Windows Analysis Report
https://c51k11nyj56k.pettisville.sbs/lander/FileRotator_ID428/download.php

Overview

General Information

Sample URL: https://c51k11nyj56k.pettisville.sbs/lander/FileRotator_ID428/download.php
Analysis ID: 1430836
Infos:

Detection

Score: 56
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Contains functionality to infect the boot sector
Found pyInstaller with non standard icon
Hides threads from debuggers
Potentially malicious time measurement code found
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to enumerate running services
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Entry point lies outside standard sections
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
PE file does not import any functions
PE file overlay found
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Stores files to the Windows start menu directory
Uses code obfuscation techniques (call, push, ret)

Classification

Source: unknown HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49710 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.206.6.29:443 -> 192.168.2.16:49711 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.206.6.29:443 -> 192.168.2.16:49712 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49715 version: TLS 1.2
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-311\Release\win32api.pdb source: actions_version_x32-64_full.exe, 00000004.00000002.2119572331.00007FFF299D7000.00000002.00000001.01000000.00000015.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: actions_version_x32-64_full.exe, 00000003.00000003.1188717359.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000002.1951746842.00007FFF188C0000.00000002.00000001.01000000.0000001F.sdmp, actions_version_x32-64_full.exe, 0000000B.00000003.1273912934.00000000007E8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-311\Release\_win32sysloader.pdb source: actions_version_x32-64_full.exe, 00000003.00000003.1189204331.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 0000000B.00000003.1274396355.00000000007E8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-311\Release\pywintypes.pdb source: actions_version_x32-64_full.exe, 00000004.00000002.2121938168.00007FFF353F0000.00000002.00000001.01000000.00000012.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-311\Release\pythoncom.pdb}},GCTL source: actions_version_x32-64_full.exe, 00000004.00000002.2038843558.00007FFF1909C000.00000002.00000001.01000000.00000014.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-311\Release\win32api.pdb!! source: actions_version_x32-64_full.exe, 00000004.00000002.2119572331.00007FFF299D7000.00000002.00000001.01000000.00000015.sdmp
Source: Binary string: D:\a\1\b\libssl-1_1.pdb@@ source: actions_version_x32-64_full.exe, 00000004.00000002.2025334270.00007FFF18CD6000.00000002.00000001.01000000.00000017.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-311\Release\pywintypes.pdb** source: actions_version_x32-64_full.exe, 00000004.00000002.2121938168.00007FFF353F0000.00000002.00000001.01000000.00000012.sdmp
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: actions_version_x32-64_full.exe, 00000004.00000002.2002473814.00007FFF18B4F000.00000002.00000001.01000000.00000018.sdmp
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1u 30 May 2023built on: Wed May 31 23:27:41 2023 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: actions_version_x32-64_full.exe, 00000004.00000002.2002473814.00007FFF18B4F000.00000002.00000001.01000000.00000018.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_overlapped.pdb source: actions_version_x32-64_full.exe, 00000003.00000003.1180006039.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000002.2130948771.00007FFF3D856000.00000002.00000001.01000000.0000001A.sdmp, actions_version_x32-64_full.exe, 0000000B.00000003.1263743403.00000000007E8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: actions_version_x32-64_full.exe, 00000003.00000003.1178117675.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000002.2133555692.00007FFF432D1000.00000002.00000001.01000000.00000005.sdmp, actions_version_x32-64_full.exe, 0000000B.00000003.1261147824.00000000007E8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: actions_version_x32-64_full.exe, 00000003.00000003.1178117675.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000002.2133555692.00007FFF432D1000.00000002.00000001.01000000.00000005.sdmp, actions_version_x32-64_full.exe, 0000000B.00000003.1261147824.00000000007E8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-311\Release\win32trace.pdb source: actions_version_x32-64_full.exe, 00000003.00000003.1189641034.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 0000000B.00000003.1274957843.00000000007E8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_multiprocessing.pdb source: actions_version_x32-64_full.exe, 00000003.00000003.1179866955.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 0000000B.00000003.1263565745.00000000007E8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\libcrypto-1_1.pdb source: actions_version_x32-64_full.exe, 00000004.00000002.2002473814.00007FFF18BD1000.00000002.00000001.01000000.00000018.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\python311.pdb source: actions_version_x32-64_full.exe, 00000004.00000002.2077307342.00007FFF195DB000.00000002.00000001.01000000.00000004.sdmp
Source: Binary string: D:\a\1\b\libssl-1_1.pdb source: actions_version_x32-64_full.exe, 00000004.00000002.2025334270.00007FFF18CD6000.00000002.00000001.01000000.00000017.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: actions_version_x32-64_full.exe, 00000003.00000003.1178273579.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000002.2131355626.00007FFF3DCB5000.00000002.00000001.01000000.00000013.sdmp, actions_version_x32-64_full.exe, 0000000B.00000003.1261398858.00000000007E8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: actions_version_x32-64_full.exe, 00000003.00000003.1187742410.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000002.2134287651.00007FFF43AC3000.00000002.00000001.01000000.0000000C.sdmp, actions_version_x32-64_full.exe, 0000000B.00000003.1272452393.00000000007E8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: actions_version_x32-64_full.exe, 00000003.00000003.1179560329.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000002.2120274492.00007FFF29CD7000.00000002.00000001.01000000.0000001C.sdmp, actions_version_x32-64_full.exe, 0000000B.00000003.1263077183.00000000007E8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: actions_version_x32-64_full.exe, 00000003.00000003.1179709167.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 0000000B.00000003.1263329464.00000000007E8000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000016.00000003.1465911665.00000000006D3000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_asyncio.pdb source: actions_version_x32-64_full.exe, 00000003.00000003.1178387754.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000002.2122984027.00007FFF366B9000.00000002.00000001.01000000.00000019.sdmp, actions_version_x32-64_full.exe, 0000000B.00000003.1261626752.00000000007E8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\pyexpat.pdb source: actions_version_x32-64_full.exe, 00000004.00000002.2125420295.00007FFF3BF82000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: actions_version_x32-64_full.exe, 00000003.00000003.1180195896.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000002.2132226438.00007FFF3F523000.00000002.00000001.01000000.00000011.sdmp, actions_version_x32-64_full.exe, 0000000B.00000003.1263957573.00000000007E8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: actions_version_x32-64_full.exe, 00000003.00000003.1179709167.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 0000000B.00000003.1263329464.00000000007E8000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000016.00000003.1465911665.00000000006D3000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: actions_version_x32-64_full.exe, 00000003.00000003.1178553717.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 0000000B.00000003.1261884884.00000000007E8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-311\Release\pythoncom.pdb source: actions_version_x32-64_full.exe, 00000004.00000002.2038843558.00007FFF1909C000.00000002.00000001.01000000.00000014.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: actions_version_x32-64_full.exe, 00000003.00000003.1180347918.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000002.2126756256.00007FFF3BFA8000.00000002.00000001.01000000.0000000B.sdmp, actions_version_x32-64_full.exe, 0000000B.00000003.1264180749.00000000007E8000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000013.00000002.2127209107.00007FFF170FD000.00000002.00000001.01000000.00000039.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\python3.pdb source: actions_version_x32-64_full.exe, 00000003.00000003.1184715824.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000002.1946874747.0000000180000000.00000002.00000001.01000000.00000006.sdmp, actions_version_x32-64_full.exe, 0000000B.00000003.1268874565.00000000007E8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdbGCTL source: actions_version_x32-64_full.exe, 00000003.00000003.1178273579.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000002.2131355626.00007FFF3DCB5000.00000002.00000001.01000000.00000013.sdmp, actions_version_x32-64_full.exe, 0000000B.00000003.1261398858.00000000007E8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: actions_version_x32-64_full.exe, 00000004.00000002.2030713081.00007FFF18D1D000.00000002.00000001.01000000.00000016.sdmp
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF1890322E _errno,malloc,_errno,memset,MultiByteToWideChar,GetLastError,MultiByteToWideChar,MultiByteToWideChar,free,_errno,FindFirstFileW,_errno,FindNextFileW,WideCharToMultiByte, 4_2_00007FFF1890322E
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 19_2_00007FFF16DC37B0 _PyArg_ParseTuple_SizeT,?PyWinObject_AsWCHAR@@YAHPEAU_object@@PEAPEA_WHPEAK@Z,PyList_New,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,FindFirstFileW,GetLastError,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,?PyObject_FromWIN32_FIND_DATAW@@YAPEAU_object@@PEAU_WIN32_FIND_DATAW@@@Z,PyList_Append,_Py_Dealloc,FindNextFileW,GetLastError,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,FindClose,_Py_Dealloc, 19_2_00007FFF16DC37B0
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 19_2_00007FFF16932E70 memset,PyList_New,SetErrorMode,PyArg_ParseTuple,PyObject_IsTrue,PyEval_SaveThread,GetLogicalDriveStringsA,PyEval_RestoreThread,PyErr_SetFromWindowsErr,SetErrorMode,PyEval_SaveThread,GetDriveTypeA,PyEval_RestoreThread,GetVolumeInformationA,strcat_s,SetLastError,strcat_s,strcat_s,strcat_s,FindFirstVolumeMountPointA,strcpy_s,strcat_s,Py_BuildValue,PyList_Append,_Py_Dealloc,FindNextVolumeMountPointA,FindVolumeMountPointClose,strcat_s,strcat_s,Py_BuildValue,PyList_Append,_Py_Dealloc,strchr,SetErrorMode,FindVolumeMountPointClose,SetErrorMode,_Py_Dealloc,_Py_Dealloc, 19_2_00007FFF16932E70
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 19_2_00007FFF169538B0 PyExc_ValueError,PyErr_SetString,PyEval_SaveThread,WSARecvFrom,PyEval_RestoreThread,WSAGetLastError,SetEvent,_Py_NoneStruct, 19_2_00007FFF169538B0
Source: global traffic HTTP traffic detected: GET /lander/FileRotator_ID428/download.php HTTP/1.1Host: c51k11nyj56k.pettisville.sbsConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=3gV8HKrApdzLtFS&MD=sfHX4dAB HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=3gV8HKrApdzLtFS&MD=sfHX4dAB HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: unknown DNS traffic detected: queries for: c51k11nyj56k.pettisville.sbs
Source: actions_version_x32-64_full.exe, 00000004.00000002.1890367091.00000000049E0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://.../back.jpeg
Source: actions_version_x32-64_full.exe, 00000004.00000002.1822848774.00000000044E0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://aka.ms/vcpython27
Source: actions_version_x32-64_full.exe, 00000004.00000002.1822848774.00000000044E0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://aka.ms/vcpython270$X
