea80xbePNG image data, 8 x 9, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9894736842105263
            PNG0x16e4f680xd0PNG image data, 10 x 11, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9711538461538461
            PNG0x16e50380xdcPNG image data, 12 x 13, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.990909090909091
            PNG0x16e51140xe8PNG image data, 16 x 18, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0
            PNG0x16e51fc0xffPNG image data, 20 x 22, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0
            PNG0x16e52fc0xbcPNG image data, 8 x 9, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9893617021276596
            PNG0x16e53b80xcbPNG image data, 10 x 11, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9802955665024631
            PNG0x16e54840x112PNG image data, 12 x 13, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9598540145985401
            PNG0x16e55980xefPNG image data, 16 x 18, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0
            PNG0x16e56880x119PNG image data, 20 x 22, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0
            PNG0x16e57a40xbfPNG image data, 8 x 9, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9842931937172775
            PNG0x16e58640xcfPNG image data, 10 x 11, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9855072463768116
            PNG0x16e59340xdePNG image data, 12 x 13, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9954954954954955
            PNG0x16e5a140xecPNG image data, 16 x 18, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9957627118644068
            PNG0x16e5b000xfaPNG image data, 20 x 22, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0
            PNG0x16e5bfc0xbePNG image data, 9 x 8, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9947368421052631
            PNG0x16e5cbc0xc8PNG image data, 11 x 10, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.99
            PNG0x16e5d840xbda3PNG image data, 13 x 12, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.7202916761076894
            PNG0x16f1b280xe8PNG image data, 18 x 16, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9956896551724138
            PNG0x16f1c100x109PNG image data, 22 x 20, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0
            PNG0x16f1d1c0xcePNG image data, 9 x 8, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0
            PNG0x16f1dec0xcaPNG image data, 11 x 10, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9851485148514851
            PNG0x16f1eb80xf6PNG image data, 13 x 12, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9959349593495935
            PNG0x16f1fb00xeePNG image data, 18 x 16, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9957983193277311
            PNG0x16f20a00xbf71PNG image data, 22 x 20, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.7202146544512232
            PNG0x16fe0140xa5PNG image data, 7 x 12, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0
            PNG0x16fe0bc0xb6PNG image data, 10 x 16, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.989010989010989
            PNG0x16fe1740xb0PNG image data, 11 x 19, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0056818181818181
            PNG0x16fe2240xcfPNG image data, 14 x 24, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0048309178743962
            PNG0x16fe2f40xcfPNG image data, 18 x 31, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0048309178743962
            PNG0x16fe3c40xf6PNG image data, 40 x 32, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0040650406504066
            PNG0x16fe4bc0xcdPNG image data, 40 x 32, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0
            PNG0x16fe58c0x10cPNG image data, 40 x 32, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0223880597014925
            PNG0x16fe6980x240PNG image data, 50 x 40, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0190972222222223
            PNG0x16fe8d80x27dPNG image data, 26 x 21, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0172684458398744
            PNG0x16feb580x39cPNG image data, 40 x 40, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0119047619047619
            PNG0x16feef40x717PNG image data, 50 x 50, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.8429752066115702
            PNG0x16ff60c0x7e5PNG image data, 60 x 60, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.8629391390400791
            PNG0x16ffdf40x937PNG image data, 80 x 80, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.8817295464179737
            PNG0x170072c0xa5ePNG image data, 100 x 100, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.8862094951017332
            PNG0x170118c0x4a5PNG image data, 40 x 40, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0092514718250631
            PNG0x17016340x7f5PNG image data, 50 x 50, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.8689248895434463
            PNG0x1701e2c0x8f0PNG image data, 60 x 60, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.8837412587412588
            PNG0x170271c0xabfPNG image data, 80 x 80, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9051254089422028
            PNG0x17031dc0xcb7PNG image data, 100 x 100, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9182795698924732
            PNG0x1703e940x438PNG image data, 40 x 40, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.010185185185185
            PNG0x17042cc0x7afPNG image data, 50 x 50, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.8566344687341129
            PNG0x1704a7c0x87fPNG image data, 60 x 60, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.8726436781609196
            PNG0x17052fc0xa53PNG image data, 80 x 80, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.8974650018917897
            PNG0x1705d500xc5fPNG image data, 100 x 100, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9153773287022419
            PNG0x17069b00x796PNG image data, 40 x 40, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.005664263645726
            PNG0x17071480xbeePNG image data, 50 x 50, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9119187950229207
            PNG0x1707d380xda8PNG image data, 60 x 60, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9236270022883295
            PNG0x1708ae00x114bPNG image data, 80 x 80, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9405918229049017
            PNG0x1709c2c0x14d6PNG image data, 100 x 100, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9514435695538058
            PNG0x170b1040x325PNG image data, 32 x 16, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.013664596273292
            PNG0x170b42c0x472PNG image data, 42 x 21, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0096660808435853
            PNG0x170b8a00x55fPNG image data, 52 x 26, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.008
            PNG0x170be000x6aePNG image data, 63 x 31, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0064327485380118
            PNG0x170c4b00x8f3PNG image data, 84 x 42, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0048013967699694
            PNG0x170cda40x1a01PNG image data, 73 x 66, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0016523959741626
            PNG0x170e7a80x26c0PNG image data, 91 x 83, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.001108870967742
            PNG0x1710e680x32efPNG image data, 110 x 99, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0008436229772222
            PNG0x17141580x47e5PNG image data, 146 x 132, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0008693289866883
            PNG0x17189400x6c67PNG image data, 183 x 165, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.000576555799791
            PNG0x171f5a80xf4PNG image data, 10 x 10, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9959016393442623
            PNG0x171f69c0x119PNG image data, 13 x 13, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.99644128113879
            PNG0x171f7b80x124PNG image data, 15 x 15, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0034246575342465
            PNG0x171f8dc0x152PNG image data, 20 x 20, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0059171597633136
            PNG0x171fa300x176PNG image data, 25 x 25, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0106951871657754
            PNG0x171fba80xf7PNG image data, 10 x 10, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0
            PNG0x171fca00x11ePNG image data, 13 x 13, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0034965034965035
            PNG0x171fdc00x12fPNG image data, 15 x 15, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0
            PNG0x171fef00x151PNG image data, 20 x 20, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0089020771513353
            PNG0x17200440x17ePNG image data, 25 x 25, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.013089005235602
            PNG0x17201c40x2b6cPNG image data, 214 x 57, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9995501979129183
            PNG0x1722d300x3956PNG image data, 268 x 71, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9987736748875868
            PNG0x17266880x4745PNG image data, 321 x 86, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9981912852836393
            PNG0x172add00x66afPNG image data, 428 x 114, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9977935861832845
            PNG0x17314800x8fa0PNG image data, 535 x 143, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9957027850304613
            PNG0x173a4200x19cPNG image data, 16 x 16, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0266990291262137
            PNG0x173a5bc0x228PNG image data, 20 x 20, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.019927536231884
            PNG0x173a7e40x24dPNG image data, 24 x 24, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0186757215619695
            PNG0x173aa340x2c4PNG image data, 32 x 32, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.015536723163842
            PNG0x173acf80x376PNG image data, 40 x 40, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.012415349887133
            PNG0x173b0700x932PNG image data, 74 x 74, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0046728971962617
            PNG0x173b9a40xdb4PNG image data, 93 x 93, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0031356898517674
            PNG0x173c7580xef9PNG image data, 111 x 111, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0028698147665014
            PNG0x173d6540x13b3PNG image data, 148 x 148, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0009914733293674
            PNG0x173ea080x1948PNG image data, 185 x 185, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9998454882571075
            PNG0x17403500x862PNG image data, 74 x 74, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.005125815470643
            PNG0x1740bb40xcacPNG image data, 93 x 93, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0033908754623921
            PNG0x17418600xd74PNG image data, 111 x 111, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0031939605110336
            PNG0x17425d40x1204PNG image data, 148 x 148, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9937120555073721
            PNG0x17437d80x1702PNG image data, 185 x 185, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9821731748726655
            PNG0x1744edc0xaf4PNG image data, 74 x 74, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.003922967189729
            PNG0x17459d00xfbaPNG image data, 93 x 93, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0027322404371584
            PNG0x174698c0x11a2PNG image data, 111 x 111, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0015507310589278
            PNG0x1747b300x17d0PNG image data, 148 x 148, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0018044619422573
            PNG0x17493000x1e5ePNG image data, 185 x 185, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9938255724208902
            PNG0x174b1600x908PNG image data, 74 x 74, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0047577854671281
            PNG0x174ba680xdb7PNG image data, 93 x 93, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0031330105383083
            PNG0x174c8200x1027PNG image data, 111 x 111, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0026602176541717
            PNG0x174d8480x14edPNG image data, 148 x 148, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0009333582228859
            PNG0x174ed380x1baePNG image data, 185 x 185, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9871577758961332
            PNG0x17508e80x633PNG image data, 74 x 74, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0069313169502205
            PNG0x1750f1c0x7fdPNG image data, 93 x 93, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0053789731051346
            PNG0x175171c0x914PNG image data, 111 x 111, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0047332185886402
            PNG0x17520300xbacPNG image data, 148 x 148, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0036813922356091
            PNG0x1752bdc0xf11PNG image data, 185 x 185, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0028519574799066
            PNG0x1753af00x99ePNG image data, 74 x 74, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.00446791226645
            PNG0x17544900xe83PNG image data, 93 x 93, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0029609690444146
            PNG0x17553140xfb9PNG image data, 111 x 111, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0027329192546584
            PNG0x17562d00x1507PNG image data, 148 x 148, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9983280698495263
            PNG0x17577d80x1ab5PNG image data, 185 x 185, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9938569548047389
            PNG0x17592900x945PNG image data, 74 x 74, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0046354825115886
            PNG0x1759bd80xdb2PNG image data, 93 x 93, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0031374786081004
            PNG0x175a98c0xf25PNG image data, 111 x 111, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.002837245292752
            PNG0x175b8b40x13c9PNG image data, 148 x 148, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0021717670286279
            PNG0x175cc800x193bPNG image data, 185 x 185, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9919492181452237
            PNG0x175e5bc0x77dPNG image data, 50 x 50, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0057381324986958
            PNG0x175ed3c0xc2bPNG image data, 63 x 63, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0035313001605137
            PNG0x175f9680xc36PNG image data, 75 x 75, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0035188739603327
            PNG0x17605a00x108bPNG image data, 100 x 100, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0025974025974025
            PNG0x176162c0x17baPNG image data, 125 x 125, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0018109976950937
            PNG0x1762de80x4dfPNG image data, 50 x 50, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.008821170809944
            PNG0x17632c80x80cPNG image data, 63 x 63, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0053398058252427
            PNG0x1763ad40x78cPNG image data, 75 x 75, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0056935817805384
            PNG0x17642600xa87PNG image data, 100 x 100, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0040816326530613
            PNG0x1764ce80xe76PNG image data, 125 x 125, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0029713668287412
            PNG0x1765b600x69aPNG image data, 50 x 50, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.006508875739645
            PNG0x17661fc0xa0cPNG image data, 63 x 63, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.004276827371695
            PNG0x1766c080xa0bPNG image data, 75 x 75, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0042784908595876
            PNG0x17676140xdd4PNG image data, 100 x 100, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0031073446327683
            PNG0x17683e80x12fdPNG image data, 125 x 125, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0022629088664883
            PNG0x17696e80x8dcPNG image data, 50 x 50, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0048500881834215
            PNG0x1769fc40xdbbPNG image data, 63 x 63, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0031294452347084
            PNG0x176ad800xd9cPNG image data, 75 x 75, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0031572904707233
            PNG0x176bb1c0x13c3PNG image data, 100 x 100, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0021743427554852
            PNG0x176cee00x1a21PNG image data, 125 x 125, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0016444909552997
            PNG0x176e9040xaaPNG image data, 10 x 11, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0176470588235293
            PNG0x176e9b00xf3PNG image data, 13 x 14, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.037037037037037
            PNG0x176eaa40xefPNG image data, 15 x 17, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0376569037656904
            PNG0x176eb940xfaPNG image data, 20 x 22, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.028
            PNG0x176ec900x140PNG image data, 25 x 28, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.034375
            PNG0x176edd00x32ePNG image data, 26 x 31, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0135135135135136