Source: actions_version_x32-64_full.exe, 00000004.00000003.1515260062.0000000003C95000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1552387106.0000000003568000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1613006580.0000000003DDD000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000002.1810529286.000000000415F000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1623406863.000000000405A000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1620435646.0000000003EBF000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1469609839.0000000003568000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1411621935.0000000003DCE000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1562736926.000000000415F000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1591334462.000000000415F000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1438759537.0000000003DDE000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1604587132.0000000003566000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1419505523.000000000336F000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000002.1807986552.0000000004062000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1470947852.0000000003C76000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1531380995.0000000003568000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1505341246.000000000415F000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1513479358.0000000003566000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1418401591.0000000003564000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1583065550.0000000003C8E000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1410221231.0000000004108000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://blog.cryptographyengineering.com/2012/05/how-to-choose-authenticated-encryption.html
Source: actions_version_x32-64_full.exe, 00000004.00000002.1904283214.0000000004AE0000.00000004.00001000.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1417436746.0000000003E9A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://bugs.python.org/issue23606)
Source: actions_version_x32-64_full.exe, 00000003.00000003.1180483863.00000000000A7000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://cacerts.F
Source: actions_version_x32-64_full.exe, 0000000B.00000003.1263329464.00000000007E8000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000016.00000003.1465911665.00000000006D3000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.co
Source: actions_version_x32-64_full.exe, 00000003.00000003.1179075064.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1179709167.00000000000A7000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.coF
Source: actions_version_x32-64_full.exe, 00000003.00000003.1179866955.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1178872584.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1182407437.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1178387754.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1180006039.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1187742410.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1188717359.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1185456242.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1183772668.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1188717359.00000000000B4000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1179560329.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1180483863.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1179075064.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1180195896.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1184715824.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1180347918.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1178553717.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1185456242.00000000000B2000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1183463617.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1184424021.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1179709167.00000000000A7000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: actions_version_x32-64_full.exe, 00000003.00000003.1179866955.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1178872584.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1178387754.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1180006039.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1187742410.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1188717359.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1185456242.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1179560329.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1180483863.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1179075064.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1183772668.00000000000AF000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1180195896.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1184715824.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1180347918.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1178553717.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1183463617.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1184424021.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1179709167.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1182407437.00000000000B2000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 0000000B.00000003.1261884884.00000000007E8000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 0000000B.00000003.1262713684.00000000007E8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: actions_version_x32-64_full.exe, 00000003.00000003.1179866955.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1178872584.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1182407437.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1178387754.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1180006039.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1187742410.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1188717359.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1185456242.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1183772668.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1179560329.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1180483863.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1179075064.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1183772668.00000000000AF000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1180195896.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1184715824.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1180347918.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1178553717.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1185456242.00000000000B2000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1183463617.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1184424021.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1179709167.00000000000A7000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: actions_version_x32-64_full.exe, 00000003.00000003.1179866955.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1178872584.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1182407437.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1178387754.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1180006039.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1187742410.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1188717359.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1185456242.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1183772668.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1188717359.00000000000B4000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1179560329.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1180483863.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1179075064.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1180195896.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1184715824.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1180347918.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1178553717.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1185456242.00000000000B2000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1183463617.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1184424021.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1179709167.00000000000A7000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: actions_version_x32-64_full.exe, 00000004.00000002.1904283214.0000000004AE0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://cffi.readthedocs.io/en/latest/cdef.html#ffi-cdef-limitations
Source: actions_version_x32-64_full.exe, 00000004.00000003.1463623654.00000000033CD000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1615902132.00000000033D7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1579100361.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1218184885.00000000033D2000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000002.1743336817.00000000035BC000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1481853082.00000000033D7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1492561213.0000000002CD9000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1418057822.00000000035BB000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1460711763.0000000002CD8000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1220773697.00000000035BC000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1597773303.00000000033D5000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1214324647.0000000003391000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1427118105.0000000002CD7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1669112842.00000000035BC000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1415144394.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000002.1740378241.00000000033D7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1420907167.00000000035BB000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1203430409.0000000002CC7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000013.00000003.1302041176.0000000003139000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://code.activestate.com/recipes/577452-a-memoize-decorator-for-instance-methods/
Source: actions_version_x32-64_full.exe, 00000004.00000003.1556443261.0000000002D9D000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1201744280.00000000032DB000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1206492425.0000000002D9B000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1201744280.000000000331A000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1427118105.0000000002D9B000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1451140245.0000000002D9D000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1517509666.0000000002D90000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://code.activestate.com/recipes/577916/
Source: actions_version_x32-64_full.exe, 00000004.00000003.1407108721.0000000004173000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1623406863.000000000405A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.certigna.fr/certignarootca.crl01
Source: actions_version_x32-64_full.exe, 00000004.00000003.1411621935.0000000003DFF000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1677803981.0000000003E00000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000002.1809906841.000000000410E000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1410221231.0000000004108000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000013.00000003.1521729505.0000000003D10000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: actions_version_x32-64_full.exe, 00000004.00000003.1408583258.0000000004160000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1672960405.0000000003E86000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl
Source: actions_version_x32-64_full.exe, 00000004.00000002.1807242806.0000000004049000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl0
Source: actions_version_x32-64_full.exe, 00000004.00000003.1672960405.0000000003E86000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crleI%
Source: actions_version_x32-64_full.exe, 00000004.00000003.1407108721.0000000004173000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl
Source: actions_version_x32-64_full.exe, 00000004.00000003.1623406863.000000000405A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl?