            PNG0x176f1000x3d6PNG image data, 34 x 39, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0112016293279023
            PNG0x176f4d80x4b4PNG image data, 40 x 47, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0091362126245846
            PNG0x176f98c0x5efPNG image data, 52 x 61, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0072416063199474
            PNG0x176ff7c0x752PNG image data, 66 x 77, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0058697972251867
            PNG0x17706d00xd4PNG image data, 10 x 10, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0330188679245282
            PNG0x17707a40xfbPNG image data, 13 x 13, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0318725099601593
            PNG0x17708a00x11fPNG image data, 15 x 15, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.038327526132404
            PNG0x17709c00x137PNG image data, 20 x 20, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0353697749196142
            PNG0x1770af80x161PNG image data, 25 x 25, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0311614730878187
            PNG0x1770c5c0x107PNG image data, 10 x 10, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0114068441064639
            PNG0x1770d640x122PNG image data, 13 x 13, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0103448275862068
            PNG0x1770e880x148PNG image data, 15 x 15, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0060975609756098
            PNG0x1770fd00x16bPNG image data, 20 x 20, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.022038567493113
            PNG0x177113c0x19aPNG image data, 25 x 25, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0170731707317073
            PNG0x17712d80x3e0PNG image data, 31 x 37, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0110887096774193
            PNG0x17716b80x51dPNG image data, 39 x 46, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0084033613445378
            PNG0x1771bd80x67dPNG image data, 47 x 56, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0066225165562914
            PNG0x17722580x8abPNG image data, 62 x 74, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0049571879224877
            PNG0x1772b040xb6ePNG image data, 78 x 93, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0037593984962405
            PNG0x17736740x227PNG image data, 24 x 24, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0199637023593466
            PNG0x177389c0x2a7PNG image data, 31 x 31, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.01620029455081
            PNG0x1773b440x351PNG image data, 36 x 36, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0129564193168434
            PNG0x1773e980x4faPNG image data, 48 x 48, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0086342229199372
            PNG0x17743940x620PNG image data, 60 x 60, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.007015306122449
            PNG0x17749b40x394PNG image data, 14 x 21, 8-bit/color RGBA, interlacedEnglishGreat Britain1.012008733624454
            PNG0x1774d480x509PNG image data, 18 x 26, 8-bit/color RGBA, interlacedEnglishGreat Britain1.008533747090768
            PNG0x17752540x53ePNG image data, 21 x 32, 8-bit/color RGBA, interlacedEnglishGreat Britain1.0081967213114753
            PNG0x17757940x648PNG image data, 28 x 42, 8-bit/color RGBA, interlacedEnglishGreat Britain1.0068407960199004
            PNG0x1775ddc0x86cPNG image data, 35 x 53, 8-bit/color RGBA, interlacedEnglishGreat Britain1.0051020408163265
            PNG0x17766480xe9PNG image data, 10 x 10, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0085836909871244
            PNG0x17767340x136PNG image data, 13 x 14, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0161290322580645
            PNG0x177686c0x12ePNG image data, 16 x 16, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0132450331125828
            PNG0x177699c0x197PNG image data, 20 x 20, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.027027027027027
            PNG0x1776b340x1d5PNG image data, 26 x 26, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.023454157782516
            PNG0x1776d0c0x105PNG image data, 16 x 16, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0421455938697317
            PNG0x1776e140x13fPNG image data, 20 x 20, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0344827586206897
            PNG0x1776f540x176PNG image data, 24 x 24, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0294117647058822
            PNG0x17770cc0x22ePNG image data, 40 x 40, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0197132616487454
            PNG0x17772fc0x13fPNG image data, 16 x 16, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0344827586206897
            PNG0x177743c0x25cPNG image data, 20 x 20, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0182119205298013
            PNG0x17776980x2a3PNG image data, 24 x 24, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0162962962962963
            PNG0x177793c0x23cPNG image data, 32 x 32, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0192307692307692
            PNG0x1777b780x4faPNG image data, 40 x 40, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0086342229199372
            PNG0x17780740xc8PNG image data, 16 x 16, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.03
            PNG0x177813c0x122PNG image data, 20 x 20, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0379310344827586
            PNG0x17782600x139PNG image data, 24 x 24, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.035143769968051
            PNG0x177839c0x1a5PNG image data, 32 x 32, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0261282660332542
            PNG0x17785440x1d7PNG image data, 40 x 40, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0233545647558386
            PNG0x177871c0x1b8PNG image data, 16 x 16, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.025
            PNG0x17788d40x272PNG image data, 20 x 20, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0175718849840256
            PNG0x1778b480x2a7PNG image data, 24 x 24, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.01620029455081
            PNG0x1778df00x3a6PNG image data, 32 x 32, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.011777301927195
            PNG0x17791980x4f5PNG image data, 40 x 40, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0086682427107958
            PNG0x17796900x17dPNG image data, 24 x 24, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0236220472440944
            PNG0x17798100x1d3PNG image data, 31 x 31, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.019271948608137
            PNG0x17799e40x215PNG image data, 36 x 37, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.020637898686679
            PNG0x1779bfc0x29fPNG image data, 48 x 48, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0163934426229508
            PNG0x1779e9c0x377PNG image data, 60 x 61, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.012401352874859
            PNG0x177a2140x321PNG image data, 26 x 24, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.013732833957553
            PNG0x177a5380x422PNG image data, 33 x 30, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0103969754253308
            PNG0x177a95c0x4eePNG image data, 39 x 36, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.008716323296355
            PNG0x177ae4c0x63fPNG image data, 52 x 48, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0068792995622264
            PNG0x177b48c0x809PNG image data, 65 x 60, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0053475935828877
            PNG0x177bc980x25cPNG image data, 21 x 17, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0182119205298013
            PNG0x177bef40x32bPNG image data, 26 x 21, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0135635018495683
            PNG0x177c2200x3f7PNG image data, 32 x 26, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0108374384236454
            PNG0x177c6180x45dPNG image data, 42 x 34, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0098478066248882
            PNG0x177ca780x664PNG image data, 53 x 43, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.006723716381418
            PNG0x177d0dc0x28c7PNG image data, 768 x 64, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9961682153462975
            PNG0x177f9a40x4f0ePNG image data, 972 x 81, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9915011364759364
            PNG0x17848b40x3c7dPNG image data, 1153 x 96, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9898611559573781
            PNG0x17885340x54f6PNG image data, 1536 x 128, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.981103448275862
            PNG0x178da2c0x6ab4PNG image data, 1921 x 160, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9815492751500952
            PNG0x17944e00x114PNG image data, 17 x 11, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0144927536231885
            PNG0x17945f40x120PNG image data, 21 x 13, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0104166666666667
            PNG0x17947140x128PNG image data, 25 x 16, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0236486486486487
            PNG0x179483c0x15bPNG image data, 33 x 21, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0144092219020173
            PNG0x17949980x176PNG image data, 41 x 25, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0240641711229947
            PNG0x1794b100x10dPNG image data, 17 x 11, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0111524163568772
            PNG0x1794c200x108PNG image data, 21 x 13, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0113636363636365
            PNG0x1794d280x132PNG image data, 25 x 16, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.026143790849673
            PNG0x1794e5c0x157PNG image data, 33 x 21, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0204081632653061
            PNG0x1794fb40x18ePNG image data, 41 x 26, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0276381909547738
            PNG0x17951440xd2PNG image data, 17 x 11, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0
            PNG0x17952180xccPNG image data, 21 x 13, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9950980392156863
            PNG0x17952e40xeaPNG image data, 25 x 16, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.017094017094017
            PNG0x17953d00xecPNG image data, 33 x 21, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0042372881355932
            PNG0x17954bc0x103PNG image data, 41 x 25, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0154440154440154
            PNG0x17955c00xc9PNG image data, 17 x 11, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0049751243781095
            PNG0x179568c0xc4PNG image data, 21 x 13, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9897959183673469
            PNG0x17957500xdePNG image data, 25 x 16, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.009009009009009
            PNG0x17958300x817PNG image data, 74 x 74, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0053114437469821
            PNG0x17960480xa1aPNG image data, 93 x 93, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0042536736272236
            PNG0x1796a640xb47PNG image data, 112 x 111, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0038101835815725
            PNG0x17975ac0xec3PNG image data, 148 x 148, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0029108229690393
            PNG0x17984700x122dPNG image data, 186 x 185, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0023640661938533
            PNG0x17996a00xb96PNG image data, 87 x 87, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0037086985839514
            PNG0x179a2380x34dPNG image data, 126 x 14, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.01301775147929
            PNG0x179a5880xa99PNG image data, 157 x 17, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0040545521562845
            PNG0x179b0240xc30PNG image data, 189 x 21, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.003525641025641
            PNG0x179bc540xe60PNG image data, 252 x 28, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0029891304347827
            PNG0x179cab40x1506PNG image data, 315 x 35, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0020438498699369
            PNG0x179dfbc0xb27PNG image data, 128 x 16, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0038528896672505
            PNG0x179eae40x1038PNG image data, 160 x 20, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0026493256262043
            PNG0x179fb1c0x14e5PNG image data, 192 x 24, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0020564591512433
            PNG0x17a10040x1c08PNG image data, 256 x 32, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0015328874024527
            PNG0x17a2c0c0x2c45PNG image data, 320 x 40, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0009706167828465
            TIS0x17a58540x2471C++ source, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.2169578732983171
            TIS0x17a7cc80x724Non-ISO extended-ASCII text, with CRLF line terminatorsEnglishGreat Britain0.4141137855579869
            TIS0x17a83ec0x2e72C++ source, Non-ISO extended-ASCII text, with very long lines (337), with CRLF line terminatorsEnglishGreat Britain0.2698065601345669
            TIS0x17ab2600xebC++ source, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.5404255319148936
            TIS0x17ab34c0x1337C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminatorsEnglishGreat Britain0.25208375686115064
            TIS0x17ac6840x106aASCII text, with CRLF line terminatorsEnglishGreat Britain0.2934316991908615
            TIS0x17ad6f00x5acbC++ source, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.25379684205997505
            TIS0x17b31bc0xdd5Non-ISO extended-ASCII text, with CRLF line terminatorsEnglishGreat Britain0.3643038689635696
            TIS0x17b3f940xa5ASCII text, with CRLF line terminatorsEnglishGreat Britain0.8909090909090909
            TIS0x17b403c0x5b3C++ source, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.3132282385195339
            TIS0x17b45f00x1363C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminatorsEnglishGreat Britain0.26455772718114046
            TIS0x17b59540x2c9dC++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminatorsEnglishGreat Britain0.2343927852202084
            TIS0x17b85f40x2496C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminatorsEnglishGreat Britain0.24129831304719196
            TIS0x17baa8c0x2150C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminatorsEnglishGreat Britain0.24120544090056284
            TIS0x17bcbdc0x3e9C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminatorsEnglishGreat Britain0.45254745254745254
            TIS0x17bcfc80xa839C++ source, Unicode text, UTF-8 (with BOM) text, with very long lines (303), with CRLF line terminatorsEnglishGreat Britain0.16619064205271103
            TIS0x17c78040x35fdC++ source, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.18023297880037623
            TIS0x17cae040x40d4C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminatorsEnglishGreat Britain0.18823812966979994
            TIS0x17ceed80x5695C++ source, Unicode text, UTF-8 (with BOM) text, with very long lines (368), with CRLF line terminatorsEnglishGreat Britain0.1962102413715317
            TIS0x17d45700x4e7ASCII text, with CRLF line terminatorsEnglishGreat Britain0.2685258964143426
            TIS0x17d4a580x1412C++ source, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.30381471389645776
            TIS0x17d5e6c0x5b74C++ source, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.16359132069024432
            TIS0x17db9e00x1bd1C++ source, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.276225249262744
            TIS0x17dd5b40x1ba0C++ source, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.2887443438914027
            TIS0x17df1540x4ff2C++ source, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.14399491840125087
            TIS0x17e41480x21d6C++ source, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.22269683675825444
            TIS0x17e63200xfc1C++ source, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.3486238532110092
            TIS0x17e72e40x6aceC++ source, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.13177529076146588
            TIS0x17eddb40x1474C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminatorsEnglishGreat Britain0.22001527883880825
            TIS0x17ef2280x1dd4C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminatorsEnglishGreat Britain0.24030906233630173
            TIS0x17f0ffc0xcd7C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminatorsEnglishGreat Britain0.33891086096744755
            TIS0x17f1cd40x1127C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminatorsEnglishGreat Britain0.2470963334092462
            TIS0x17f2dfc0x2c85ASCII text, with CRLF line terminatorsEnglishGreat Britain0.24567868737387033
            TIS0x17f5a840x845C++ source, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.36136041568256966
            TIS0x17f62cc0xe5eASCII text, with CRLF line terminatorsEnglishGreat Britain0.3308863512778684
            TIS0x17f712c0xfaC++ source, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.54
            TIS0x17f72280x562ASCII text, with CRLF line terminatorsEnglishGreat Britain0.43033381712626995
            TIS0x17f778c0x2bfASCII text, with CRLF line terminatorsEnglishGreat Britain0.4594594594594595
            TIS0x17f7a4c0x1035C++ source, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.33285128946734155
            TIS0x17f8a840x1010C++ source, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.2448929961089494
            TIS0x17f9a940x11aaASCII text, with CRLF line terminatorsEnglishGreat Britain0.31977001326846527
            TIS0x17fac400x17bdC++ source, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.2514398551917064
            TIS0x17fc4000x14976C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminatorsEnglishGreat Britain0.21878779255886746
            TIS0x1810d780xa8eC++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminatorsEnglishGreat Britain0.3168023686158401
            TIS0x18118080x1c31C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminatorsEnglishGreat Britain0.22918110018013024
            TIS0x181343c0x253aC++ source, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.19538300104931794
            TIS0x18159780x3f57Unicode text, UTF-8 (with BOM) text, with CRLF line terminatorsEnglishGreat Britain0.1967314215232809
            TIS0x18198d00x8be0C++ source, Unicode text, UTF-8 (with BOM) text, with very long lines (355), with CRLF line terminatorsEnglishGreat Britain0.19168900804289543
            TIS0x18224b00x11a0C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminatorsEnglishGreat Britain0.27437943262411346
            TIS0x18236500xeacC++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminatorsEnglishGreat Britain0.29259850905218315
            TIS0x18244fc0xa54Unicode text, UTF-8 (with BOM) text, with CRLF line terminatorsEnglishGreat Britain0.264750378214826
            TIS0x1824f500x73d4ASCII text, with CRLF line terminatorsEnglishGreat Britain0.23532982598138405
            TIS0x182c3240x2333C++ source, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.255798468538453
            TIS0x182e6580x2827C++ source, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.26899503842786265
            TIS0x1830e800x50eASCII text, with CRLF line terminatorsEnglishGreat Britain0.42040185471406494
            TIS0x18313900xa9bC++ source, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.34806629834254144
            TIS0x1831e2c0x294ASCII text, with CRLF line terminatorsEnglishGreat Britain0.47424242424242424
            TIS0x18320c00xcb7C++ source, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.3640552995391705
            TIS0x1832d780x1b0dC++ source, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.2505415162454874
            TIS0x18348880xa18C++ source, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.35139318885448917
            TIS0x18352a00x878C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminatorsEnglishGreat Britain0.37084870848708484
            TIS0x1835b180x54aC++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminatorsEnglishGreat Britain0.4254062038404727
            TIS0x18360640x57eeC++ source, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.20031097290093292
            TIS0x183b8540x1a48C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminatorsEnglishGreat Britain0.27705112960760997
            TIS0x183d29c0x13b5C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminatorsEnglishGreat Britain0.3016848364717542
            TIS0x183e6540x1ba2C++ source, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.3262651964942041
            TTF0x18401f80x2996cTrueType Font data, 18 tables, 1st "GDEF", 13 names, Microsoft, language 0x409, Copyright 2011 Google Inc. All Rights Reserved.RobotoBoldRoboto BoldVersion 2.137; 2017Roboto-BoEnglishGreat Britain0.5296804189071782
            TTF0x1869b640x29d08TrueType Font data, 18 tables, 1st "GDEF", 13 names, Microsoft, language 0x409, Copyright 2011 Google Inc. All Rights Reserved.RobotoRegularVersion 2.137; 2017Roboto-RegularRobEnglishGreat Britain0.5235531785697604
            RT_CURSOR0x189386c0x134Targa image data - Map 64 x 65536 x 1 +32 "\001"EnglishUnited States0.38636363636363635
            RT_CURSOR0x18939a00x134dataEnglishUnited States0.4642857142857143
            RT_CURSOR0x1893ad40x134dataEnglishUnited States0.4805194805194805
            RT_CURSOR0x1893c080x134dataEnglishUnited States0.38311688311688313
            RT_CURSOR0x1893d3c0x134dataEnglishUnited States0.36038961038961037
            RT_CURSOR0x1893e700x134dataEnglishUnited States0.4090909090909091
            RT_CURSOR0x1893fa40x134Targa image data - RGB 64 x 65536 x 1 +32 "\001"EnglishUnited States0.4967532467532468
            RT_BITMAP0x18940d80xd28Device independent bitmap graphic, 48 x 48 x 8, image size 0, resolution 3780 x 3780 px/m, 256 important colors0.16508313539192399
            RT_BITMAP0x1894e000x32aDevice independent bitmap graphic, 16 x 16 x 24, image size 770, resolution 3779 x 3779 px/m0.2074074074074074
            RT_BITMAP0x189512c0xa73cDevice independent bitmap graphic, 629 x 17 x 32, image size 42772, resolution 3582 x 3582 px/mEnglishGreat Britain0.3653648509763618
            RT_BITMAP0x189f8680x9428Device independent bitmap graphic, 592 x 16 x 32, image size 37888, resolution 3700 x 3700 px/mEnglishGreat Britain0.37990402868593126
            RT_BITMAP0x18a8c900xe768Device independent bitmap graphic, 740 x 20 x 32, image size 59200, resolution 3503 x 3503 px/mEnglishGreat Britain0.3775827143821742
            RT_BITMAP0x18b73f80x14d28Device independent bitmap graphic, 888 x 24 x 32, image size 85248, resolution 3543 x 3543 px/mEnglishGreat Britain0.3435418816246131
            RT_BITMAP0x18cc1200x25028Device independent bitmap graphic, 1184 x 32 x 32, image size 151552, resolution 3543 x 3543 px/mEnglishGreat Britain0.27891313525779726
            RT_BITMAP0x18f11480x39d28Device independent bitmap graphic, 1480 x 40 x 32, image size 236800, resolution 3503 x 3503 px/mEnglishGreat Britain0.2470275291335923
            RT_BITMAP0x192ae700xff1cDevice independent bitmap graphic, 777 x 21 x 32, image size 65268, resolution 3582 x 3582 px/mEnglishGreat Britain0.3760488760948123
            RT_BITMAP0x193ad8c0x1697cDevice independent bitmap graphic, 925 x 25 x 32, image size 92500, resolution 3503 x 3503 px/mEnglishGreat Britain0.33716230819105253
            RT_BITMAP0x19517080x29c78Device independent bitmap graphic, 1258 x 34 x 32, image size 171088, resolution 3543 x 3543 px/mEnglishGreat Britain0.27272567902388856
            RT_BITMAP0x197b3800x489f0Device independent bitmap graphic, 1582 x 47 x 32, image size 297416, resolution 3582 x 3582 px/mEnglishGreat Britain0.2156587865096014
            RT_BITMAP0x19c3d700x2028Device independent bitmap graphic, 128 x 16 x 32, image size 8192, resolution 3700 x 3700 px/mEnglishGreat Britain0.06972789115646258
            RT_BITMAP0x19c5d980x3228Device independent bitmap graphic, 160 x 20 x 32, image size 12800, resolution 3700 x 3700 px/mEnglishGreat Britain0.08948598130841122
            RT_BITMAP0x19c8fc00x4828Device independent bitmap graphic, 192 x 24 x 32, image size 18432, resolution 3661 x 3661 px/mEnglishGreat Britain0.07145950627977479
            RT_BITMAP0x19cd7e80x8028Device independent bitmap graphic, 256 x 32 x 32, image size 32768, resolution 3661 x 3661 px/mEnglishGreat Britain0.04489758595464521
            RT_BITMAP0x19d58100xc828Device independent bitmap graphic, 320 x 40 x 32, image size 51200, resolution 3661 x 3661 px/mEnglishGreat Britain0.040300546448087435
            RT_BITMAP0x19e20380xab8Device independent bitmap graphic, 52 x 13 x 32, image size 2704, resolution 2795 x 2795 px/mEnglishGreat Britain0.23104956268221574
            RT_BITMAP0x19e2af00x1028Device independent bitmap graphic, 64 x 16 x 32, image size 4096, resolution 3622 x 3622 px/mEnglishGreat Britain0.1658607350096712
            RT_BITMAP0x19e3b180x16b8Device independent bitmap graphic, 76 x 19 x 32, image size 5776, resolution 3622 x 3622 px/mEnglishGreat Britain0.16127922971114167
            RT_BITMAP0x19e51d00x2a68Device independent bitmap graphic, 104 x 26 x 32, image size 10816, resolution 3661 x 3661 px/mEnglishGreat Britain0.12398673544583641
            RT_BITMAP0x19e7c380x4028Device independent bitmap graphic, 128 x 32 x 32, image size 16384, resolution 3661 x 3661 px/mEnglishGreat Britain0.09656600097418412
            RT_BITMAP0x19ebc600x2028Device independent bitmap graphic, 16 x 128 x 32, image size 8192, resolution 2834 x 2834 px/mEnglishGreat Britain0.22983479105928087
            RT_ICON0x19edc880x128Device independent bitmap graphic, 16 x 32 x 4, image size 192, 16 important colorsEnglishUnited States0.6317567567567568
            RT_ICON0x19eddb00x568Device independent bitmap graphic, 16 x 32 x 8, image size 320, 256 important colorsEnglishUnited States0.5823699421965318
            RT_ICON0x19ee3180x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 640, 16 important colorsEnglishUnited States0.5120967741935484
            RT_ICON0x19ee6000x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishUnited States0.5455776173285198
            RT_ICON0x19eeea80x668Device independent bitmap graphic, 48 x 96 x 4, image size 1536EnglishUnited States0.36341463414634145
            RT_ICON0x19ef5100xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2688EnglishUnited States0.42350746268656714
            RT_MENU0x19f03b80x5edataEnglishGreat Britain0.8617021276595744
            RT_MENU0x19f04180x13cdataEnglishGreat Britain0.49683544303797467
            RT_MENU0x19f05540x8edataEnglishGreat Britain0.6971830985915493
            RT_MENU0x19f05e40x1aadataEnglishGreat Britain0.42018779342723006
            RT_MENU0x19f07900xdadataEnglishGreat Britain0.6238532110091743
            RT_MENU0x19f086c0x156dataEnglishGreat Britain0.5526315789473685
            RT_MENU0x19f09c40xbedataEnglishGreat Britain0.6368421052631579
            RT_MENU0x19f0a840xaedataEnglishGreat Britain0.632183908045977
            RT_MENU0x19f0b340xb8dataEnglishGreat Britain0.657608695652174
            RT_DIALOG0x19f0bec0x80dataEnglishGreat Britain0.671875
            RT_DIALOG0x19f0c6c0x3f0dataEnglishGreat Britain0.4037698412698413
            RT_DIALOG0x19f105c0xe8dataEnglishGreat Britain0.6508620689655172
            RT_DIALOG0x19f11440x288dataEnglishGreat Britain0.4984567901234568
            RT_DIALOG0x19f13cc0x250dataEnglishGreat Britain0.4864864864864865
            RT_DIALOG0x19f161c0x280dataEnglishGreat Britain0.509375
            RT_DIALOG0x19f189c0x298dataEnglishGreat Britain0.43373493975903615
            RT_DIALOG0x19f1b340x1e4dataEnglishGreat Britain0.5206611570247934
            RT_DIALOG0x19f1d180x374dataEnglishGreat Britain0.3404977375565611
            RT_DIALOG0x19f208c0x750dataEnglishGreat Britain0.3872863247863248
            RT_DIALOG0x19f27dc0x19cdataEnglishGreat Britain0.4854368932038835
            RT_DIALOG0x19f29780x1cedataEnglishGreat Britain0.48268398268398266
            RT_DIALOG0x19f2b480x5ecdataEnglishGreat Britain0.40699208443271767
            RT_DIALOG0x19f31340x742dataEnglishGreat Britain0.3745963401506997
            RT_DIALOG0x19f38780x54dataEnglishGreat Britain0.8095238095238095
            RT_DIALOG0x19f38cc0x34dataEnglishGreat Britain0.9038461538461539
            RT_DIALOG0x19f39000xe0dataEnglishGreat Britain0.6517857142857143
            RT_DIALOG0x19f39e00x2e2dataEnglishGreat Britain0.45121951219512196
            RT_DIALOG0x19f3cc40x160dataEnglishGreat Britain0.6164772727272727
            RT_DIALOG0x19f3e240x7b8dataEnglishGreat Britain0.3066801619433198
            RT_DIALOG0x19f45dc0x34dataEnglishGreat Britain0.9038461538461539
            RT_DIALOG0x19f46100x34dataEnglishGreat Britain0.9038461538461539
            RT_DIALOG0x19f46440x34dataEnglishGreat Britain0.9038461538461539
            RT_DIALOG0x19f46780x70dataEnglishGreat Britain0.7857142857142857
            RT_DIALOG0x19f46e80x1cedataEnglishGreat Britain0.48484848484848486
            RT_DIALOG0x19f48b80x180dataEnglishGreat Britain0.5755208333333334
            RT_DIALOG0x19f4a380x228dataEnglishGreat Britain0.44565217391304346
            RT_DIALOG0x19f4c600xc4dataEnglishGreat Britain0.7244897959183674
            RT_DIALOG0x19f4d240x14cdataEnglishGreat Britain0.5963855421686747
            RT_DIALOG0x19f4e700x462dataEnglishGreat Britain0.43137254901960786
            RT_DIALOG0x19f52d40x468dataEnglishGreat Britain0.43351063829787234
            RT_DIALOG0x19f573c0x224dataEnglishGreat Britain0.5091240875912408
            RT_DIALOG0x19f59600x286dataEnglishGreat Britain0.5046439628482973
            RT_DIALOG0x19f5be80x1e8dataEnglishGreat Britain0.5758196721311475
            RT_DIALOG0x19f5dd00xc8dBase III DBT, next free block index 4294901761EnglishGreat Britain0.665
            RT_DIALOG0x19f5e980x938dataEnglishGreat Britain0.3771186440677966
            RT_DIALOG0x19f67d00x462dataEnglishGreat Britain0.446524064171123
            RT_DIALOG0x19f6c340x654dataEnglishGreat Britain0.31666666666666665
            RT_DIALOG0x19f72880x34dataEnglishGreat Britain0.9038461538461539
            RT_DIALOG0x19f72bc0x462dataEnglishGreat Britain0.44563279857397503
            RT_DIALOG0x19f77200xd6dBase III DBT, next free block index 4294901761EnglishGreat Britain0.7009345794392523
            RT_DIALOG0x19f77f80x37cdataEnglishGreat Britain0.4461883408071749
            RT_DIALOG0x19f7b740x1a8dataEnglishGreat Britain0.5707547169811321
            RT_DIALOG0x19f7d1c0x2c8dataEnglishGreat Britain0.44662921348314605
            RT_DIALOG0x19f7fe40x1a2dataEnglishGreat Britain0.5239234449760766
            RT_DIALOG0x19f81880x176dataEnglishGreat Britain0.5775401069518716
            RT_DIALOG0x19f83000x384dataEnglishGreat Britain0.4477777777777778
            RT_DIALOG0x19f86840x34dataEnglishGreat Britain0.9038461538461539
            RT_DIALOG0x19f86b80x98dataEnglishGreat Britain0.7302631578947368
            RT_DIALOG0x19f87500x34dataEnglishGreat Britain0.9038461538461539
            RT_DIALOG0x19f87840x34dataEnglishGreat Britain0.9038461538461539
            RT_DIALOG0x19f87b80x34dataEnglishGreat Britain0.9038461538461539
            RT_DIALOG0x19f87ec0x34dataEnglishGreat Britain0.9038461538461539
            RT_DIALOG0x19f88200x34dataEnglishGreat Britain0.9038461538461539
            RT_DIALOG0x19f88540x34dataEnglishGreat Britain0.9038461538461539
            RT_DIALOG0x19f88880x9edataEnglishGreat Britain0.7215189873417721
            RT_DIALOG0x19f89280x34dataEnglishGreat Britain0.8461538461538461
            RT_DIALOG0x19f895c0x34dataEnglishGreat Britain0.8461538461538461
            RT_DIALOG0x19f89900x38adataEnglishGreat Britain0.45916114790286977
            RT_DIALOG0x19f8d1c0x49cdataEnglishGreat Britain0.26610169491525426
            RT_DIALOG0x19f91b80x188dataEnglishGreat Britain0.4413265306122449
            RT_DIALOG0x19f93400x260dataEnglishGreat Britain0.38980263157894735
            RT_DIALOG0x19f95a00x154dataEnglishGreat Britain0.6294117647058823
            RT_DIALOG0x19f96f40x1b8dataEnglishGreat Britain0.5522727272727272
            RT_DIALOG0x19f98ac0xfcdataEnglishGreat Britain0.6944444444444444
            RT_DIALOG0x19f99a80x210dataEnglishGreat Britain0.509469696969697
            RT_DIALOG0x19f9bb80x382dataEnglishGreat Britain0.46325167037861914
            RT_DIALOG0x19f9f3c0x3b4dataEnglishGreat Britain0.39662447257383965
            RT_DIALOG0x19fa2f00x428dataEnglishGreat Britain0.3693609022556391
            RT_DIALOG0x19fa7180x80dataEnglishGreat Britain0.6875
            RT_DIALOG0x19fa7980x3bcdataEnglishGreat Britain0.40481171548117156
            RT_DIALOG0x19fab540x248dataEnglishGreat Britain0.488013698630137
            RT_DIALOG0x19fad9c0x51cdataEnglishGreat Britain0.4258409785932722
            RT_DIALOG0x19fb2b80x558dataEnglishGreat Britain0.4152046783625731
            RT_DIALOG0x19fb8100x4fedataEnglishGreat Britain0.4460093896713615
            RT_DIALOG0x19fbd100x544dataEnglishGreat Britain0.41839762611275966
            RT_DIALOG0x19fc2540x454dataEnglishGreat Britain0.4575812274368231
            RT_DIALOG0x19fc6a80x144dataEnglishGreat Britain0.6172839506172839
            RT_DIALOG0x19fc7ec0x29cdataEnglishGreat Britain0.49101796407185627
            RT_DIALOG0x19fca880x530dataEnglishGreat Britain0.42846385542168675
            RT_DIALOG0x19fcfb80x342dataEnglishGreat Britain0.4904076738609113
            RT_DIALOG0x19fd2fc0x390dataEnglishGreat Britain0.4605263157894737
            RT_DIALOG0x19fd68c0x476dataEnglishGreat Britain0.44220665499124345
            RT_DIALOG0x19fdb040x46cdataEnglishGreat Britain0.4204946996466431
            RT_DIALOG0x19fdf700x618dataEnglishGreat Britain0.39871794871794874
            RT_DIALOG0x19fe5880x2d8dataEnglishGreat Britain0.49175824175824173
            RT_DIALOG0x19fe8600x264dataEnglishGreat Britain0.5098039215686274
            RT_DIALOG0x19feac40x248dataEnglishGreat Britain0.4674657534246575
            RT_DIALOG0x19fed0c0x1dcdataEnglishGreat Britain0.5189075630252101
            RT_DIALOG0x19feee80xfcdataEnglishGreat Britain0.6746031746031746
            RT_DIALOG0x19fefe40x40dataEnglishGreat Britain0.875
            RT_DIALOG0x19ff0240x334dataEnglishGreat Britain0.44390243902439025
            RT_STRING0x19ff3580x66Matlab v4 mat-file (little endian) C, numeric, rows 0, columns 0EnglishGreat Britain0.5882352941176471
            RT_STRING0x19ff3c00x3a0dataEnglishGreat Britain0.3286637931034483
            RT_STRING0x19ff7600x3e4dataEnglishGreat Britain0.3644578313253012
            RT_STRING0x19ffb440xf4dataEnglishGreat Britain0.569672131147541
            RT_STRING0x19ffc380x114dataEnglishGreat Britain0.5869565217391305
            RT_STRING0x19ffd4c0x14adataEnglishGreat Britain0.5878787878787879
            RT_STRING0x19ffe980x12adataEnglishGreat Britain0.5302013422818792
            RT_STRING0x19fffc40x64Matlab v4 mat-file (little endian) W, numeric, rows 0, columns 0EnglishGreat Britain0.76