Source: actions_version_x32-64_full.exe, 00000004.00000003.1407108721.0000000004173000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.dhimyotis.com/certignarootca.crlclw
Source: actions_version_x32-64_full.exe, 00000004.00000003.1417436746.0000000003E8F000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.securetrust.com/SGCA.crl
Source: actions_version_x32-64_full.exe, 00000004.00000003.1408583258.0000000004160000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.securetrust.com/SGCA.crl0
Source: actions_version_x32-64_full.exe, 00000004.00000003.1417436746.0000000003E8F000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.securetrust.com/STCA.crl
Source: actions_version_x32-64_full.exe, 00000004.00000003.1408583258.0000000004160000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1424681927.0000000003C76000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.securetrust.com/STCA.crl0
Source: actions_version_x32-64_full.exe, 00000004.00000003.1417436746.0000000003E8F000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl
Source: actions_version_x32-64_full.exe, 00000004.00000003.1411621935.0000000003DFF000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1677803981.0000000003E00000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000013.00000003.1521729505.0000000003D13000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
Source: actions_version_x32-64_full.exe, 00000003.00000003.1179866955.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1178872584.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1182407437.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1178387754.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1180006039.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1187742410.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1188717359.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1185456242.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1183772668.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1188717359.00000000000B4000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1179560329.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1180483863.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1179075064.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1180195896.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1184715824.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1180347918.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1178553717.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1185456242.00000000000B2000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1183463617.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1184424021.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1179709167.00000000000A7000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: actions_version_x32-64_full.exe, 00000003.00000003.1179866955.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1178872584.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1178387754.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1180006039.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1187742410.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1188717359.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1185456242.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1179560329.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1180483863.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1179075064.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1183772668.00000000000AF000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1180195896.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1184715824.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1180347918.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1178553717.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1183463617.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1184424021.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1179709167.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1182407437.00000000000B2000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 0000000B.00000003.1261884884.00000000007E8000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 0000000B.00000003.1262713684.00000000007E8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: actions_version_x32-64_full.exe, 00000003.00000003.1179866955.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1178872584.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1182407437.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1178387754.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1180006039.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1187742410.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1188717359.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1185456242.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1183772668.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1179560329.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1180483863.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1179075064.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1183772668.00000000000AF000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1180195896.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1184715824.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1180347918.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1178553717.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1185456242.00000000000B2000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1183463617.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1184424021.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1179709167.00000000000A7000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: actions_version_x32-64_full.exe, 0000000B.00000003.1263077183.00000000007E8000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000016.00000003.1465911665.00000000006D3000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: actions_version_x32-64_full.exe, 00000003.00000003.1179866955.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1178872584.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1178387754.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1180006039.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1187742410.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1188717359.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1185456242.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1179560329.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1180483863.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1179075064.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1183772668.00000000000AF000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1180195896.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1184715824.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1180347918.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1178553717.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1183463617.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1184424021.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1179709167.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1182407437.00000000000B2000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 0000000B.00000003.1261884884.00000000007E8000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 0000000B.00000003.1262713684.00000000007E8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: actions_version_x32-64_full.exe, 00000004.00000003.1613006580.0000000003DDD000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1623406863.000000000405A000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1411621935.0000000003DCE000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1438759537.0000000003DDE000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000013.00000002.1909402540.0000000003BA3000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/eax/eax-spec.pdf
Source: actions_version_x32-64_full.exe, 00000004.00000003.1552387106.0000000003568000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1469609839.0000000003568000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1604587132.0000000003566000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1419505523.000000000336F000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1531380995.0000000003568000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1513479358.0000000003566000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1418401591.0000000003564000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1624995239.0000000003567000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000013.00000003.1693553511.0000000003C1F000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38C/SP800-38C.pdf
Source: actions_version_x32-64_full.exe, 00000004.00000003.1515260062.0000000003C95000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1620435646.0000000003EBF000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1470947852.0000000003C76000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1583065550.0000000003C8E000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1417436746.0000000003EBF000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1424681927.0000000003C76000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf
Source: actions_version_x32-64_full.exe, 00000004.00000003.1674558864.000000000356D000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1559318233.0000000004119000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1513479358.000000000356C000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1410221231.000000000408A000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1623406863.000000000405A000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000002.1916159686.0000000004BE0000.00000004.00001000.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000002.1810272954.000000000411A000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1613470492.000000000356C000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1418057822.0000000003569000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1647546452.0000000004D20000.00000004.00001000.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000002.1916159686.0000000004C30000.00000004.00001000.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1636134366.00000000040D7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000002.1904283214.0000000004AE0000.00000004.00001000.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1552387106.000000000356C000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1410221231.0000000004108000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1624995239.000000000356D000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
Source: actions_version_x32-64_full.exe, 00000004.00000002.1876097409.00000000048E0000.00000004.00001000.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1221679165.0000000003E83000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://curl.haxx.se/rfc/cookie_spec.html
Source: actions_version_x32-64_full.exe, 00000004.00000002.1845154214.00000000046E0000.00000004.00001000.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000013.00000002.1973356695.0000000004580000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://docs.python.org/3/library/subprocess#subprocess.Popen.kill
Source: actions_version_x32-64_full.exe, 00000004.00000002.1845154214.00000000046E0000.00000004.00001000.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000013.00000002.1973356695.0000000004580000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://docs.python.org/3/library/subprocess#subprocess.Popen.returncode
Source: actions_version_x32-64_full.exe, 00000004.00000002.1833831487.00000000045E0000.00000004.00001000.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000013.00000002.1962561767.0000000004480000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://docs.python.org/3/library/subprocess#subprocess.Popen.terminate
Source: actions_version_x32-64_full.exe, 00000004.00000002.1743543916.00000000035C0000.00000004.00001000.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000002.1781441766.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000013.00000002.1818919922.0000000003440000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://docs.python.org/library/itertools.html#recipes
Source: actions_version_x32-64_full.exe, 00000004.00000003.1673850165.0000000003D69000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1411621935.0000000003CEF000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1566575796.0000000003D66000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://docs.python.org/library/unittest.html
Source: actions_version_x32-64_full.exe, 00000004.00000002.1743543916.00000000035C0000.00000004.00001000.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000013.00000002.1818919922.0000000003440000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://github.com/ActiveState/appdirs
Source: actions_version_x32-64_full.exe, 00000004.00000002.1845154214.00000000046E0000.00000004.00001000.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000013.00000002.1973356695.0000000004580000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://goo.gl/zeJZl.
Source: actions_version_x32-64_full.exe, 00000004.00000003.1222311821.0000000003DE3000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1411621935.0000000003E10000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1673485233.0000000003E10000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1612695620.0000000003E10000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1491074591.0000000003E10000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1623115671.0000000003E10000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1605538650.0000000003E0F000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1438759537.0000000003E10000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1588758972.0000000003E10000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://google.com/
Source: actions_version_x32-64_full.exe, 00000004.00000003.1438759537.0000000003E3E000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1221841466.0000000003E2E000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1411621935.0000000003E3A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://google.com/mail/
Source: actions_version_x32-64_full.exe, 00000004.00000003.1221679165.0000000003E92000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1558785037.0000000003DE3000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1468622351.0000000003E97000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1222311821.0000000003DE3000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1411621935.0000000003DE3000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000002.1803220976.0000000003DEA000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1623871625.0000000003DEA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535
Source: actions_version_x32-64_full.exe, 00000004.00000002.1861379427.00000000047E0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://mail.python.org/pipermail/python-dev/2012-June/120787.html.
Source: actions_version_x32-64_full.exe, 00000004.00000002.1809906841.000000000410E000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1410221231.0000000004108000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.accv.es
Source: actions_version_x32-64_full.exe, 00000004.00000003.1407108721.0000000004173000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.accv.es0
Source: actions_version_x32-64_full.exe, 00000003.00000003.1179866955.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1178872584.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1178387754.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1180006039.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1187742410.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1188717359.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1185456242.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1179560329.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1180483863.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1179075064.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1183772668.00000000000AF000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1180195896.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1184715824.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1180347918.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1178553717.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1183463617.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1184424021.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1179709167.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1182407437.00000000000B2000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 0000000B.00000003.1261884884.00000000007E8000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 0000000B.00000003.1262713684.00000000007E8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com0
Source: actions_version_x32-64_full.exe, 00000003.00000003.1179866955.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1178872584.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1182407437.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1178387754.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1180006039.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1187742410.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1188717359.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1185456242.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1183772668.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1188717359.00000000000B4000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1179560329.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1180483863.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1179075064.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1180195896.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1184715824.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1180347918.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1178553717.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1185456242.00000000000B2000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1183463617.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1184424021.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1179709167.00000000000A7000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com0A
Source: actions_version_x32-64_full.exe, 00000003.00000003.1179866955.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1178872584.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1182407437.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1178387754.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1180006039.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1187742410.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1188717359.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1185456242.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1183772668.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1188717359.00000000000B4000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1179560329.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1180483863.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1179075064.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1180195896.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1184715824.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1180347918.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1178553717.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1185456242.00000000000B2000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1183463617.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1184424021.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1179709167.00000000000A7000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com0C
Source: actions_version_x32-64_full.exe, 00000003.00000003.1179866955.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1178872584.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1182407437.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1178387754.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1180006039.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1187742410.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1188717359.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1185456242.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1183772668.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1179560329.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1180483863.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1179075064.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1183772668.00000000000AF000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1180195896.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1184715824.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1180347918.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1178553717.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1185456242.00000000000B2000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1183463617.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1184424021.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1179709167.00000000000A7000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com0X
Source: actions_version_x32-64_full.exe, 00000004.00000002.1730722666.00000000030C0000.00000004.00001000.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000002.1743543916.00000000035C0000.00000004.00001000.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000013.00000002.1818919922.0000000003440000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://opensource.apple.com/source/CF/CF-744.18/CFBinaryPList.c
Source: actions_version_x32-64_full.exe, 00000004.00000003.1410221231.000000000408A000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1672960405.0000000003E86000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1605187489.0000000002E73000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1427118105.0000000002E61000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://repository.swisssign.com/
Source: actions_version_x32-64_full.exe, 00000004.00000003.1410221231.000000000408A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://repository.swisssign.com/wh
Source: actions_version_x32-64_full.exe, 00000004.00000002.1781441766.00000000039E0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://stackoverflow.com/questions/19622133/
Source: actions_version_x32-64_full.exe, 00000004.00000003.1626206558.0000000003D95000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1411621935.0000000003CEF000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1510560465.0000000003D94000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1417436746.0000000003E9A000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1566575796.0000000003D94000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1620435646.0000000003EA5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://tools.ietf.org/html/rfc4880
Source: actions_version_x32-64_full.exe, 00000004.00000002.1916159686.0000000004CA4000.00000004.00001000.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000002.1904283214.0000000004AE0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://tools.ietf.org/html/rfc5297
Source: actions_version_x32-64_full.exe, 00000004.00000003.1554982079.0000000003E30000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1411621935.0000000003E28000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://tools.ietf.org/html/rfc5869
Source: actions_version_x32-64_full.exe, 00000004.00000002.1890367091.00000000049E0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://tools.ietf.org/html/rfc6125#section-6.4.3
Source: actions_version_x32-64_full.exe, 00000004.00000003.1410221231.000000000408A000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1623406863.000000000405A000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1568093338.00000000040B0000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000002.1807986552.0000000004062000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://web.cs.ucdavis.edu/~rogaway/ocb/license.htm
Source: actions_version_x32-64_full.exe, 00000004.00000003.1407108721.0000000004173000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000002.1809906841.000000000410E000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1410221231.0000000004108000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
Source: actions_version_x32-64_full.exe, 00000004.00000003.1407108721.0000000004173000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl
Source: actions_version_x32-64_full.exe, 00000004.00000003.1407108721.0000000004173000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
Source: actions_version_x32-64_full.exe, 00000004.00000003.1408744939.0000000003EF9000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1479145284.0000000003EF9000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000013.00000003.1735578579.0000000003F26000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.accv.es/legislacion_c.htm
Source: actions_version_x32-64_full.exe, 00000004.00000003.1407108721.0000000004173000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.accv.es/legislacion_c.htm0U
Source: actions_version_x32-64_full.exe, 00000013.00000003.1735578579.0000000003F26000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.accv.es/legislacion_c.htmSH
Source: actions_version_x32-64_full.exe, 00000004.00000003.1408744939.0000000003EF9000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1407108721.0000000004173000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1479145284.0000000003EF9000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000013.00000003.1735578579.0000000003F26000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.accv.es00
Source: actions_version_x32-64_full.exe, 00000004.00000002.1730722666.00000000030C0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.apple.com/DTDs/PropertyList-1.0.dtd
Source: actions_version_x32-64_full.exe, 00000004.00000003.1607113676.000000000323A000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1407108721.0000000004173000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1446348601.0000000003228000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1473922252.00000000041B2000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000002.1811192320.00000000041B0000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000013.00000003.1674879550.0000000003C0E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.cert.fnmt.es/dpcs/
Source: actions_version_x32-64_full.exe, 00000013.00000003.1674879550.0000000003C0E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.cert.fnmt.es/dpcs/dSt
Source: actions_version_x32-64_full.exe, 00000004.00000003.1200112485.0000000003266000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1200112485.00000000032B5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.cl.cam.ac.uk/~mgk25/iso-time.html
Source: actions_version_x32-64_full.exe, 00000004.00000002.1810529286.000000000415F000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1623406863.000000000405A000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1562736926.000000000415F000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1591334462.000000000415F000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000002.1807986552.0000000004062000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1505341246.000000000415F000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1410221231.0000000004108000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.cs.ucdavis.edu/~rogaway/papers/keywrap.pdf
Source: actions_version_x32-64_full.exe, 00000004.00000002.1916159686.0000000004BF8000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.dabeaz.com/ply)
Source: actions_version_x32-64_full.exe, 00000003.00000003.1179866955.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1178872584.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1178387754.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1180006039.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1187742410.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1188717359.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1185456242.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1179560329.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1180483863.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1179075064.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1183772668.00000000000AF000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1180195896.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1184715824.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1180347918.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1178553717.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1183463617.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1184424021.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1179709167.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000003.00000003.1182407437.00000000000B2000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 0000000B.00000003.1261884884.00000000007E8000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 0000000B.00000003.1262713684.00000000007E8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.digicert.com/CPS0
Source: actions_version_x32-64_full.exe, 00000004.00000003.1566575796.0000000003D8C000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1407108721.0000000004173000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1411621935.0000000003CEF000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1673850165.0000000003D8C000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1510560465.0000000003D6C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.firmaprofesional.com/cps0
Source: actions_version_x32-64_full.exe, 00000004.00000003.1411621935.0000000003E1C000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1222311821.0000000003DE3000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1438759537.0000000003E10000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6
Source: actions_version_x32-64_full.exe, 00000004.00000003.1201915377.00000000032AE000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1200112485.00000000032B5000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1200307737.0000000002CD1000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000013.00000003.1301028056.0000000003112000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.iana.org/time-zones/repository/tz-link.html
Source: actions_version_x32-64_full.exe, 00000004.00000003.1200112485.0000000003266000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1200112485.00000000032B5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.phys.uu.nl/~vgent/calendar/isocalendar.htm
Source: actions_version_x32-64_full.exe, 00000004.00000003.1665662460.0000000002B02000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1458693525.0000000002AF9000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1434381970.0000000002AF2000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1644181752.0000000002B00000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000013.00000003.1693553511.0000000003C1F000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.quovadisglobal.com/cps
Source: actions_version_x32-64_full.exe, 00000004.00000003.1408744939.0000000003EE0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.quovadisglobal.com/cps0
Source: actions_version_x32-64_full.exe, 00000004.00000003.1410221231.000000000408A000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1568093338.00000000040B0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.rfc-editor.org/in
Source: actions_version_x32-64_full.exe, 00000004.00000003.1623406863.000000000405A000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000002.1807986552.0000000004062000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.rfc-editor.org/info/rfc7253
Source: actions_version_x32-64_full.exe, 00000004.00000003.1613006580.0000000003DDD000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1411621935.0000000003DCE000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1521833888.0000000003DDC000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1559916550.0000000003DDC000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000002.1802216553.0000000003DDD000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1678037207.0000000003DDD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.tarsnap.com/scrypt/scrypt-slides.pdf
Source: actions_version_x32-64_full.exe, 00000004.00000003.1497801513.0000000003CF3000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1221679165.0000000003E83000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1521132201.0000000003CF7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1411621935.0000000003CEF000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1610172483.0000000003CF7000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://wwwsearch.sf.net/):
Source: actions_version_x32-64_full.exe, 00000003.00000003.1188045157.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 0000000B.00000003.1272898224.00000000007EB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://blog.jaraco.com/skeleton
Source: actions_version_x32-64_full.exe, 00000004.00000003.1197215519.0000000002DFC000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1197060563.0000000002E58000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1198755229.0000000002D5A000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1203430409.0000000002D5D000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1451140245.0000000002D56000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1669354686.0000000002D5A000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1427118105.0000000002D56000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1197411440.0000000002D5A000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000013.00000003.1291052613.0000000002B45000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://bugs.python.org/issue42195.
Source: actions_version_x32-64_full.exe, 00000004.00000002.1762572135.00000000037C0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://bugs.python.org/issue44497.