            RT_STRING0x1a000280xbcdataEnglishGreat Britain0.526595744680851
            RT_STRING0x1a000e40x7adataEnglishGreat Britain0.680327868852459
            RT_STRING0x1a001600x96dataEnglishGreat Britain0.66
            RT_STRING0x1a001f80x3e0dataEnglishGreat Britain0.4022177419354839
            RT_STRING0x1a005d80x204dataEnglishGreat Britain0.46511627906976744
            RT_STRING0x1a007dc0xe4dataEnglishGreat Britain0.631578947368421
            RT_STRING0x1a008c00xa4dataEnglishGreat Britain0.6402439024390244
            RT_STRING0x1a009640xe2dataEnglishGreat Britain0.4911504424778761
            RT_STRING0x1a00a480x82cdataEnglishGreat Britain0.2978011472275335
            RT_STRING0x1a012740x4eMatlab v4 mat-file (little endian) %, numeric, rows 0, columns 0EnglishGreat Britain0.5641025641025641
            RT_STRING0x1a012c40x54dataEnglishGreat Britain0.75
            RT_STRING0x1a013180x2d4dataEnglishGreat Britain0.38950276243093923
            RT_STRING0x1a015ec0x88dataEnglishGreat Britain0.5220588235294118
            RT_STRING0x1a016740x1cedataEnglishGreat Britain0.49783549783549785
            RT_STRING0x1a018440x2cadataEnglishGreat Britain0.43977591036414565
            RT_STRING0x1a01b100x47edataEnglishGreat Britain0.3269565217391304
            RT_STRING0x1a01f900x454dataEnglishGreat Britain0.3574007220216607
            RT_STRING0x1a023e40x45edataEnglishGreat Britain0.35778175313059035
            RT_STRING0x1a028440x1b4dataEnglishGreat Britain0.45871559633027525
            RT_STRING0x1a029f80x36edataEnglishGreat Britain0.36674259681093396
            RT_STRING0x1a02d680x268dataEnglishGreat Britain0.4301948051948052
            RT_STRING0x1a02fd00xa6dataEnglishGreat Britain0.5602409638554217
            RT_STRING0x1a030780x10cdataEnglishGreat Britain0.5970149253731343
            RT_STRING0x1a031840x160dataEnglishGreat Britain0.5340909090909091
            RT_STRING0x1a032e40x1d4dataEnglishGreat Britain0.5042735042735043
            RT_STRING0x1a034b80x10cdataEnglishGreat Britain0.6156716417910447
            RT_STRING0x1a035c40x120dataEnglishGreat Britain0.5798611111111112
            RT_STRING0x1a036e40x248dataEnglishGreat Britain0.410958904109589
            RT_STRING0x1a0392c0x28eMatlab v4 mat-file (little endian) C, numeric, rows 0, columns 0EnglishGreat Britain0.43119266055045874
            RT_STRING0x1a03bbc0x3ccdataEnglishGreat Britain0.39609053497942387
            RT_STRING0x1a03f880x390dataEnglishGreat Britain0.4144736842105263
            RT_STRING0x1a043180x18adataEnglishGreat Britain0.5482233502538071
            RT_STRING0x1a044a40x3e2dataEnglishGreat Britain0.3873239436619718
            RT_STRING0x1a048880x1f2dataEnglishGreat Britain0.4799196787148594
            RT_STRING0x1a04a7c0x134dataEnglishGreat Britain0.5162337662337663
            RT_STRING0x1a04bb00x3badataEnglishGreat Britain0.4025157232704403
            RT_STRING0x1a04f6c0x1f2dataEnglishGreat Britain0.3353413654618474
            RT_STRING0x1a051600x37edataEnglishGreat Britain0.3680089485458613
            RT_STRING0x1a054e00x1cadataEnglishGreat Britain0.425764192139738
            RT_STRING0x1a056ac0x24cdataEnglishGreat Britain0.4744897959183674
            RT_STRING0x1a058f80x7edataEnglishGreat Britain0.6111111111111112
            RT_STRING0x1a059780x1c8dataEnglishGreat Britain0.36622807017543857
            RT_STRING0x1a05b400x1c2Matlab v4 mat-file (little endian) o, numeric, rows 0, columns 0EnglishGreat Britain0.42444444444444446
            RT_STRING0x1a05d040x416dataEnglishGreat Britain0.3317399617590822
            RT_STRING0x1a0611c0x12adataEnglishGreat Britain0.5335570469798657
            RT_STRING0x1a062480x15eMatlab v4 mat-file (little endian) S, numeric, rows 0, columns 0EnglishGreat Britain0.5171428571428571
            RT_STRING0x1a063a80x3aadataEnglishGreat Britain0.3049040511727079
            RT_STRING0x1a067540x348AmigaOS bitmap font "r", fc_YSize 30464, 16896 elements, 2nd "l", 3rd "o"EnglishGreat Britain0.3773809523809524
            RT_STRING0x1a06a9c0xa8dataEnglishGreat Britain0.4880952380952381
            RT_STRING0x1a06b440x1c8dataEnglishGreat Britain0.5241228070175439
            RT_STRING0x1a06d0c0xfcdataEnglishGreat Britain0.623015873015873
            RT_STRING0x1a06e080x2aedataEnglishGreat Britain0.45918367346938777
            RT_STRING0x1a070b80x196dataEnglishGreat Britain0.47044334975369456
            RT_STRING0x1a072500x7cdataEnglishGreat Britain0.717741935483871
            RT_STRING0x1a072cc0x7edataEnglishGreat Britain0.6825396825396826
            RT_STRING0x1a0734c0x82dataEnglishGreat Britain0.7
            RT_STRING0x1a073d00x84dataEnglishGreat Britain0.7424242424242424
            RT_STRING0x1a074540x32cdataEnglishGreat Britain0.3977832512315271
            RT_STRING0x1a077800x178Matlab v4 mat-file (little endian) K, numeric, rows 0, columns 0EnglishGreat Britain0.5132978723404256
            RT_STRING0x1a078f80x2c8dataEnglishGreat Britain0.4705056179775281
            RT_STRING0x1a07bc00x102AmigaOS bitmap font "s", 16640 elements, 2nd, 3rdEnglishGreat Britain0.5387596899224806
            RT_STRING0x1a07cc40x138Matlab v4 mat-file (little endian) , numeric, rows 0, columns 0EnglishGreat Britain0.5
            RT_STRING0x1a07dfc0x46dataEnglishGreat Britain0.6857142857142857
            RT_STRING0x1a07e440xfcdataEnglishGreat Britain0.5634920634920635
            RT_STRING0x1a07f400x416dataEnglishGreat Britain0.4435946462715105
            RT_STRING0x1a083580x26dataEnglishGreat Britain0.42105263157894735
            RT_STRING0x1a083800x192dataEnglishGreat Britain0.5149253731343284
            RT_STRING0x1a085140x126dataEnglishGreat Britain0.6020408163265306
            RT_STRING0x1a0863c0x31edataEnglishGreat Britain0.41729323308270677
            RT_STRING0x1a0895c0x16cMatlab v4 mat-file (little endian) c, numeric, rows 0, columns 0EnglishGreat Britain0.510989010989011
            RT_STRING0x1a08ac80x5aAmigaOS bitmap font "u", 17152 elements, 2nd, 3rdEnglishGreat Britain0.6555555555555556
            RT_STRING0x1a08b240x64dataEnglishGreat Britain0.73
            RT_STRING0x1a08b880x35adataEnglishGreat Britain0.3741258741258741
            RT_STRING0x1a08ee40x412dataEnglishGreat Britain0.27735124760076774
            RT_STRING0x1a092f80x2c4dataEnglishGreat Britain0.4067796610169492
            RT_STRING0x1a095bc0x4aMatlab v4 mat-file (little endian) e, numeric, rows 0, columns 0EnglishGreat Britain0.6081081081081081
            RT_STRING0x1a096080xd6Matlab v4 mat-file (little endian) I, numeric, rows 0, columns 0EnglishGreat Britain0.5934579439252337
            RT_STRING0x1a096e00x5cdataEnglishGreat Britain0.7065217391304348
            RT_STRING0x1a0973c0x150dataEnglishGreat Britain0.5505952380952381
            RT_STRING0x1a0988c0x9cdataEnglishGreat Britain0.6410256410256411
            RT_STRING0x1a099280x6cdataEnglishGreat Britain0.6944444444444444
            RT_STRING0x1a099940x11cdataEnglishGreat Britain0.6126760563380281
            RT_STRING0x1a09ab00x24eTarga image data 110 x 116 x 32 +99 +101EnglishGreat Britain0.49491525423728816
            RT_STRING0x1a09d000x198dataEnglishGreat Britain0.5490196078431373
            RT_STRING0x1a09e980x19cdataEnglishGreat Britain0.5
            RT_STRING0x1a0a0340x158dataEnglishGreat Britain0.5523255813953488
            RT_STRING0x1a0a18c0xa94dataEnglishGreat Britain0.3072378138847858
            RT_STRING0x1a0ac200x40dataEnglishGreat Britain0.6875
            RT_STRING0x1a0ac600x1e8dataEnglishGreat Britain0.514344262295082
            RT_STRING0x1a0ae480xa4dataEnglishGreat Britain0.6341463414634146
            RT_STRING0x1a0aeec0x1e0dataEnglishGreat Britain0.4666666666666667
            RT_STRING0x1a0b0cc0x22adataEnglishGreat Britain0.37906137184115524
            RT_STRING0x1a0b2f80x672Matlab v4 mat-file (little endian) T, numeric, rows 0, columns 0EnglishGreat Britain0.18424242424242424
            RT_STRING0x1a0b96c0xdb8dataEnglishGreat Britain0.10763097949886105
            RT_STRING0x1a0c7240x108dataEnglishGreat Britain0.375
            RT_STRING0x1a0c82c0x14adataEnglishGreat Britain0.5878787878787879
            RT_STRING0x1a0c9780x276dataEnglishGreat Britain0.4365079365079365
            RT_STRING0x1a0cbf00x186dataEnglishGreat Britain0.517948717948718
            RT_STRING0x1a0cd780x252dataEnglishGreat Britain0.4730639730639731
            RT_STRING0x1a0cfcc0x420dataEnglishGreat Britain0.39867424242424243
            RT_STRING0x1a0d3ec0x444dataEnglishGreat Britain0.40293040293040294
            RT_STRING0x1a0d8300x342dataEnglishGreat Britain0.44244604316546765
            RT_STRING0x1a0db740x32edataEnglishGreat Britain0.43857493857493857
            RT_STRING0x1a0dea40x748OpenPGP Public KeyEnglishGreat Britain0.27736051502145925
            RT_STRING0x1a0e5ec0x92dataEnglishGreat Britain0.6438356164383562
            RT_STRING0x1a0e6800x304Matlab v4 mat-file (little endian) o, numeric, rows 0, columns 0EnglishGreat Britain0.3329015544041451
            RT_STRING0x1a0e9840x394dataEnglishGreat Britain0.4596069868995633
            RT_STRING0x1a0ed180x4c8dataEnglishGreat Britain0.39215686274509803
            RT_STRING0x1a0f1e00x3a8dataEnglishGreat Britain0.42628205128205127
            RT_STRING0x1a0f5880x54cdataEnglishGreat Britain0.31710914454277284
            RT_STRING0x1a0fad40x22edataEnglishGreat Britain0.43548387096774194
            RT_STRING0x1a0fd040x4d6dataEnglishGreat Britain0.40468497576736673
            RT_STRING0x1a101dc0x37adataEnglishGreat Britain0.32247191011235954
            RT_STRING0x1a105580x43cAmigaOS bitmap font "o", fc_YSize 26112, 19968 elements, 2nd " ", 3rd "o"EnglishGreat Britain0.4160516605166052
            RT_STRING0x1a109940x630dataEnglishGreat Britain0.37941919191919193
            RT_STRING0x1a10fc40x534dataEnglishGreat Britain0.37987987987987987
            RT_STRING0x1a114f80x55adataEnglishGreat Britain0.3781021897810219
            RT_STRING0x1a11a540x40dataEnglishGreat Britain0.578125
            RT_STRING0x1a11a940x21eMatlab v4 mat-file (little endian) e, numeric, rows 0, columns 0EnglishGreat Britain0.474169741697417
            RT_STRING0x1a11cb40x7e6dataEnglishGreat Britain0.32146389713155293
            RT_STRING0x1a1249c0x384dataEnglishGreat Britain0.41444444444444445
            RT_STRING0x1a128200x2f6dataEnglishGreat Britain0.4234828496042216
            RT_STRING0x1a12b180x298dataEnglishGreat Britain0.46536144578313254
            RT_STRING0x1a12db00x608dataEnglishGreat Britain0.3704663212435233
            RT_STRING0x1a133b80x29edataEnglishGreat Britain0.45223880597014926
            RT_STRING0x1a136580x356dataEnglishGreat Britain0.4519906323185012
            RT_STRING0x1a139b00x46edataEnglishGreat Britain0.41622574955908287
            RT_STRING0x1a13e200x3acdataEnglishGreat Britain0.4148936170212766
            RT_STRING0x1a141cc0x476dataEnglishGreat Britain0.38441330998248685
            RT_STRING0x1a146440x480dataEnglishGreat Britain0.3376736111111111
            RT_STRING0x1a14ac40x388dataEnglishGreat Britain0.38827433628318586
            RT_STRING0x1a14e4c0x352dataEnglishGreat Britain0.4188235294117647
            RT_STRING0x1a151a00x3d6dataEnglishGreat Britain0.42362525458248473
            RT_STRING0x1a155780x4e8dataEnglishGreat Britain0.4068471337579618
            RT_STRING0x1a15a600x380dataEnglishGreat Britain0.4185267857142857
            RT_STRING0x1a15de00x8e4dataEnglishGreat Britain0.3347978910369069
            RT_STRING0x1a166c40x49cdataEnglishGreat Britain0.3652542372881356
            RT_STRING0x1a16b600x33adataEnglishGreat Britain0.4128329297820823
            RT_STRING0x1a16e9c0x1f4dataEnglishGreat Britain0.424
            RT_STRING0x1a170900x334dataEnglishGreat Britain0.4451219512195122
            RT_STRING0x1a173c40x46adataEnglishGreat Britain0.3938053097345133
            RT_STRING0x1a178300x3dedataEnglishGreat Britain0.3686868686868687
            RT_STRING0x1a17c100x320dataEnglishGreat Britain0.435
            RT_STRING0x1a17f300xd12dataEnglishGreat Britain0.33861326957561266
            RT_STRING0x1a18c440x4eedataEnglishGreat Britain0.3256735340729002
            RT_STRING0x1a191340x6cadataEnglishGreat Britain0.286536248561565
            RT_STRING0x1a198000x354dataEnglishGreat Britain0.4107981220657277
            RT_STRING0x1a19b540x12adataEnglishGreat Britain0.5805369127516778
            RT_STRING0x1a19c800x638dataEnglishGreat Britain0.37185929648241206
            RT_STRING0x1a1a2b80x310dataEnglishGreat Britain0.45535714285714285
            RT_STRING0x1a1a5c80x5ccdataEnglishGreat Britain0.3591644204851752
            RT_STRING0x1a1ab940x25cdataEnglishGreat Britain0.40728476821192056
            RT_STRING0x1a1adf00x1e6dataEnglishGreat Britain0.49382716049382713
            RT_STRING0x1a1afd80xe0dataEnglishGreat Britain0.5401785714285714
            RT_STRING0x1a1b0b80x57edataEnglishGreat Britain0.352773826458037
            RT_STRING0x1a1b6380x520dataEnglishGreat Britain0.3719512195121951
            RT_STRING0x1a1bb580x3f4dataEnglishGreat Britain0.44861660079051385
            RT_STRING0x1a1bf4c0x336dataEnglishGreat Britain0.39172749391727496
            RT_STRING0x1a1c2840x352dataEnglishGreat Britain0.4470588235294118
            RT_STRING0x1a1c5d80x55adataEnglishGreat Britain0.3386861313868613
            RT_STRING0x1a1cb340x700dataEnglishGreat Britain0.34933035714285715
            RT_STRING0x1a1d2340x45cdataEnglishGreat Britain0.4121863799283154
            RT_STRING0x1a1d6900x29edataEnglishGreat Britain0.4014925373134328
            RT_STRING0x1a1d9300x314dataEnglishGreat Britain0.4137055837563452
            RT_STRING0x1a1dc440x3d2dataEnglishGreat Britain0.38752556237218816
            RT_STRING0x1a1e0180x424dataEnglishGreat Britain0.4226415094339623
            RT_STRING0x1a1e43c0x490dataEnglishGreat Britain0.4023972602739726
            RT_STRING0x1a1e8cc0x504dataEnglishGreat Britain0.3691588785046729
            RT_STRING0x1a1edd00x188cdataEnglishGreat Britain0.20560152768936982
            RT_STRING0x1a2065c0x1b70dataEnglishGreat Britain0.21341116173120728
            RT_STRING0x1a221cc0x18c2dataEnglishGreat Britain0.18964973177658567
            RT_STRING0x1a23a900x2012dataEnglishGreat Britain0.24945188794153472
            RT_STRING0x1a25aa40x1832dataEnglishGreat Britain0.2671940587665483
            RT_STRING0x1a272d80x52adataEnglishGreat Britain0.3577912254160363
            RT_STRING0x1a278040x72edataEnglishGreat Britain0.338411316648531
            RT_STRING0x1a27f340xa96dataEnglishGreat Britain0.2697416974169742
            RT_STRING0x1a289cc0x938dataEnglishGreat Britain0.2796610169491525
            RT_STRING0x1a293040x714dataEnglishGreat Britain0.326158940397351
            RT_STRING0x1a29a180x290AmigaOS bitmap font "o", fc_YSize 29184, 17152 elements, 2nd "m", 3rd "g"EnglishGreat Britain0.45121951219512196
            RT_STRING0x1a29ca80x324dataEnglishGreat Britain0.43781094527363185
            RT_STRING0x1a29fcc0x17adataEnglishGreat Britain0.5185185185185185
            RT_STRING0x1a2a1480x198dataEnglishGreat Britain0.48284313725490197
            RT_STRING0x1a2a2e00x1b8dataEnglishGreat Britain0.575
            RT_STRING0x1a2a4980x1f2dataEnglishGreat Britain0.5160642570281124
            RT_STRING0x1a2a68c0xbedataEnglishGreat Britain0.6631578947368421
            RT_STRING0x1a2a74c0x18cdataEnglishGreat Britain0.5833333333333334
            RT_STRING0x1a2a8d80x316dataEnglishGreat Britain0.5012658227848101
            RT_STRING0x1a2abf00x1aadataEnglishGreat Britain0.5938967136150235
            RT_STRING0x1a2ad9c0x3e4dataEnglishGreat Britain0.3744979919678715
            RT_STRING0x1a2b1800x324dataEnglishGreat Britain0.4564676616915423
            RT_STRING0x1a2b4a40x2caMatlab v4 mat-file (little endian) G, numeric, rows 0, columns 0EnglishGreat Britain0.4565826330532213
            RT_STRING0x1a2b7700x3b2dataEnglishGreat Britain0.4090909090909091
            RT_STRING0x1a2bb240x20cdataEnglishGreat Britain0.4580152671755725
            RT_STRING0x1a2bd300x45edataEnglishGreat Britain0.35152057245080504
            RT_STRING0x1a2c1900x35adataEnglishGreat Britain0.4172494172494173
            RT_STRING0x1a2c4ec0x45edataEnglishGreat Britain0.4141323792486583
            RT_STRING0x1a2c94c0x632AmigaOS bitmap font "n", fc_YSize 29696, 17664 elements, 2nd "i", 3rd "u"EnglishGreat Britain0.3770491803278688
            RT_STRING0x1a2cf800xc0dataEnglishGreat Britain0.5989583333333334
            RT_STRING0x1a2d0400x4c8dataEnglishGreat Britain0.375
            RT_STRING0x1a2d5080x59aAmigaOS bitmap font "e", fc_YSize 28160, 19200 elements, 2nd "t", 3rd "e"EnglishGreat Britain0.30962343096234307
            RT_STRING0x1a2daa40x350dataEnglishGreat Britain0.39976415094339623
            RT_STRING0x1a2ddf40x5bcdataEnglishGreat Britain0.38419618528610355
            RT_STRING0x1a2e3b00xd5edataEnglishGreat Britain0.2884278199883109
            RT_STRING0x1a2f1100x468dataEnglishGreat Britain0.3617021276595745
            RT_STRING0x1a2f5780x682dataEnglishGreat Britain0.39255702280912363
            RT_STRING0x1a2fbfc0x590dataEnglishGreat Britain0.4002808988764045
            RT_STRING0x1a3018c0x3d2dataEnglishGreat Britain0.42024539877300615
            RT_STRING0x1a305600x536dataEnglishGreat Britain0.3313343328335832
            RT_STRING0x1a30a980x5a2dataEnglishGreat Britain0.37586685159500693
            RT_STRING0x1a3103c0x614dataEnglishGreat Britain0.29370179948586117
            RT_STRING0x1a316500x700dataEnglishGreat Britain0.3052455357142857
            RT_STRING0x1a31d500x47edataEnglishGreat Britain0.38782608695652177
            RT_STRING0x1a321d00x40cdataEnglishGreat Britain0.41795366795366795