Source: actions_version_x32-64_full.exe, actions_version_x32-64_full.exe, 00000004.00000002.1949414250.00007FFF1878C000.00000002.00000001.01000000.00000020.sdmp String found in binary or memory: https://cffi.readthedocs.io/en/latest/using.html#callbacks
Source: actions_version_x32-64_full.exe, 00000003.00000003.1188045157.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 0000000B.00000003.1272898224.00000000007EB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://codecov.io/gh/pypa/setuptools
Source: actions_version_x32-64_full.exe, 00000003.00000003.1188045157.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 0000000B.00000003.1272898224.00000000007EB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://discord.com/channels/803025117553754132/815945031150993468
Source: actions_version_x32-64_full.exe, 00000004.00000003.1496726875.0000000002CD7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1427118105.0000000002CD7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000002.1708732054.0000000002CD7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1203430409.0000000002CC7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000013.00000003.1302041176.0000000003139000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64
Source: actions_version_x32-64_full.exe, 00000004.00000003.1507197360.0000000002E41000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1427118105.0000000002E3B000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1456408459.0000000002E3F000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://docs.python.org/3/library/pprint.html
Source: actions_version_x32-64_full.exe, 00000004.00000003.1507197360.0000000002E41000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1427118105.0000000002E3B000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1456408459.0000000002E3F000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://docs.python.org/3/library/pprint.html#pprint.pprint
Source: actions_version_x32-64_full.exe, 00000004.00000003.1205370304.00000000033EA000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1502952610.0000000003442000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1208362827.0000000003344000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1214324647.0000000003348000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1466675815.0000000003350000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1419505523.0000000003348000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1493557376.0000000003446000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000002.1781441766.00000000039E0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://docs.python.org/3/library/re.html
Source: actions_version_x32-64_full.exe, 00000004.00000002.1752420971.00000000036C0000.00000004.00001000.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1205370304.0000000003392000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1205370304.00000000033EA000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000002.1781441766.00000000039E0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://docs.python.org/3/library/re.html#re.sub
Source: actions_version_x32-64_full.exe, 00000004.00000002.1876097409.00000000048E0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://foss.heptapod.net/pypy/pypy/-/issues/3539
Source: actions_version_x32-64_full.exe, 00000004.00000002.1752420971.00000000036C0000.00000004.00001000.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000002.1789792442.0000000003AE0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://gist.github.com/lyssdod/f51579ae8d93c8657a5564aefc2ffbca
Source: actions_version_x32-64_full.exe, 00000004.00000003.1222311821.0000000003DE3000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1438759537.0000000003DFB000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1497720437.0000000003DFA000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1411621935.0000000003DFB000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1625659420.0000000003DFB000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1460407959.0000000003DFB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/Ousret/charset_normalizer
Source: actions_version_x32-64_full.exe, 00000004.00000002.1698185250.0000000002AC0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
Source: actions_version_x32-64_full.exe, 00000004.00000002.1861379427.00000000047E0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/giampaolo/psutil/issues/875.
Source: actions_version_x32-64_full.exe, 00000004.00000002.1789792442.0000000003AE0000.00000004.00001000.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000002.1743543916.00000000035C0000.00000004.00001000.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000013.00000002.1818919922.0000000003440000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/jaraco/jaraco.functools/issues/5
Source: actions_version_x32-64_full.exe String found in binary or memory: https://github.com/mhammond/pywin32
Source: actions_version_x32-64_full.exe, 00000003.00000003.1188045157.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 0000000B.00000003.1272898224.00000000007EB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/psf/black
Source: actions_version_x32-64_full.exe, 00000003.00000003.1188045157.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 0000000B.00000003.1272898224.00000000007EB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/pypa/.github/blob/main/CODE_OF_CONDUCT.md
Source: actions_version_x32-64_full.exe, 00000004.00000002.1752420971.00000000036C0000.00000004.00001000.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000002.1781441766.00000000039E0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/pypa/packaging
Source: actions_version_x32-64_full.exe, 00000004.00000002.1781441766.00000000039E0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/pypa/packaging0
Source: actions_version_x32-64_full.exe, 00000004.00000002.1752420971.00000000036C0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/pypa/packagingpHq
Source: actions_version_x32-64_full.exe, 00000003.00000003.1188045157.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 0000000B.00000003.1272898224.00000000007EB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/pypa/setuptools
Source: actions_version_x32-64_full.exe, 00000003.00000003.1188045157.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 0000000B.00000003.1272898224.00000000007EB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/pypa/setuptools/actions?query=workflow%3A%22tests%22
Source: actions_version_x32-64_full.exe, 00000003.00000003.1188045157.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 0000000B.00000003.1272898224.00000000007EB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/pypa/setuptools/discussions
Source: actions_version_x32-64_full.exe, 00000003.00000003.1188045157.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 0000000B.00000003.1272898224.00000000007EB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/pypa/setuptools/issues
Source: actions_version_x32-64_full.exe, 00000004.00000002.1752420971.00000000036C0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/pypa/setuptools/issues/1024.
Source: actions_version_x32-64_full.exe, 00000004.00000002.1723686134.0000000002FC0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/pypa/setuptools/issues/417#issuecomment-392298401
Source: actions_version_x32-64_full.exe, 00000003.00000003.1188045157.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 0000000B.00000003.1272898224.00000000007EB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/pypa/setuptools/workflows/tests/badge.svg
Source: actions_version_x32-64_full.exe, 00000004.00000003.1517124336.0000000003353000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/pyparsing/pyparsing/wiki
Source: actions_version_x32-64_full.exe, 00000004.00000002.1686301958.0000000002708000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
Source: actions_version_x32-64_full.exe, 00000004.00000002.1698185250.0000000002AC0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
Source: actions_version_x32-64_full.exe, 00000004.00000002.1698185250.0000000002AC0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
Source: actions_version_x32-64_full.exe, 00000004.00000002.1698185250.0000000002AC0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
Source: actions_version_x32-64_full.exe, 00000004.00000002.1876097409.00000000048E0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963
Source: actions_version_x32-64_full.exe, 00000004.00000003.1554982079.0000000003E30000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1438759537.0000000003E36000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1221841466.0000000003E2E000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1610855915.0000000003E36000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1411621935.0000000003E28000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.
Source: actions_version_x32-64_full.exe, 00000004.00000002.1890367091.00000000049E0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/urllib3/urllib3/issues/2920
Source: actions_version_x32-64_full.exe, 00000004.00000003.1222311821.0000000003DE3000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1411621935.0000000003DF4000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1497720437.0000000003DFA000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000002.1708472358.0000000002CCF000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1411621935.0000000003CEF000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1510560465.0000000003D65000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1625659420.0000000003DF6000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1527852102.0000000002CCF000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1564616597.0000000002CCF000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1460711763.0000000002CCE000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1427118105.0000000002CCD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://google.com/
Source: actions_version_x32-64_full.exe, 00000004.00000003.1222311821.0000000003DE3000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1411621935.0000000003DF4000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1411621935.0000000003CEF000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1510560465.0000000003D65000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1625659420.0000000003DF6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://google.com/mail
Source: actions_version_x32-64_full.exe, 00000013.00000003.1685420435.0000000003C2F000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://google.com/mail/
Source: actions_version_x32-64_full.exe, 00000004.00000002.1741724555.0000000003510000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1573020043.000000000350D000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://html.spec.whatwg.org/multipage/
Source: actions_version_x32-64_full.exe, 00000004.00000003.1427118105.0000000002CCD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://httpbin.org/
Source: actions_version_x32-64_full.exe, 00000004.00000002.1904283214.0000000004AE0000.00000004.00001000.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000002.1737872876.0000000003200000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1418401591.000000000351C000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000002.1800738507.0000000003CD1000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://httpbin.org/get
Source: actions_version_x32-64_full.exe, 00000004.00000003.1222311821.0000000003D9A000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1438759537.0000000003DBE000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1521833888.0000000003DBD000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1411621935.0000000003DBB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://httpbin.org/post
Source: actions_version_x32-64_full.exe, 00000004.00000003.1218184885.0000000003200000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://httpbin.orgW
Source: actions_version_x32-64_full.exe, 00000003.00000003.1188045157.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 0000000B.00000003.1272898224.00000000007EB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://img.shields.io/badge/code%20style-black-000000.svg
Source: actions_version_x32-64_full.exe, 00000003.00000003.1188045157.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 0000000B.00000003.1272898224.00000000007EB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://img.shields.io/badge/skeleton-2022-informational
Source: actions_version_x32-64_full.exe, 00000003.00000003.1188045157.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 0000000B.00000003.1272898224.00000000007EB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://img.shields.io/codecov/c/github/pypa/setuptools/master.svg?logo=codecov&logoColor=white
Source: actions_version_x32-64_full.exe, 00000003.00000003.1188045157.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 0000000B.00000003.1272898224.00000000007EB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://img.shields.io/discord/803025117553754132
Source: actions_version_x32-64_full.exe, 00000003.00000003.1188045157.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 0000000B.00000003.1272898224.00000000007EB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://img.shields.io/pypi/pyversions/setuptools.svg
Source: actions_version_x32-64_full.exe, 00000003.00000003.1188045157.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 0000000B.00000003.1272898224.00000000007EB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://img.shields.io/pypi/v/setuptools.svg
Source: actions_version_x32-64_full.exe, 00000003.00000003.1188045157.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 0000000B.00000003.1272898224.00000000007EB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://img.shields.io/readthedocs/setuptools/latest.svg
Source: actions_version_x32-64_full.exe, 00000004.00000002.1730722666.00000000030C0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://importlib-resources.readthedocs.io/en/latest/using.html#migrating-from-legacy
Source: actions_version_x32-64_full.exe, 00000004.00000003.1474519615.0000000003C54000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://json.org
Source: actions_version_x32-64_full.exe, 00000004.00000003.1624230729.0000000003ED6000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1221026625.0000000003EB0000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1495479991.0000000003ED9000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1417436746.0000000003ED5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://mahler:8092/site-updates.py
Source: actions_version_x32-64_full.exe, 00000004.00000002.1801819490.0000000003D98000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1510560465.0000000003D98000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1626206558.0000000003D95000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1411621935.0000000003CEF000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1522747221.0000000003D98000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1566575796.0000000003D94000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-108r1.pdf
Source: actions_version_x32-64_full.exe, 00000004.00000003.1426439822.0000000003C37000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1607637679.0000000003C4D000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1569627749.0000000003C4E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://packaging.python.org/en/latest/specifications/declaring-project-metadata/
Source: actions_version_x32-64_full.exe, 00000003.00000003.1188045157.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 0000000B.00000003.1272898224.00000000007EB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://packaging.python.org/installing/
Source: actions_version_x32-64_full.exe, 00000004.00000002.1762572135.00000000037C0000.00000004.00001000.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000002.1781441766.00000000039E0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://packaging.python.org/specifications/entry-points/
Source: actions_version_x32-64_full.exe, 00000004.00000003.1196264654.0000000002D56000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000002.1714760653.0000000002EC0000.00000004.00001000.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1196018306.0000000002D56000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://peps.python.org/pep-0205/
Source: actions_version_x32-64_full.exe, 00000004.00000002.2077307342.00007FFF195DB000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: https://peps.python.org/pep-0263/
Source: actions_version_x32-64_full.exe, 00000003.00000003.1188045157.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 0000000B.00000003.1272898224.00000000007EB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://pypi.org/project/setuptools
Source: actions_version_x32-64_full.exe, 00000003.00000003.1188045157.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 0000000B.00000003.1272898224.00000000007EB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://raw.githubusercontent.com/pypa/setuptools/main/docs/images/banner-640x320.svg
Source: actions_version_x32-64_full.exe, 00000004.00000002.1752420971.00000000036C0000.00000004.00001000.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000002.1789792442.0000000003AE0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://refspecs.linuxfoundation.org/elf/gabi4
Source: actions_version_x32-64_full.exe, 00000004.00000003.1222311821.0000000003D9A000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1438759537.0000000003DBE000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1521833888.0000000003DBD000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1411621935.0000000003DBB000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000002.1904283214.0000000004AE0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://requests.readthedocs.io
Source: actions_version_x32-64_full.exe, 00000003.00000003.1188045157.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 0000000B.00000003.1272898224.00000000007EB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://setuptools.pypa.io
Source: actions_version_x32-64_full.exe, 00000003.00000003.1188045157.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 0000000B.00000003.1272898224.00000000007EB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://setuptools.pypa.io/
Source: actions_version_x32-64_full.exe, 00000004.00000003.1427118105.0000000002E9F000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1505604100.0000000002EA4000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1537686625.0000000002EA4000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1200307737.0000000002E88000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1442569801.0000000002E9F000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1205991970.0000000002E94000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000002.1714487560.0000000002EA4000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1472506105.0000000002EA4000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1200112485.0000000003285000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1477964047.0000000002EA4000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1200307737.0000000002EA4000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://setuptools.pypa.io/en/latest/pkg_resources.html#basic-resource-access
Source: actions_version_x32-64_full.exe, 00000004.00000002.1762572135.00000000037C0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://setuptools.pypa.io/en/latest/userguide/declarative_config.html#opt-2
Source: actions_version_x32-64_full.exe, 00000003.00000003.1188045157.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 0000000B.00000003.1272898224.00000000007EB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://setuptools.pypa.io/en/stable/history.html
Source: actions_version_x32-64_full.exe, 00000004.00000003.1209305835.000000000343E000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1674895354.0000000002E2A000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1459048644.0000000002E2C000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1427118105.0000000002E2C000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1214324647.000000000347C000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1415144394.0000000003446000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1205370304.0000000003392000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1218184885.0000000003446000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1214324647.0000000003446000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000002.1741067845.0000000003480000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000002.1740889263.0000000003446000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1205370304.00000000033EA000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1502952610.0000000003442000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1208362827.0000000003344000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1214324647.0000000003348000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1466675815.0000000003350000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1419505523.0000000003348000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1493557376.0000000003446000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://stackoverflow.com/questions/267399/how-do-you-match-only-valid-roman-numerals-with-a-regular
Source: actions_version_x32-64_full.exe, 00000004.00000002.1861379427.00000000047E0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://stackoverflow.com/questions/4457745#4457745.
Source: actions_version_x32-64_full.exe, 00000003.00000003.1188045157.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 0000000B.00000003.1272898224.00000000007EB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://tidelift.com/badges/github/pypa/setuptools?style=flat
Source: actions_version_x32-64_full.exe, 00000003.00000003.1188045157.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 0000000B.00000003.1272898224.00000000007EB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://tidelift.com/security
Source: actions_version_x32-64_full.exe, 00000003.00000003.1188045157.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 0000000B.00000003.1272898224.00000000007EB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://tidelift.com/subscription/pkg/pypi-setuptools?utm_source=pypi-setuptools&utm_medium=readme
Source: actions_version_x32-64_full.exe, 00000003.00000003.1188045157.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 0000000B.00000003.1272898224.00000000007EB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://tidelift.com/subscription/pkg/pypi-setuptools?utm_source=pypi-setuptools&utm_medium=referral
Source: actions_version_x32-64_full.exe, 00000004.00000002.1904283214.0000000004AE0000.00000004.00001000.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1647546452.0000000004DCC000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://tinyurl.com/2rrum92k
Source: actions_version_x32-64_full.exe, 00000004.00000003.1610172483.0000000003CFB000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1497801513.0000000003CFE000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1411621935.0000000003CEF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://tools.ietf.org/html/rfc2388#section-4.4
Source: actions_version_x32-64_full.exe, 00000004.00000003.1552387106.0000000003568000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1469609839.0000000003568000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1604587132.0000000003566000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1419505523.000000000336F000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1531380995.0000000003568000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1513479358.0000000003566000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1418401591.0000000003564000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1624995239.0000000003567000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000013.00000003.1693553511.0000000003C1F000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://tools.ietf.org/html/rfc3610
Source: actions_version_x32-64_full.exe, 00000004.00000002.1810529286.000000000415F000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1623406863.000000000405A000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1562736926.000000000415F000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1591334462.000000000415F000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000002.1807986552.0000000004062000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1505341246.000000000415F000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1410221231.0000000004108000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://tools.ietf.org/html/rfc5297
Source: actions_version_x32-64_full.exe, 00000004.00000003.1222311821.0000000003DE3000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1438759537.0000000003DFB000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1497720437.0000000003DFA000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000002.1708472358.0000000002CCF000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1411621935.0000000003DFB000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1625659420.0000000003DFB000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1527852102.0000000002CCF000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1564616597.0000000002CCF000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1460711763.0000000002CCE000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1427118105.0000000002CCD000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1460407959.0000000003DFB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://twitter.com/
Source: actions_version_x32-64_full.exe, 00000004.00000002.1781441766.00000000039E0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://upload.pypi.org/legacy/
Source: actions_version_x32-64_full.exe, 00000004.00000002.1890367091.00000000049E0000.00000004.00001000.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1221026625.0000000003EB0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxy
Source: actions_version_x32-64_full.exe, 00000004.00000003.1218184885.0000000003200000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#socks-proxies
Source: actions_version_x32-64_full.exe, 00000004.00000002.1861379427.00000000047E0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings
Source: actions_version_x32-64_full.exe, 00000004.00000002.1861379427.00000000047E0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings0
Source: actions_version_x32-64_full.exe, 00000004.00000002.1861379427.00000000047E0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://vovsoft.com/version-history/web-platform-identifier/
Source: actions_version_x32-64_full.exe, 00000004.00000003.1222311821.0000000003D9A000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1438759537.0000000003DBE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://vovsoft.com/version-history/web-platform-identifier/zhV1ZWb1UwMUhUa2xVVkZwTlpWUnJkMWxXWXpGT1
Source: actions_version_x32-64_full.exe, 00000004.00000003.1434381970.0000000002B12000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1492000460.0000000002B19000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000013.00000003.1553391863.0000000000171000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://wiki.debian.org/XDGBaseDirectorySpecification#state
Source: actions_version_x32-64_full.exe, 00000004.00000003.1445683386.000000000351E000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1487260798.0000000003523000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1418401591.000000000351C000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1564187967.000000000351F000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.ietf.org/rfc/rfc2898.txt
Source: actions_version_x32-64_full.exe, 00000003.00000003.1183772668.00000000000AF000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000002.2028645628.00007FFF18D0B000.00000002.00000001.01000000.00000017.sdmp, actions_version_x32-64_full.exe, 00000004.00000002.2014491759.00007FFF18C48000.00000002.00000001.01000000.00000018.sdmp, actions_version_x32-64_full.exe, 0000000B.00000003.1267905118.00000000007E8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.openssl.org/H
Source: actions_version_x32-64_full.exe, 00000004.00000003.1222311821.0000000003D9A000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1438759537.0000000003DBE000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1521833888.0000000003DBD000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1411621935.0000000003DBB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.python.org
Source: actions_version_x32-64_full.exe, 00000004.00000003.1624230729.0000000003ED6000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1221026625.0000000003EB0000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1495479991.0000000003ED9000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1417436746.0000000003ED5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.python.org/
Source: actions_version_x32-64_full.exe, 00000004.00000002.1686301958.0000000002680000.00000004.00001000.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1193480665.0000000002B07000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1193480665.0000000002B34000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.python.org/download/releases/2.3/mro/.