            RT_STRING0x1a325dc0x3c6dataEnglishGreat Britain0.43788819875776397
            RT_STRING0x1a329a40x404dataEnglishGreat Britain0.3861867704280156
            RT_STRING0x1a32da80x60edataEnglishGreat Britain0.292258064516129
            RT_STRING0x1a333b80x42cdataEnglishGreat Britain0.3717228464419476
            RT_STRING0x1a337e40x48cdataEnglishGreat Britain0.43041237113402064
            RT_STRING0x1a33c700x68dataEnglishGreat Britain0.6442307692307693
            RT_STRING0x1a33cd80x5d4dataEnglishGreat Britain0.3378016085790885
            RT_STRING0x1a342ac0x2fadataEnglishGreat Britain0.36351706036745407
            RT_STRING0x1a345a80x428dataEnglishGreat Britain0.35526315789473684
            RT_STRING0x1a349d00x422dataEnglishGreat Britain0.3544423440453686
            RT_STRING0x1a34df40x402dataEnglishGreat Britain0.3684210526315789
            RT_STRING0x1a351f80x334dataEnglishGreat Britain0.4121951219512195
            RT_STRING0x1a3552c0x494dataEnglishGreat Britain0.40187713310580203
            RT_STRING0x1a359c00x6cdata0.6018518518518519
            RT_STRING0x1a35a2c0x250data0.46790540540540543
            RT_STRING0x1a35c7c0x204data0.46705426356589147
            RT_STRING0x1a35e800x3ecdata0.3894422310756972
            RT_STRING0x1a3626c0x410data0.41634615384615387
            RT_STRING0x1a3667c0x160data0.59375
            RT_STRING0x1a367dc0xd0data0.6778846153846154
            RT_STRING0x1a368ac0x2f4data0.43253968253968256
            RT_STRING0x1a36ba00x3fcdata0.37941176470588234
            RT_STRING0x1a36f9c0x49cdata0.35338983050847456
            RT_STRING0x1a374380x29cdata0.31736526946107785
            RT_STRING0x1a376d40x3f0data0.43154761904761907
            RT_STRING0x1a37ac40x438data0.3731481481481482
            RT_STRING0x1a37efc0x3acdata0.3861702127659574
            RT_STRING0x1a382a80x404data0.3764591439688716
            RT_STRING0x1a386ac0x2acdata0.38742690058479534
            RT_STRING0x1a389580x68data0.6538461538461539
            RT_STRING0x1a389c00xd4data0.5283018867924528
            RT_STRING0x1a38a940xa4data0.6524390243902439
            RT_STRING0x1a38b380x2acdata0.45614035087719296
            RT_STRING0x1a38de40x34cdata0.4218009478672986
            RT_STRING0x1a391300x294data0.4106060606060606
            RT_ACCELERATOR0x1a393c40x70dataEnglishGreat Britain0.6785714285714286
            RT_GROUP_CURSOR0x1a394340x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.25
            RT_GROUP_CURSOR0x1a394480x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.25
            RT_GROUP_CURSOR0x1a3945c0x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
            RT_GROUP_CURSOR0x1a394700x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
            RT_GROUP_CURSOR0x1a394840x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
            RT_GROUP_CURSOR0x1a394980x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
            RT_GROUP_CURSOR0x1a394ac0x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
            RT_GROUP_ICON0x1a394c00x5adataEnglishUnited States0.7333333333333333
            RT_VERSION0x1a3951c0x3e8dataEnglishUnited States0.393
            RT_HTML0x1a399040x15ccHTML document, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.21362007168458783
            RT_HTML0x1a3aed00x55bHTML document, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.312180889861415
            RT_HTML0x1a3b42c0xd32HTML document, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.30224985198342214
            RT_HTML0x1a3c1600x1e1dHTML document, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.22778570502010637
            RT_HTML0x1a3df800xd66HTML document, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.30962099125364434
            RT_HTML0x1a3ece80x19f5HTML document, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.2618510158013544
            RT_HTML0x1a406e00x37c4HTML document, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.20579994396189408
            RT_HTML0x1a43ea40xf2aHTML document, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.30139103554868624
            RT_HTML0x1a44dd00x1594HTML document, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.23497465604634324
            RT_HTML0x1a463640x148aHTML document, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.21472042601749713
            RT_HTML0x1a477f00x291HTML document, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.4048706240487062
            RT_HTML0x1a47a840x1636HTML document, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.2361941610974323
            RT_HTML0x1a490bc0x209fHTML document, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.22632020117351215
            RT_HTML0x1a4b15c0x455HTML document, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.36609558160504957
            RT_HTML0x1a4b5b40x273fHTML document, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.23340300587239973
            RT_HTML0x1a4dcf40x2dfHTML document, ASCII text, with CRLF, LF line terminatorsEnglishGreat Britain0.41496598639455784
            RT_HTML0x1a4dfd40x656HTML document, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.2836004932182491
            RT_HTML0x1a4e62c0xb03HTML document, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.3054274565448741
            RT_HTML0x1a4f1300x2b26HTML document, ASCII text, with very long lines (474), with CRLF line terminatorsEnglishGreat Britain0.155893536121673
            RT_HTML0x1a51c580x17bdHTML document, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.24897153200592398
            RT_HTML0x1a534180x1eacHTML document, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.14862455425369334
            RT_HTML0x1a552c40x4d5cHTML document, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.18445768531609777
            RT_HTML0x1a5a0200x11f6HTML document, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.29469334493257937
            RT_HTML0x1a5b2180x3bfHTML document, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.37017726798748696
            RT_HTML0x1a5b5d80xffcHTML document, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.30303030303030304
            RT_HTML0x1a5c5d40x2b66HTML document, ASCII text, with very long lines (339), with CRLF line terminatorsEnglishGreat Britain0.18802880288028803
            RT_HTML0x1a5f13c0xecdHTML document, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.3072050673000792
            RT_HTML0x1a6000c0x123aHTML document, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.25932276039434204
            RT_HTML0x1a612480xd22HTML document, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.23289708506841167
            RT_HTML0x1a61f6c0x1228HTML document, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.2697934595524957
            RT_HTML0x1a631940x49eaHTML document, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.1534193002853821
            RT_HTML0x1a67b800xe8fHTML document, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.22940702978266703
            RT_HTML0x1a68a100xfcdHTML document, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.29517923362175524
            RT_HTML0x1a699e00x1058HTML document, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.2891969407265774
            RT_HTML0x1a6aa380xc89HTML document, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.31193518229978184
            RT_HTML0x1a6b6c40x1649HTML document, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.2532865907099036
            RT_HTML0x1a6cd100xee3HTML document, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.3043820519548675
            RT_HTML0x1a6dbf40x162aHTML document, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.2606626718364469
            RT_HTML0x1a6f2200xdc9HTML document, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.30858600170019834
            RT_HTML0x1a6ffec0x1115HTML document, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.287217013491882
            RT_HTML0x1a711040xd7dHTML document, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.32580364900086883
            RT_HTML0x1a71e840x1065HTML document, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.28806290207290924
            RT_HTML0x1a72eec0x157dHTML document, Unicode text, UTF-8 (with BOM) text, with CRLF, LF line terminatorsEnglishGreat Britain0.27922195964370117
            RT_HTML0x1a7446c0x1151HTML document, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.28287841191067
            RT_HTML0x1a755c00x13adHTML document, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.277744689299186
            RT_HTML0x1a769700x2d12HTML document, ASCII text, with very long lines (359), with CRLF line terminatorsEnglishGreat Britain0.17256023574276305
            RT_HTML0x1a796840xc7aHTML document, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.29774577332498436
            RT_HTML0x1a7a3000xf45HTML document, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.30493732412381686
            RT_HTML0x1a7b2480x3ef1HTML document, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.20412089617079376
            RT_HTML0x1a7f13c0x159dHTML document, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.1966383517079342
            RT_HTML0x1a806dc0x3399HTML document, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.1500492088727383
            RT_HTML0x1a83a780x7b4HTML document, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.3002028397565923
            RT_HTML0x1a8422c0x9d1HTML document, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.27616394747313966
            RT_HTML0x1a84c000x3209HTML document, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.157701616051214
            RT_HTML0x1a87e0c0x1245HTML document, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.32093222150951467
            RT_HTML0x1a890540x168dHTML document, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.18205439113112767
            RT_HTML0x1a8a6e40x7a5HTML document, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.3178334184977006
            RT_HTML0x1a8ae8c0x1c92HTML document, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.21452009844134537
            RT_HTML0x1a8cb200x15c0HTML document, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.1995330459770115
            RT_HTML0x1a8e0e00x8afHTML document, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.2793522267206478
            RT_HTML0x1a8e9900x883HTML document, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.36759981642955486
            RT_HTML0x1a8f2140x649HTML document, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.33064014916096957
            RT_HTML0x1a8f8600x4b6HTML document, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.3988391376451078
            RT_HTML0x1a8fd180x594HTML document, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.35084033613445376
            RT_HTML0x1a902ac0x3e0HTML document, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.3941532258064516
            RT_HTML0x1a9068c0x9e1HTML document, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.25345986555950967
            RT_HTML0x1a910700x3b7aHTML document, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.17693419151451464
            RT_HTML0x1a94bec0xd19HTML document, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.22010140172979423
            RT_HTML0x1a959080xd2b0HTML document, Unicode text, UTF-8 (with BOM) text, with very long lines (503), with CRLF line terminatorsEnglishGreat Britain0.11031592999110057
            RT_HTML0x1aa2bb80x983HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminatorsEnglishGreat Britain0.33059548254620125
            RT_HTML0x1aa353c0x966HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminatorsEnglishGreat Britain0.3092269326683292
            RT_HTML0x1aa3ea40x152eHTML document, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.2641091848026558
            RT_HTML0x1aa53d40x1490HTML document, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.24848024316109424
            RT_HTML0x1aa68640x26a1HTML document, ASCII text, with very long lines (379), with CRLF line terminatorsEnglishGreat Britain0.13014460511679643
            RT_HTML0x1aa8f080xce1HTML document, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.34152259629966636
            RT_HTML0x1aa9bec0xc9dHTML document, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.23288943945493962
            RT_HTML0x1aaa88c0x2a92HTML document, ASCII text, with very long lines (496), with CRLF line terminatorsEnglishGreat Britain0.18847494953202423
            RT_HTML0x1aad3200x4f54HTML document, Non-ISO extended-ASCII text, with very long lines (328), with CRLF line terminatorsEnglishGreat Britain0.14413039196375813
            RT_HTML0x1ab22740x6c9HTML document, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.30339666090961426
            RT_HTML0x1ab29400x595HTML document, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.34849545136459065
            RT_HTML0x1ab2ed80x572HTML document, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.37374461979913914
            RT_HTML0x1ab344c0x1e20HTML document, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.2287344398340249
            RT_HTML0x1ab526c0x17e3HTML document, Non-ISO extended-ASCII text, with CRLF line terminatorsEnglishGreat Britain0.28274734260016354
            RT_HTML0x1ab6a500x13e0HTML document, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.2329009433962264
            RT_HTML0x1ab7e300xf76HTML document, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.3024254674077817
            RT_HTML0x1ab8da80xa5cHTML document, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.32805429864253394
            RT_HTML0x1ab98040x9c6HTML document, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.2981614708233413
            RT_HTML0x1aba1cc0x637HTML document, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.37335009428032684
            RT_HTML0x1aba8040x4672HTML document, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.15587224132194744
            RT_HTML0x1abee780x1935HTML document, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.235084456841779
            RT_HTML0x1ac07b00x2eb4HTML document, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.21186015389762464
            RT_HTML0x1ac36640xd0fHTML document, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.2802871672150763
            RT_HTML0x1ac43740x1151HTML document, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.2501691856530566
            RT_HTML0x1ac54c80x2ccHTML document, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.34916201117318435
            RT_HTML0x1ac57940xb1dHTML document, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.33110720562390156
            RT_HTML0x1ac62b40x36a5HTML document, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.20980770605475732
            RT_HTML0x1ac995c0x20daHTML document, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.2787158145065398
            RT_HTML0x1acba380xc9fHTML document, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.3057876818322501
            RT_HTML0x1acc6d80x38b1HTML document, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.20678012816095914
            RT_HTML0x1acff8c0xb60HTML document, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.31490384615384615
            RT_HTML0x1ad0aec0x1b61HTML document, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.2392638036809816
            RT_HTML0x1ad26500x14f5HTML document, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.2147250698974837
            RT_HTML0x1ad3b480x18b8HTML document, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.24462705436156765
            RT_HTML0x1ad54000x1172HTML document, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.2928795342588446
            RT_HTML0x1ad65740x384HTML document, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.3844444444444444
            RT_HTML0x1ad68f80x1dc8HTML document, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.1992392444910808
            RT_HTML0x1ad86c00xb03HTML document, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.26463284852784674
            RT_HTML0x1ad91c40x1070HTML document, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.23645437262357413
            RT_HTML0x1ada2340xc62HTML document, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.27097791798107257
            RT_HTML0x1adae980x3614HTML document, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.18845709332562843
            RT_HTML0x1ade4ac0x1294HTML document, ASCII text, with very long lines (339), with CRLF line terminatorsEnglishGreat Britain0.21698906644238855
            RT_HTML0x1adf7400x823HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminatorsEnglishGreat Britain0.35477676428228516
            RT_HTML0x1adff640x804HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminatorsEnglishGreat Britain0.35428849902534115
            RT_HTML0x1ae07680x3469HTML document, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.1804427219199523
            RT_HTML0x1ae3bd40x1aecHTML document, Non-ISO extended-ASCII text, with CRLF line terminatorsEnglishGreat Britain0.2498549042367963
            RT_HTML0x1ae56c00xf19HTML document, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.30711513583441136
            RT_HTML0x1ae65dc0xda1HTML document, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.25709372312983664
            None0x1ae73800xaadataEnglishGreat Britain0.40588235294117647
            None0x1ae742c0xaadataEnglishGreat Britain0.40588235294117647
            None0x1ae74d80xaadataEnglishGreat Britain0.40588235294117647