Source: actions_version_x32-64_full.exe, 00000004.00000002.2098955737.00007FFF19678000.00000004.00000001.01000000.00000004.sdmp String found in binary or memory: https://www.python.org/psf/license/
Source: actions_version_x32-64_full.exe, 00000004.00000003.1407108721.0000000004173000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://wwww.certigna.fr/autorites/
Source: actions_version_x32-64_full.exe, 00000004.00000003.1623406863.000000000405A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://wwww.certigna.fr/autorites/0m
Source: actions_version_x32-64_full.exe, 00000004.00000003.1222311821.0000000003DE3000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1411621935.0000000003DF4000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1411621935.0000000003CEF000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1510560465.0000000003D65000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1625659420.0000000003DF6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://yahoo.com/
Source: unknown Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49697 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49688 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49697
Source: unknown Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49710 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.206.6.29:443 -> 192.168.2.16:49711 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.206.6.29:443 -> 192.168.2.16:49712 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49715 version: TLS 1.2
Contains functionality to retrieve information about pressed keystrokes
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 19_2_00007FFF16DC5030 _PyArg_ParseTuple_SizeT,PyEval_SaveThread,GetAsyncKeyState,PyEval_RestoreThread,_Py_BuildValue_SizeT, 19_2_00007FFF16DC5030
Contains functionality to call native functions
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 19_2_00007FFF169373F0 malloc,NtQuerySystemInformation,free,malloc,PyErr_NoMemory,free,free, 19_2_00007FFF169373F0
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 19_2_00007FFF16934680 PyArg_ParseTuple,GetProcessHeap,HeapAlloc,NtQuerySystemInformation,GetProcessHeap,HeapFree,GetProcessHeap,HeapAlloc,NtQuerySystemInformation,GetProcessHeap,HeapFree,GetProcessHeap,HeapAlloc,NtQuerySystemInformation,GetProcessHeap,HeapFree,Py_BuildValue,PyUnicode_FromWideChar,GetProcessHeap,HeapFree,PyErr_NoMemory, 19_2_00007FFF16934680
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 19_2_00007FFF16931E90 PyList_New,GetActiveProcessorCount,PyErr_SetFromWindowsErr,_Py_Dealloc,free,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,PyExc_RuntimeError,PyErr_SetString,malloc,PyErr_NoMemory,NtQuerySystemInformation,Py_BuildValue,PyList_Append,_Py_Dealloc,free,_Py_Dealloc, 19_2_00007FFF16931E90
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 19_2_00007FFF16936AA0 OpenProcess,GetLastError,NtQueryInformationProcess,RtlNtStatusToDosErrorNoTeb,PyErr_SetFromWindowsErrWithFilename,CloseHandle,ReadProcessMemory,GetLastError,CloseHandle,ReadProcessMemory,NtQueryInformationProcess,CloseHandle,ReadProcessMemory,ReadProcessMemory,VirtualQueryEx,GetLastError,PyErr_SetFromWindowsErrWithFilename,CloseHandle,calloc,PyErr_NoMemory,CloseHandle,ReadProcessMemory,GetLastError,CloseHandle,free,CloseHandle, 19_2_00007FFF16936AA0
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 19_2_00007FFF16934D00 PyArg_ParseTuple,OpenProcess,GetLastError,PyObject_IsTrue,NtSuspendProcess,NtResumeProcess,CloseHandle,_Py_NoneStruct,_Py_NoneStruct, 19_2_00007FFF16934D00
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 19_2_00007FFF16936600 PyList_New,EnterCriticalSection,GetProcessHeap,HeapAlloc,PyErr_NoMemory,_Py_Dealloc,NtQuerySystemInformation,GetProcessHeap,HeapFree,GetProcessHeap,HeapAlloc,NtQuerySystemInformation,GetProcessHeap,HeapFree,PyExc_RuntimeError,PyErr_SetString,GetCurrentProcess,DuplicateHandle,PyUnicode_FromWideChar,PyList_Append,_Py_Dealloc,GetProcessHeap,HeapFree,CloseHandle,CloseHandle,GetProcessHeap,HeapFree,_Py_Dealloc,GetProcessHeap,HeapFree,LeaveCriticalSection, 19_2_00007FFF16936600
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 19_2_00007FFF16935810 PyArg_ParseTuple,OpenProcess,GetLastError,NtSetInformationProcess,CloseHandle,_Py_NoneStruct,_Py_NoneStruct, 19_2_00007FFF16935810
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 19_2_00007FFF16936E40 PyExc_RuntimeError,PyErr_SetString,OpenProcess,GetLastError,NtQueryInformationProcess,CloseHandle,CloseHandle,calloc,PyErr_NoMemory,CloseHandle,NtQueryInformationProcess,calloc,PyErr_NoMemory,free,CloseHandle,wcscpy_s,free,CloseHandle, 19_2_00007FFF16936E40
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 19_2_00007FFF16936250 GetProcessHeap,HeapAlloc,GetFileType,SetLastError,NtQueryObject,GetProcessHeap,HeapFree,GetProcessHeap,HeapAlloc,PyErr_NoMemory,GetProcessHeap,HeapFree, 19_2_00007FFF16936250
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 19_2_00007FFF16935720 PyArg_ParseTuple,OpenProcess,GetLastError,NtQueryInformationProcess,CloseHandle,Py_BuildValue, 19_2_00007FFF16935720
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 19_2_00007FFF16932480 GetActiveProcessorCount,PyErr_SetFromWindowsErr,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,PyExc_RuntimeError,PyErr_SetString,malloc,PyErr_NoMemory,NtQuerySystemInformation,free,malloc,PyErr_NoMemory,NtQuerySystemInformation,malloc,PyErr_NoMemory,NtQuerySystemInformation,free,free,free,free,free,Py_BuildValue, 19_2_00007FFF16932480
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 19_2_00007FFF16934A70 PyArg_ParseTuple,OpenProcess,GetLastError,GetProcessHeap,HeapAlloc,NtQueryVirtualMemory,GetProcessHeap,HeapFree,GetProcessHeap,HeapAlloc,NtQueryVirtualMemory,PyExc_RuntimeError,PyErr_SetString,CloseHandle,PyErr_Clear,GetProcessHeap,HeapFree,CloseHandle,GetProcessHeap,HeapFree,CloseHandle,Py_BuildValue,PyErr_NoMemory,CloseHandle, 19_2_00007FFF16934A70
Contains functionality to communicate with device drivers
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 19_2_00007FFF16932B00: PyDict_New,swprintf_s,CreateFileA,DeviceIoControl,GetLastError,DeviceIoControl,swprintf_s,Py_BuildValue,PyDict_SetItemString,_Py_Dealloc,CloseHandle,GetLastError,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,GetLastError,__acrt_iob_func,fprintf,__acrt_iob_func,PyErr_SetFromWindowsErr,_Py_Dealloc,_Py_Dealloc,CloseHandle, 19_2_00007FFF16932B00
Contains functionality to shutdown / reboot the system
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 19_2_00007FFF16DC5B00 _PyArg_ParseTuple_SizeT,PyEval_SaveThread,ExitWindowsEx,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,_Py_NoneStruct,_Py_NoneStruct, 19_2_00007FFF16DC5B00
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 19_2_00007FFF16DC5BA0 _PyArg_ParseTuple_SizeT,PyEval_SaveThread,ExitWindowsEx,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,_Py_NoneStruct,_Py_NoneStruct, 19_2_00007FFF16DC5BA0
Detected potential crypto function
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF1877B1D0 4_2_00007FFF1877B1D0
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF187B18A0 4_2_00007FFF187B18A0
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF188DBDA0 4_2_00007FFF188DBDA0
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF188DFDC0 4_2_00007FFF188DFDC0
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF18905434 4_2_00007FFF18905434
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF189054D4 4_2_00007FFF189054D4
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF18901299 4_2_00007FFF18901299
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF18906564 4_2_00007FFF18906564
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF189054CF 4_2_00007FFF189054CF
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF189015C8 4_2_00007FFF189015C8
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF18903A8A 4_2_00007FFF18903A8A
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF189059FC 4_2_00007FFF189059FC
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF18902135 4_2_00007FFF18902135
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF189053C6 4_2_00007FFF189053C6
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF18AA1BF0 4_2_00007FFF18AA1BF0
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF18904F43 4_2_00007FFF18904F43
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF1890216C 4_2_00007FFF1890216C
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF18901CFD 4_2_00007FFF18901CFD
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF18AB9CD0 4_2_00007FFF18AB9CD0
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF189050B0 4_2_00007FFF189050B0
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF18903602 4_2_00007FFF18903602
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF1890638E 4_2_00007FFF1890638E
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF189072AC 4_2_00007FFF189072AC
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF18901622 4_2_00007FFF18901622