            Imports

            DLLImport
            USER32.dllGetWindowThreadProcessId, ShowWindow
            KERNEL32.dllGetModuleFileNameW, CreateSymbolicLinkW, GetProcAddress, GetCommandLineW, GetEnvironmentVariableW, SetEnvironmentVariableW, ExpandEnvironmentStringsW, CreateDirectoryW, GetTempPathW, WaitForSingleObject, Sleep, GetExitCodeProcess, CreateProcessW, SetDllDirectoryW, FreeLibrary, LoadLibraryExW, SetConsoleCtrlHandler, FindClose, FindFirstFileExW, CloseHandle, GetCurrentProcess, GetCurrentProcessId, LocalFree, FormatMessageW, MultiByteToWideChar, WideCharToMultiByte, GetConsoleWindow, HeapSize, GetLastError, WriteConsoleW, SetEndOfFile, GetStartupInfoW, TlsGetValue, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, GetModuleHandleW, RtlUnwind, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, DecodePointer, TlsSetValue, TlsFree, EncodePointer, RaiseException, GetCommandLineA, CreateFileW, GetDriveTypeW, GetFileInformationByHandle, GetFileType, PeekNamedPipe, SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime, GetFullPathNameW, RemoveDirectoryW, FindNextFileW, SetStdHandle, DeleteFileW, ReadFile, GetStdHandle, WriteFile, ExitProcess, GetModuleHandleExW, HeapFree, GetConsoleMode, ReadConsoleW, SetFilePointerEx, GetConsoleOutputCP, GetFileSizeEx, HeapAlloc, CompareStringW, LCMapStringW, GetCurrentDirectoryW, FlushFileBuffers, HeapReAlloc, GetFileAttributesExW, GetStringTypeW, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetProcessHeap, GetTimeZoneInformation
            ADVAPI32.dllConvertSidToStringSidW, GetTokenInformation, OpenProcessToken, ConvertStringSecurityDescriptorToSecurityDescriptorW

            Possible Origin

            Language of compilation systemCountry where language is spokenMap
            EnglishGreat Britain
            EnglishUnited States

            Network Behavior

            Network Port Distribution

            TCP Packets

            TimestampSource PortDest PortSource IPDest IP
            Aug 28, 2024 15:57:06.149265051 CEST49703443192.168.2.7140.82.121.4
            Aug 28, 2024 15:57:06.149302006 CEST44349703140.82.121.4192.168.2.7
            Aug 28, 2024 15:57:06.149359941 CEST49703443192.168.2.7140.82.121.4
            Aug 28, 2024 15:57:07.765341997 CEST49703443192.168.2.7140.82.121.4
            Aug 28, 2024 15:57:07.765369892 CEST44349703140.82.121.4192.168.2.7
            Aug 28, 2024 15:57:08.417393923 CEST44349703140.82.121.4192.168.2.7
            Aug 28, 2024 15:57:08.419687986 CEST49703443192.168.2.7140.82.121.4
            Aug 28, 2024 15:57:08.419704914 CEST44349703140.82.121.4192.168.2.7
            Aug 28, 2024 15:57:08.421083927 CEST44349703140.82.121.4192.168.2.7
            Aug 28, 2024 15:57:08.421149015 CEST49703443192.168.2.7140.82.121.4
            Aug 28, 2024 15:57:08.429632902 CEST49703443192.168.2.7140.82.121.4
            Aug 28, 2024 15:57:08.429805994 CEST44349703140.82.121.4192.168.2.7
            Aug 28, 2024 15:57:08.429850101 CEST49703443192.168.2.7140.82.121.4
            Aug 28, 2024 15:57:08.430053949 CEST49703443192.168.2.7140.82.121.4

            UDP Packets

            TimestampSource PortDest PortSource IPDest IP
            Aug 28, 2024 15:57:06.138387918 CEST5743153192.168.2.71.1.1.1
            Aug 28, 2024 15:57:06.144968987 CEST53574311.1.1.1192.168.2.7

            DNS Queries

            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
            Aug 28, 2024 15:57:06.138387918 CEST192.168.2.71.1.1.10xb0aeStandard query (0)github.comA (IP address)IN (0x0001)false

            DNS Answers

            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
            Aug 28, 2024 15:57:06.144968987 CEST1.1.1.1192.168.2.70xb0aeNo error (0)github.com140.82.121.4A (IP address)IN (0x0001)false

            Statistics

            CPU Usage

            Click to jump to process

            Memory Usage

            Click to jump to process

            Behavior

            Click to jump to process

            System Behavior

            General

            Target ID:0
            Start time:09:57:00
            Start date:28/08/2024
            Path:C:\Users\user\Desktop\bcLKBiuPHu.exe
            Wow64 process (32bit):true
            Commandline:"C:\Users\user\Desktop\bcLKBiuPHu.exe"
            Imagebase:0x220000
            File size:35'527'104 bytes
            MD5 hash:667EAD6E36314BD21B1FA1FB9F1960B6
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:low
            Has exited:true

            General

            Target ID:2
            Start time:09:57:00
            Start date:28/08/2024
            Path:C:\Windows\System32\conhost.exe
            Wow64 process (32bit):false
            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Imagebase:0x7ff75da10000
            File size:862'208 bytes
            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:high
            Has exited:true

            General

            Target ID:3
            Start time:09:57:02
            Start date:28/08/2024
            Path:C:\Users\user\Desktop\bcLKBiuPHu.exe
            Wow64 process (32bit):true
            Commandline:"C:\Users\user\Desktop\bcLKBiuPHu.exe"
            Imagebase:0x220000
            File size:35'527'104 bytes
            MD5 hash:667EAD6E36314BD21B1FA1FB9F1960B6
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:low
            Has exited:true

            Disassembly

            Reset < >

              Execution Graph

              Execution Coverage:15.2%
              Dynamic/Decrypted Code Coverage:0%
              Signature Coverage:0.3%
              Total number of Nodes:315
              Total number of Limit Nodes:5
              execution_graph 2745 22ab30 2748 22afd5 2745->2748 2747 22ab35 2747->2747 2749 22afeb 2748->2749 2751 22aff4 2749->2751 2752 22af88 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 2749->2752 2751->2747 2752->2751 2753 221d90 GetCurrentProcessId 2754 221da2 2753->2754 2350 22e755 2351 22e768 2350->2351 2354 22e537 2351->2354 2353 22e77d 2355 22e545 2354->2355 2356 22e552 2354->2356 2355->2356 2359 22e490 2355->2359 2356->2353 2360 22e49c 2359->2360 2365 22e4eb 2360->2365 2375 23a4c8 2365->2375 2369 22e521 2388 23a573 2369->2388 2372 22e4df 2663 232db0 LeaveCriticalSection 2372->2663 2374 22e4c8 2374->2353 2392 23a48a 2375->2392 2377 22e503 2382 22e5ae 2377->2382 2378 23a4d9 2378->2377 2399 23a5b1 2378->2399 2383 22e5ce 2382->2383 2387 22e5c0 2382->2387 2383->2369 2385 237a35 13 API calls 2385->2387 2387->2383 2387->2385 2498 234b32 2387->2498 2504 239f05 2387->2504 2389 22e4b7 2388->2389 2390 23a57e 2388->2390 2389->2372 2390->2389 2391 234b32 64 API calls 2390->2391 2391->2389 2393 23a496 2392->2393 2394 23a4c0 2393->2394 2412 237a35 2393->2412 2394->2378 2396 23a4b1 2417 240062 2396->2417 2398 23a4b7 2398->2378 2400 23a5ef 2399->2400 2404 23a5bf 2399->2404 2401 234e21 __freea 13 API calls 2400->2401 2403 23a532 2401->2403 2402 23a5da RtlAllocateHeap 2402->2403 2402->2404 2406 237d9d 2403->2406 2404->2400 2404->2402 2484 23f7b2 2404->2484 2407 237da8 RtlFreeHeap 2406->2407 2411 237dd2 2406->2411 2408 237dbd GetLastError 2407->2408 2407->2411 2409 237dca __freea 2408->2409 2410 234e21 __freea 11 API calls 2409->2410 2410->2411 2411->2377 2413 237a41 2412->2413 2414 237a56 2412->2414 2424 234e21 2413->2424 2414->2396 2416 237a46 2416->2396 2418 24007c 2417->2418 2419 24006f 2417->2419 2421 240088 2418->2421 2422 234e21 __freea 13 API calls 2418->2422 2420 234e21 __freea 13 API calls 2419->2420 2423 240074 2420->2423 2421->2398 2422->2423 2423->2398 2427 23861a GetLastError 2424->2427 2426 234e26 2426->2416 2428 238630 2427->2428 2429 238636 2427->2429 2448 23bb14 2428->2448 2446 23863a SetLastError 2429->2446 2453 23bb53 2429->2453 2433 238652 2434 238680 2433->2434 2435 23866f 2433->2435 2433->2446 2437 23bb53 __freea 6 API calls 2434->2437 2436 23bb53 __freea 6 API calls 2435->2436 2438 23867d 2436->2438 2439 23868c 2437->2439 2442 237d9d __freea 11 API calls 2438->2442 2440 238690 2439->2440 2441 2386a7 2439->2441 2444 23bb53 __freea 6 API calls 2440->2444 2458 2382ed 2441->2458 2442->2446 2444->2438 2446->2426 2447 237d9d __freea 11 API calls 2447->2446 2463 23b955 2448->2463 2451 23bb4b TlsGetValue 2452 23bb39 2452->2429 2454 23b955 __freea 5 API calls 2453->2454 2455 23bb6f 2454->2455 2456 23bb78 2455->2456 2457 23bb8d TlsSetValue 2455->2457 2456->2433 2470 238181 2458->2470 2464 23b985 2463->2464 2468 23b981 2463->2468 2465 23b88a __freea LoadLibraryExW GetLastError LoadLibraryExW FreeLibrary 2464->2465 2464->2468 2466 23b999 2465->2466 2467 23b99f GetProcAddress 2466->2467 2466->2468 2467->2468 2469 23b9af __freea 2467->2469 2468->2451 2468->2452 2469->2468 2471 23818d 2470->2471 2472 23d031 __freea EnterCriticalSection 2471->2472 2473 238197 2472->2473 2474 2381c7 __freea LeaveCriticalSection 2473->2474 2475 2381b5 2474->2475 2476 238293 2475->2476 2477 23829f 2476->2477 2478 23d031 __freea EnterCriticalSection 2477->2478 2479 2382a9 2478->2479 2480 23847e __freea 13 API calls 2479->2480 2481 2382c1 2480->2481 2482 2382e1 __freea LeaveCriticalSection 2481->2482 2483 2382cf 2482->2483 2483->2447 2487 23f7de 2484->2487 2488 23f7ea 2487->2488 2493 23d031 EnterCriticalSection 2488->2493 2490 23f7f5 2494 23f82c 2490->2494 2493->2490 2497 23d081 LeaveCriticalSection 2494->2497 2496 23f7bd 2496->2404 2497->2496 2499 234b72 2498->2499 2500 234b4b 2498->2500 2499->2387 2500->2499 2501 237a35 13 API calls 2500->2501 2502 234b67 2501->2502 2503 239f05 64 API calls 2502->2503 2503->2499 2505 239f11 2504->2505 2506 239f19 2505->2506 2512 23564b EnterCriticalSection 2505->2512 2506->2387 2508 239f9e 2509 239fbc 2508->2509 2513 23a016 2508->2513 2538 23a00e 2509->2538 2512->2508 2514 23a03e 2513->2514 2531 23a042 2513->2531 2517 23a0bb 2514->2517 2514->2531 2541 23951a 2514->2541 2544 239b5b 2517->2544 2519 23a0d3 2523 23a102 2519->2523 2524 23a0db 2519->2524 2520 23a11a 2521 23a183 WriteFile 2520->2521 2522 23a12e 2520->2522 2525 23a1a5 GetLastError 2521->2525 2521->2531 2527 23a136 2522->2527 2528 23a16f 2522->2528 2556 23972c GetConsoleOutputCP 2523->2556 2524->2531 2551 239af3 2524->2551 2525->2531 2529 23a15b 2527->2529 2530 23a13b 2527->2530 2577 239bd8 2528->2577 2571 239d9c 2529->2571 2530->2531 2534 23a144 2530->2534 2531->2509 2566 239cb3 2534->2566 2536 23a115 2536->2531 2662 235700 LeaveCriticalSection 2538->2662 2540 23a014 2540->2506 2582 2393f9 2541->2582 2543 239533 2543->2517 2545 240062 13 API calls 2544->2545 2546 239b6d 2545->2546 2547 239bd1 2546->2547 2548 239b9b 2546->2548 2602 232730 2546->2602 2547->2519 2547->2520 2548->2547 2550 239bb5 GetConsoleMode 2548->2550 2550->2547 2554 239b4a 2551->2554 2555 239b15 2551->2555 2552 240114 CreateFileW CloseHandle WriteConsoleW GetLastError WriteConsoleW 2552->2555 2553 239b4c GetLastError 2553->2554 2554->2531 2555->2552 2555->2553 2555->2554 2557 23979e 2556->2557 2562 2397a5 2556->2562 2558 232730 60 API calls 2557->2558 2558->2562 2559 23b650 60 API calls 2559->2562 2560 239a5b 2560->2536 2562->2559 2562->2560 2563 2399d4 WriteFile 2562->2563 2565 239a12 WriteFile 2562->2565 2659 23c8f6 2562->2659 2563->2562 2564 239aca GetLastError 2563->2564 2564->2560 2565->2562 2565->2564 2568 239cc2 2566->2568 2567 239d81 2567->2531 2568->2567 2569 239d37 WriteFile 2568->2569 2569->2568 2570 239d83 GetLastError 2569->2570 2570->2567 2576 239dab 2571->2576 2572 239eb3 2572->2536 2573 23c8f6 WideCharToMultiByte 2573->2576 2574 239eb5 GetLastError 2574->2572 2575 239e6a WriteFile 2575->2574 2575->2576 2576->2572 2576->2573 2576->2574 2576->2575 2580 239be7 2577->2580 2578 239c98 2578->2536 2579 239c57 WriteFile 2579->2580 2581 239c9a GetLastError 2579->2581 2580->2578 2580->2579 2581->2578 2588 2358c7 2582->2588 2584 23940b 2585 239427 SetFilePointerEx 2584->2585 2587 239413 2584->2587 2586 23943f GetLastError 2585->2586 2585->2587 2586->2587 2587->2543 2589 2358d4 2588->2589 2590 2358e9 2588->2590 2599 234e0e 2589->2599 2593 234e0e 13 API calls 2590->2593 2595 23590e 2590->2595 2596 235919 2593->2596 2594 234e21 __freea 13 API calls 2598 2358e1 2594->2598 2595->2584 2597 234e21 __freea 13 API calls 2596->2597 2597->2598 2598->2584 2600 23861a __freea 13 API calls 2599->2600 2601 234e13 2600->2601 2601->2594 2609 22dd84 2602->2609 2604 232740 2618 23a8fe 2604->2618 2610 22dd97 2609->2610 2611 22dd8e 2609->2611 2610->2604 2626 22dd3e GetLastError 2611->2626 2613 22dd93 2613->2610 2630 237ab6 2613->2630 2615 22dda0 2616 22dcb0 64 API calls 2615->2616 2617 22ddc0 2616->2617 2617->2604 2619 23a915 2618->2619 2620 23275d 2618->2620 2619->2620 2641 23f595 2619->2641 2622 23a95c 2620->2622 2623 23a973 2622->2623 2624 23276a 2622->2624 2623->2624 2654 23eb68 2623->2654 2624->2548 2627 22dd57 2626->2627 2628 2386cb 13 API calls 2627->2628 2629 22dd6f SetLastError 2628->2629 2629->2613 2631 23f907 EnterCriticalSection LeaveCriticalSection 2630->2631 2632 237abb 2631->2632 2633 23f94c 25 API calls 2632->2633 2637 237ac6 2632->2637 2633->2637 2634 237aef 2636 2371c9 20 API calls 2634->2636 2635 237ad0 IsProcessorFeaturePresent 2638 237adc 2635->2638 2640 237af9 2636->2640 2637->2634 2637->2635 2639 237b5d IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 2638->2639 2639->2634 2642 23f5a1 2641->2642 2643 2384c9 26 API calls 2642->2643 2644 23f5aa 2643->2644 2645 23f5f0 2644->2645 2646 23d031 __freea EnterCriticalSection 2644->2646 2645->2620 2647 23f5c8 2646->2647 2648 23f616 13 API calls 2647->2648 2649 23f5d9 2648->2649 2650 23f5f5 LeaveCriticalSection 2649->2650 2651 23f5ec 2650->2651 2651->2645 2652 237ab6 26 API calls 2651->2652 2653 23f615 2652->2653 2655 2384c9 26 API calls 2654->2655 2656 23eb6d 2655->2656 2657 23ea71 36 API calls 2656->2657 2658 23eb78 2657->2658 2658->2624 2661 23c909 2659->2661 2660 23c947 WideCharToMultiByte 2660->2562 2661->2660 2662->2540 2663->2374 2664 2371c9 2667 237039 2664->2667 2668 237066 2667->2668 2669 237078 2667->2669 2694 22b1bf GetModuleHandleW 2668->2694 2679 236ee9 2669->2679 2674 2370b5 2678 2370ca 2680 236ef5 2679->2680 2702 23d031 EnterCriticalSection 2680->2702 2682 236eff 2703 236f51 2682->2703 2684 236f0c 2707 236f2a 2684->2707 2687 2370d0 2732 237101 2687->2732 2689 2370da 2690 2370ee 2689->2690 2691 2370de GetCurrentProcess TerminateProcess 2689->2691 2692 23711a 3 API calls 2690->2692 2691->2690 2693 2370f6 ExitProcess 2692->2693 2695 22b1cb 2694->2695 2695->2669 2696 23711a GetModuleHandleExW 2695->2696 2697 23717a 2696->2697 2698 237159 GetProcAddress 2696->2698 2699 237180 FreeLibrary 2697->2699 2700 237077 2697->2700 2698->2697 2701 23716d 2698->2701 2699->2700 2700->2669 2701->2697 2702->2682 2705 236f5d 2703->2705 2704 236fc1 2704->2684 2705->2704 2710 23773d 2705->2710 2731 23d081 LeaveCriticalSection 2707->2731 2709 236f18 2709->2674 2709->2687 2711 237749 __EH_prolog3 2710->2711 2714 237495 2711->2714 2713 237770 2713->2704 2715 2374a1 2714->2715 2722 23d031 EnterCriticalSection 2715->2722 2717 2374af 2723 23764d 2717->2723 2722->2717 2724 2374bc 2723->2724 2725 23766c 2723->2725 2727 2374e4 2724->2727 2725->2724 2726 237d9d __freea 13 API calls 2725->2726 2726->2724 2730 23d081 LeaveCriticalSection 2727->2730 2729 2374cd 2729->2713 2730->2729 2731->2709 2735 23eeca 2732->2735 2734 237106 2734->2689 2736 23eed9 2735->2736 2737 23eee6 2736->2737 2739 23b9da 2736->2739 2737->2734 2740 23b955 __freea 5 API calls 2739->2740 2741 23b9f6 2740->2741 2741->2737 2742 232bc8 2743 237d9d __freea 13 API calls 2742->2743 2744 232be0 2743->2744 2755 22de2d 2756 22de39 2755->2756 2757 22de4d 2755->2757 2758 234e21 __freea 13 API calls 2756->2758 2759 22de3e 2758->2759

              Executed Functions

              Function 0023B88A Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 0 23b88a-23b896 1 23b928-23b92b 0->1 2 23b931 1->2 3 23b89b-23b8ac 1->3 4 23b933-23b937 2->4 5 23b8b9-23b8d2 LoadLibraryExW 3->5 6 23b8ae-23b8b1 3->6 9 23b8d4-23b8dd GetLastError 5->9 10 23b938-23b948 5->10 7 23b951-23b953 6->7 8 23b8b7 6->8 7->4 14 23b925 8->14 11 23b916-23b923 9->11 12 23b8df-23b8f1 call 237afa 9->12 10->7 13 23b94a-23b94b FreeLibrary 10->13 11->14 12->11 17 23b8f3-23b905 call 237afa 12->17 13->7 14->1 17->11 20 23b907-23b914 LoadLibraryExW 17->20 20->10 20->11
              APIs
              • FreeLibrary.KERNEL32(00000000,?,00000000,00000800,00000000,00000000,?,92F439E1,?,0023B999,?,00232BE0,00000000,00000000), ref: 0023B94B
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.1333843612.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
              • Associated: 00000000.00000002.1333817227.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333879768.0000000000248000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333906575.0000000000256000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333906575.0000000000258000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000000259000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000000C59000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000000EC8000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000000ECC000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000000ED4000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000000F82000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000001254000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000001257000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000001883000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000001911000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.000000000191D000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000001B9F000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000001BA1000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000001BF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_220000_bcLKBiuPHu.jbxd
              Similarity
              • API ID: FreeLibrary
              • String ID: api-ms-$ext-ms-
              • API String ID: 3664257935-537541572
              • Opcode ID: b655ee8427d7d022360cc902d3802678d022ac415bf832214b705bf704725896
              • Instruction ID: 87fade040a01273fd1824bb6dcc09ddf76918803b81123e5673e1495240fc982
              • Opcode Fuzzy Hash: b655ee8427d7d022360cc902d3802678d022ac415bf832214b705bf704725896
              • Instruction Fuzzy Hash: 0621BBB5E70212ABDB229F24AC84B6E3758DF427A5F150510EF05A7291DB70ED15CAD0
              Function 002370D0 Relevance: 4.5, APIs: 3, Instructions: 15COMMON
              Download Yara Rule

              Control-flow Graph

              APIs
              • GetCurrentProcess.KERNEL32(00000000,?,002370CA,00000000,0023A0CD,?,00000000,92F439E1,0023A0CD,00000000), ref: 002370E1
              • TerminateProcess.KERNEL32(00000000,?,002370CA,00000000,0023A0CD,?,00000000,92F439E1,0023A0CD,00000000), ref: 002370E8
              • ExitProcess.KERNEL32 ref: 002370FA
              Memory Dump Source
              • Source File: 00000000.00000002.1333843612.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
              • Associated: 00000000.00000002.1333817227.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333879768.0000000000248000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333906575.0000000000256000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333906575.0000000000258000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000000259000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000000C59000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000000EC8000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000000ECC000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000000ED4000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000000F82000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000001254000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000001257000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000001883000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000001911000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.000000000191D000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000001B9F000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000001BA1000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000001BF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_220000_bcLKBiuPHu.jbxd
              Similarity
              • API ID: Process$CurrentExitTerminate
              • String ID:
              • API String ID: 1703294689-0
              • Opcode ID: 15d52f5b10fb6f365e290cc0e96e4dcf4cf9a87b4ae73af451ee4381edaf3e17
              • Instruction ID: 95d7b75ea0f65a55e838e3a962f698a7711b287db505c97510efc84a45f9223c
              • Opcode Fuzzy Hash: 15d52f5b10fb6f365e290cc0e96e4dcf4cf9a87b4ae73af451ee4381edaf3e17
              • Instruction Fuzzy Hash: E6D092B6034608AFDF613F60ED0E95D3F2ABF41791F544010B94D9A131DF769966DA80
              Function 0023A016 Relevance: 3.2, APIs: 2, Instructions: 196fileCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 28 23a016-23a038 29 23a22b 28->29 30 23a03e-23a040 28->30 31 23a22d-23a231 29->31 32 23a042-23a061 call 237cdc 30->32 33 23a06c-23a08f 30->33 41 23a064-23a067 32->41 34 23a091-23a093 33->34 35 23a095-23a09b 33->35 34->35 37 23a09d-23a0ae 34->37 35->32 35->37 39 23a0c1-23a0d1 call 239b5b 37->39 40 23a0b0-23a0b6 call 23951a 37->40 46 23a0d3-23a0d9 39->46 47 23a11a-23a12c 39->47 44 23a0bb-23a0be 40->44 41->31 44->39 50 23a102-23a118 call 23972c 46->50 51 23a0db-23a0de 46->51 48 23a183-23a1a3 WriteFile 47->48 49 23a12e-23a134 47->49 52 23a1a5-23a1ab GetLastError 48->52 53 23a1ae 48->53 55 23a136-23a139 49->55 56 23a16f-23a181 call 239bd8 49->56 66 23a0fb-23a0fd 50->66 57 23a0e0-23a0e3 51->57 58 23a0e9-23a0f8 call 239af3 51->58 52->53 60 23a1b1-23a1bc 53->60 61 23a15b-23a16d call 239d9c 55->61 62 23a13b-23a13e 55->62 74 23a156-23a159 56->74 57->58 63 23a1c3-23a1c6 57->63 58->66 67 23a226-23a229 60->67 68 23a1be-23a1c1 60->68 61->74 69 23a1c9-23a1cb 62->69 70 23a144-23a151 call 239cb3 62->70 63->69 66->60 67->31 68->63 75 23a1f9-23a205 69->75 76 23a1cd-23a1d2 69->76 70->74 74->66 81 23a207-23a20d 75->81 82 23a20f-23a221 75->82 79 23a1d4-23a1e6 76->79 80 23a1eb-23a1f4 call 234dea 76->80 79->41 80->41 81->29 81->82 82->41
              APIs
                • Part of subcall function 0023972C: GetConsoleOutputCP.KERNEL32(92F439E1,00000000,00000000,00000000), ref: 0023978F
              • WriteFile.KERNELBASE(?,00000000,?,00000000,00000000,00000000,00000000,0000000C,?,00000000,00254DB8,00000014,0022E6CF,00000000,00000000,00000000), ref: 0023A19B
              • GetLastError.KERNEL32(?,00000000), ref: 0023A1A5
              Memory Dump Source
              • Source File: 00000000.00000002.1333843612.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
              • Associated: 00000000.00000002.1333817227.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333879768.0000000000248000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333906575.0000000000256000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333906575.0000000000258000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000000259000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000000C59000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000000EC8000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000000ECC000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000000ED4000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000000F82000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000001254000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000001257000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000001883000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000001911000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.000000000191D000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000001B9F000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000001BA1000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000001BF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_220000_bcLKBiuPHu.jbxd
              Similarity
              • API ID: ConsoleErrorFileLastOutputWrite
              • String ID:
              • API String ID: 2915228174-0
              • Opcode ID: c21595907f513fb61a4bbae9d5afef4703504d35f1363af6f1424efcf9e357c4
              • Instruction ID: 3f6f9e4fe0425e388cc57e7e854a2124409577dcbba1fdf04ce55a26750697e0
              • Opcode Fuzzy Hash: c21595907f513fb61a4bbae9d5afef4703504d35f1363af6f1424efcf9e357c4
              • Instruction Fuzzy Hash: 4461F3F1C2021AAFDF15CFA8DC84AEEBFB9AF09304F140165E984A7211D772D961CB61
              Function 00237F3B Relevance: 3.1, APIs: 2, Instructions: 63COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 85 237f3b-237f4f call 2358c7 88 237f51-237f53 85->88 89 237f55-237f5d 85->89 92 237fa3-237fc3 call 235836 88->92 90 237f68-237f6b 89->90 91 237f5f-237f66 89->91 94 237f89-237f99 call 2358c7 FindCloseChangeNotification 90->94 95 237f6d-237f71 90->95 91->90 93 237f73-237f87 call 2358c7 * 2 91->93 102 237fd5 92->102 103 237fc5-237fd3 call 234dea 92->103 93->88 93->94 94->88 107 237f9b-237fa1 GetLastError 94->107 95->93 95->94 105 237fd7-237fda 102->105 103->105 107->92
              APIs
              • FindCloseChangeNotification.KERNELBASE(00000000,00000000,CF830579,?,00237E22,00000000,CF830579,00254C98,0000000C,00237EDE,0022DD13,?), ref: 00237F91
              • GetLastError.KERNEL32(?,00237E22,00000000,CF830579,00254C98,0000000C,00237EDE,0022DD13,?), ref: 00237F9B
              Memory Dump Source
              • Source File: 00000000.00000002.1333843612.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
              • Associated: 00000000.00000002.1333817227.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333879768.0000000000248000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333906575.0000000000256000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333906575.0000000000258000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000000259000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000000C59000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000000EC8000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000000ECC000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000000ED4000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000000F82000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000001254000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000001257000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000001883000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000001911000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.000000000191D000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000001B9F000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000001BA1000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000001BF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_220000_bcLKBiuPHu.jbxd
              Similarity
              • API ID: ChangeCloseErrorFindLastNotification
              • String ID:
              • API String ID: 1687624791-0
              • Opcode ID: ae5f3415878dd4bca74e7658aaf1f1c2009edc95e502efebdde9b67771ff601c
              • Instruction ID: af3deac1d21ddd321d974cf6bdb02df0e459d7435132866a7829b4b8c356278f
              • Opcode Fuzzy Hash: ae5f3415878dd4bca74e7658aaf1f1c2009edc95e502efebdde9b67771ff601c
              • Instruction Fuzzy Hash: DA114CF353C66126CE302B34A80977D6745AB82730F29025DF91CDB5D2DE70D8E04550
              Function 002393F9 Relevance: 3.1, APIs: 2, Instructions: 52COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 110 2393f9-239411 call 2358c7 113 239413-23941a 110->113 114 239427-23943d SetFilePointerEx 110->114 115 239421-239425 113->115 116 239452-23945c 114->116 117 23943f-239450 GetLastError call 234dea 114->117 118 239478-23947b 115->118 116->115 120 23945e-239473 116->120 117->115 120->118
              APIs
              • SetFilePointerEx.KERNELBASE(00000000,00000000,00000000,00000000,00000002,00000000,00000000,00000000,00000000,?,00239533,00000000,00000000,00000000,00000002,00000000), ref: 00239435
              • GetLastError.KERNEL32(00000000,?,00239533,00000000,00000000,00000000,00000002,00000000,?,0023A0BB,00000000,00000000,00000000,00000002,00000000,00000000), ref: 00239442
              Memory Dump Source
              • Source File: 00000000.00000002.1333843612.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
              • Associated: 00000000.00000002.1333817227.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333879768.0000000000248000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333906575.0000000000256000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333906575.0000000000258000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000000259000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000000C59000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000000EC8000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000000ECC000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000000ED4000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000000F82000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000001254000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000001257000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000001883000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000001911000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.000000000191D000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000001B9F000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000001BA1000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000001BF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_220000_bcLKBiuPHu.jbxd
              Similarity
              • API ID: ErrorFileLastPointer
              • String ID:
              • API String ID: 2976181284-0
              • Opcode ID: a2bad47133da28f51746cdb3fd6992885f3490e9df6c0ebea9434d5d8ccaf566
              • Instruction ID: 9cca0f4807e17d7710093f3ba611d435cb1c2b10b26b75925c611e8fdba21af1
              • Opcode Fuzzy Hash: a2bad47133da28f51746cdb3fd6992885f3490e9df6c0ebea9434d5d8ccaf566
              • Instruction Fuzzy Hash: FB01FE72630615AFCF058F59DC05D9E3B29EB86320F240249F951D7291EAB1EDD28B90
              Function 00237D9D Relevance: 3.0, APIs: 2, Instructions: 22memoryCOMMONLIBRARYCODE
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 122 237d9d-237da6 123 237dd5-237dd6 122->123 124 237da8-237dbb RtlFreeHeap 122->124 124->123 125 237dbd-237dd4 GetLastError call 234d84 call 234e21 124->125 125->123
              APIs
              • RtlFreeHeap.NTDLL(00000000,00000000,?,00232BE0,?), ref: 00237DB3
              • GetLastError.KERNEL32(?,?,00232BE0,?), ref: 00237DBE
              Memory Dump Source
              • Source File: 00000000.00000002.1333843612.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
              • Associated: 00000000.00000002.1333817227.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333879768.0000000000248000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333906575.0000000000256000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333906575.0000000000258000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000000259000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000000C59000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000000EC8000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000000ECC000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000000ED4000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000000F82000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000001254000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000001257000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000001883000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000001911000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.000000000191D000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000001B9F000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000001BA1000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000001BF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_220000_bcLKBiuPHu.jbxd
              Similarity
              • API ID: ErrorFreeHeapLast
              • String ID:
              • API String ID: 485612231-0
              • Opcode ID: 15e7d91f642d0be291009badee035a6fc296944b19cc30466fad234e497caf2d
              • Instruction ID: b5a5d2120d05a9ec76a6c1bba09bf7a1aadf445f6f4cd8ad5108fb190b54d176
              • Opcode Fuzzy Hash: 15e7d91f642d0be291009badee035a6fc296944b19cc30466fad234e497caf2d
              • Instruction Fuzzy Hash: E6E08CB6120208ABCF213FA0FC0CBA97B58AF017A2F140061FA0996460EB7098A0CB84
              Function 0023B955 Relevance: 1.6, APIs: 1, Instructions: 56COMMONLIBRARYCODE
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 130 23b955-23b97f 131 23b981-23b983 130->131 132 23b985-23b987 130->132 135 23b9d6-23b9d9 131->135 133 23b989-23b98b 132->133 134 23b98d-23b994 call 23b88a 132->134 133->135 137 23b999-23b99d 134->137 138 23b99f-23b9ad GetProcAddress 137->138 139 23b9bc-23b9d3 137->139 138->139 140 23b9af-23b9ba call 2365d6 138->140 141 23b9d5 139->141 140->141 141->135
              Memory Dump Source
              • Source File: 00000000.00000002.1333843612.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
              • Associated: 00000000.00000002.1333817227.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333879768.0000000000248000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333906575.0000000000256000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333906575.0000000000258000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000000259000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000000C59000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000000EC8000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000000ECC000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000000ED4000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000000F82000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000001254000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000001257000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000001883000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000001911000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.000000000191D000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000001B9F000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000001BA1000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000001BF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_220000_bcLKBiuPHu.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6b7bc3d359d75a39815913978de1045e8da3fd0dfe6afb268e5bb64a63e07d87
              • Instruction ID: cf6dbe27e54f83f5eedd8b061be7f0764f6aebfe28c6705c256a6eb3ac50fcff
              • Opcode Fuzzy Hash: 6b7bc3d359d75a39815913978de1045e8da3fd0dfe6afb268e5bb64a63e07d87
              • Instruction Fuzzy Hash: CF01F5732202159B9F239E69FC48B2B3369BB81320F64412AFB11C7198EF31D8219B90
              Function 0023A5B1 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 144 23a5b1-23a5bd 145 23a5ef-23a5fa call 234e21 144->145 146 23a5bf-23a5c1 144->146 153 23a5fc-23a5fe 145->153 148 23a5c3-23a5c4 146->148 149 23a5da-23a5eb RtlAllocateHeap 146->149 148->149 150 23a5c6-23a5cd call 237459 149->150 151 23a5ed 149->151 150->145 156 23a5cf-23a5d8 call 23f7b2 150->156 151->153 156->145 156->149
              APIs
              • RtlAllocateHeap.NTDLL(00000000,0022E77D,0022E77D,?,0023A532,00001000,?,00000000,?,?,0022E503,?,?,?,?,00000000), ref: 0023A5E3
              Memory Dump Source
              • Source File: 00000000.00000002.1333843612.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
              • Associated: 00000000.00000002.1333817227.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333879768.0000000000248000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333906575.0000000000256000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333906575.0000000000258000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000000259000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000000C59000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000000EC8000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000000ECC000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000000ED4000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000000F82000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000001254000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000001257000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000001883000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000001911000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.000000000191D000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000001B9F000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000001BA1000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000001BF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_220000_bcLKBiuPHu.jbxd
              Similarity
              • API ID: AllocateHeap
              • String ID:
              • API String ID: 1279760036-0
              • Opcode ID: 1b7f584748b872572497c78e2c2ee1b23b08daa75fbc2cf090b8394fb147d31a
              • Instruction ID: e43a7799368de427a171550c9b935afdfa543018c714b16fc84a00fb8b4c4c47
              • Opcode Fuzzy Hash: 1b7f584748b872572497c78e2c2ee1b23b08daa75fbc2cf090b8394fb147d31a
              • Instruction Fuzzy Hash: 29E0E5E193121257D6213E65AC04F9B7A48DB017B1F500031ED84D65C0DF60DC2086A2

              Non-executed Functions

              Function 00237B5D Relevance: 4.6, APIs: 3, Instructions: 77COMMON
              Download Yara Rule
              APIs
              • IsDebuggerPresent.KERNEL32 ref: 00237C55
              • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00237C5F
              • UnhandledExceptionFilter.KERNEL32(?), ref: 00237C6C
              Memory Dump Source
              • Source File: 00000000.00000002.1333843612.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
              • Associated: 00000000.00000002.1333817227.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333879768.0000000000248000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333906575.0000000000256000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333906575.0000000000258000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000000259000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000000C59000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000000EC8000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000000ECC000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000000ED4000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000000F82000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000001254000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000001257000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000001883000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000001911000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.000000000191D000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000001B9F000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000001BA1000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000001BF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_220000_bcLKBiuPHu.jbxd
              Similarity
              • API ID: ExceptionFilterUnhandled$DebuggerPresent
              • String ID:
              • API String ID: 3906539128-0
              • Opcode ID: abf0699c6f1b932d94aa9663642b5fd2ff7bd295d94a34c596ff7e79b9ca28bc
              • Instruction ID: 8ef3cd472ddb75097b7bb660b4208674f5d2ba6587ce7a49e14aa15b0810e143
              • Opcode Fuzzy Hash: abf0699c6f1b932d94aa9663642b5fd2ff7bd295d94a34c596ff7e79b9ca28bc
              • Instruction Fuzzy Hash: 9031D5B4911229ABCB21DF64D8887CCB7B4BF08310F5045DAE80CA6250EB309F958F44
              Function 0023711A Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMON
              Download Yara Rule
              APIs
              • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,92F439E1,00000000,?,00000000,002471CE,000000FF,?,002370F6,00000000,?,002370CA,00000000), ref: 0023714F
              • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00237161
              • FreeLibrary.KERNEL32(00000000,?,00000000,002471CE,000000FF,?,002370F6,00000000,?,002370CA,00000000), ref: 00237183
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.1333843612.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
              • Associated: 00000000.00000002.1333817227.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333879768.0000000000248000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333906575.0000000000256000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333906575.0000000000258000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000000259000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000000C59000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000000EC8000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000000ECC000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000000ED4000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000000F82000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000001254000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000001257000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000001883000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000001911000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.000000000191D000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000001B9F000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000001BA1000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000001BF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_220000_bcLKBiuPHu.jbxd
              Similarity
              • API ID: AddressFreeHandleLibraryModuleProc
              • String ID: CorExitProcess$mscoree.dll
              • API String ID: 4061214504-1276376045
              • Opcode ID: 7818b8c4f19562d12b746534e24d3f00f7802ce88dfb4ddc14bfd568ca6814fa
              • Instruction ID: 4446fa9b1343dc4e08d7439ea3c694b94015a9b13edffc5be352cedb582c65d2
              • Opcode Fuzzy Hash: 7818b8c4f19562d12b746534e24d3f00f7802ce88dfb4ddc14bfd568ca6814fa
              • Instruction Fuzzy Hash: 4801DB76524615EFDF218F54DC4DFAEB7B8FB05B11F000626F815A22D0DB759900CA50
              Function 0023972C Relevance: 6.3, APIs: 4, Instructions: 333fileCOMMON
              Download Yara Rule
              APIs
              • GetConsoleOutputCP.KERNEL32(92F439E1,00000000,00000000,00000000), ref: 0023978F
                • Part of subcall function 0023C8F6: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,0024413B,?,00000000,-00000008), ref: 0023C957
              • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 002399E1
              • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00239A27
              • GetLastError.KERNEL32 ref: 00239ACA
              Memory Dump Source
              • Source File: 00000000.00000002.1333843612.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
              • Associated: 00000000.00000002.1333817227.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333879768.0000000000248000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333906575.0000000000256000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333906575.0000000000258000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000000259000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000000C59000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000000EC8000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000000ECC000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000000ED4000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000000F82000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000001254000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000001257000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000001883000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000001911000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.000000000191D000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000001B9F000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000001BA1000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000001BF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_220000_bcLKBiuPHu.jbxd
              Similarity
              • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
              • String ID:
              • API String ID: 2112829910-0
              • Opcode ID: b6245bbb9eceb66453ad8875d2116964e5520fe816527160068e7842c4f9f66e
              • Instruction ID: 068b2213c35f21483bb7d4ebfa7593be5a7de1c5d3f0f300f4cd200318bf1195
              • Opcode Fuzzy Hash: b6245bbb9eceb66453ad8875d2116964e5520fe816527160068e7842c4f9f66e
              • Instruction Fuzzy Hash: B9D19DB5D142489FCF05CFE8D884AADBBB5FF4A300F28422AE955EB351D670A991CF50
              Function 00244397 Relevance: 6.0, APIs: 4, Instructions: 29COMMON
              Download Yara Rule
              APIs
              • WriteConsoleW.KERNEL32(00000000,00000000,?,00000000,00000000,?,00240132,00000000,00000001,0000000C,00000000,?,00239B1E,00000000,00000000,00000000), ref: 002443AE
              • GetLastError.KERNEL32(?,00240132,00000000,00000001,0000000C,00000000,?,00239B1E,00000000,00000000,00000000,00000000,00000000,?,0023A0F8,?), ref: 002443BA
                • Part of subcall function 00244380: CloseHandle.KERNEL32(FFFFFFFE,002443CA,?,00240132,00000000,00000001,0000000C,00000000,?,00239B1E,00000000,00000000,00000000,00000000,00000000), ref: 00244390
              • ___initconout.LIBCMT ref: 002443CA
                • Part of subcall function 00244336: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,00244365,0024011F,00000000,?,00239B1E,00000000,00000000,00000000,00000000), ref: 00244349
              • WriteConsoleW.KERNEL32(00000000,00000000,?,00000000,?,00240132,00000000,00000001,0000000C,00000000,?,00239B1E,00000000,00000000,00000000,00000000), ref: 002443DF
              Memory Dump Source
              • Source File: 00000000.00000002.1333843612.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
              • Associated: 00000000.00000002.1333817227.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333879768.0000000000248000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333906575.0000000000256000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333906575.0000000000258000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000000259000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000000C59000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000000EC8000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000000ECC000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000000ED4000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000000F82000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000001254000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000001257000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000001883000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000001911000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.000000000191D000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000001B9F000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000001BA1000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1333966196.0000000001BF6000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_220000_bcLKBiuPHu.jbxd
              Similarity
              • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
              • String ID:
              • API String ID: 2744216297-0
              • Opcode ID: 290535c8ad5e73494ab1486c26e936bdfb0d42eea0ad76296cdbd7b88803f1be
              • Instruction ID: d34d25e86b00a8bb4691f0b2f556f7f28eeab756feeba55d5d13d346d22bf0ff
              • Opcode Fuzzy Hash: 290535c8ad5e73494ab1486c26e936bdfb0d42eea0ad76296cdbd7b88803f1be
              • Instruction Fuzzy Hash: 92F0303A520215BBCF322FD1EC0DA8D3F26EB097A1B144050FE0896130DB32C870AB90