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF1890736A 4_2_00007FFF1890736A
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF18901D83 4_2_00007FFF18901D83
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF18902987 4_2_00007FFF18902987
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF18903837 4_2_00007FFF18903837
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF18907257 4_2_00007FFF18907257
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF18902671 4_2_00007FFF18902671
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF18903BA7 4_2_00007FFF18903BA7
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF189010AA 4_2_00007FFF189010AA
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF1890710D 4_2_00007FFF1890710D
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF18901217 4_2_00007FFF18901217
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF18906EBF 4_2_00007FFF18906EBF
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF18903634 4_2_00007FFF18903634
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF18A2D1D0 4_2_00007FFF18A2D1D0
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF18A411B0 4_2_00007FFF18A411B0
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF18905BF5 4_2_00007FFF18905BF5
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF18925200 4_2_00007FFF18925200
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF1890144C 4_2_00007FFF1890144C
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF18904408 4_2_00007FFF18904408
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF189065A0 4_2_00007FFF189065A0
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF1890318E 4_2_00007FFF1890318E
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF1891D260 4_2_00007FFF1891D260
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF18905515 4_2_00007FFF18905515
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF189068CA 4_2_00007FFF189068CA
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF189044CB 4_2_00007FFF189044CB
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF18905614 4_2_00007FFF18905614
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF1890428C 4_2_00007FFF1890428C
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF189053AD 4_2_00007FFF189053AD
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF18AB94F0 4_2_00007FFF18AB94F0
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF1890504C 4_2_00007FFF1890504C
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF18905F10 4_2_00007FFF18905F10
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF18904ACA 4_2_00007FFF18904ACA
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF18903A94 4_2_00007FFF18903A94
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF18A417E0 4_2_00007FFF18A417E0
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF18A2C830 4_2_00007FFF18A2C830
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF18902D79 4_2_00007FFF18902D79
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF18904A59 4_2_00007FFF18904A59
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF18902761 4_2_00007FFF18902761
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF189022AC 4_2_00007FFF189022AC
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF18905934 4_2_00007FFF18905934
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF18AB4CF0 4_2_00007FFF18AB4CF0
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF18901140 4_2_00007FFF18901140
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF18902FD1 4_2_00007FFF18902FD1
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF189011CC 4_2_00007FFF189011CC
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF18904C19 4_2_00007FFF18904C19
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF18906D5C 4_2_00007FFF18906D5C
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF189026EE 4_2_00007FFF189026EE
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF18901F96 4_2_00007FFF18901F96
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF189022FC 4_2_00007FFF189022FC
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF18904106 4_2_00007FFF18904106
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF18905B78 4_2_00007FFF18905B78
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF18A30070 4_2_00007FFF18A30070
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF189032EC 4_2_00007FFF189032EC
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF1890276B 4_2_00007FFF1890276B
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF18902E91 4_2_00007FFF18902E91
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF18904C3C 4_2_00007FFF18904C3C
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF18902C7A 4_2_00007FFF18902C7A
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF18A40340 4_2_00007FFF18A40340
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF189069E7 4_2_00007FFF189069E7
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF189B0440 4_2_00007FFF189B0440
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF18901424 4_2_00007FFF18901424
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF1891C480 4_2_00007FFF1891C480
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF18AB85C0 4_2_00007FFF18AB85C0
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF189025F4 4_2_00007FFF189025F4
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF1890177B 4_2_00007FFF1890177B
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF1891C620 4_2_00007FFF1891C620
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF18906C21 4_2_00007FFF18906C21
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF18904B5B 4_2_00007FFF18904B5B
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF1890704A 4_2_00007FFF1890704A
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF18901EA1 4_2_00007FFF18901EA1
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF189021B7 4_2_00007FFF189021B7
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF189060A0 4_2_00007FFF189060A0
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF189022E8 4_2_00007FFF189022E8
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF18906F28 4_2_00007FFF18906F28
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF18B3FA70 4_2_00007FFF18B3FA70
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF1890416A 4_2_00007FFF1890416A
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF18906A87 4_2_00007FFF18906A87
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF1890655F 4_2_00007FFF1890655F
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF18903FDF 4_2_00007FFF18903FDF
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF18A37D10 4_2_00007FFF18A37D10
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF18AB7CF0 4_2_00007FFF18AB7CF0
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF18AA3C90 4_2_00007FFF18AA3C90
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF1891BD60 4_2_00007FFF1891BD60
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF189030C6 4_2_00007FFF189030C6
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF18902289 4_2_00007FFF18902289
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF1891BF20 4_2_00007FFF1891BF20
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF1890213F 4_2_00007FFF1890213F
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF189072C5 4_2_00007FFF189072C5
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF1891F060 4_2_00007FFF1891F060
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF1892B1C0 4_2_00007FFF1892B1C0
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF1891F200 4_2_00007FFF1891F200
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF18904638 4_2_00007FFF18904638
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF1890114F 4_2_00007FFF1890114F
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF18906EF1 4_2_00007FFF18906EF1
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF189029D2 4_2_00007FFF189029D2
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF18A3B240 4_2_00007FFF18A3B240
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF18906CBC 4_2_00007FFF18906CBC
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF18905D8A 4_2_00007FFF18905D8A
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF1892B550 4_2_00007FFF1892B550
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF18A37540 4_2_00007FFF18A37540
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF1890516E 4_2_00007FFF1890516E
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF1896F700 4_2_00007FFF1896F700
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF18903B98 4_2_00007FFF18903B98
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF18904E53 4_2_00007FFF18904E53
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF18A328A0 4_2_00007FFF18A328A0
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF18905A65 4_2_00007FFF18905A65
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF18901CC1 4_2_00007FFF18901CC1
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF189023F1 4_2_00007FFF189023F1
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF18A8E920 4_2_00007FFF18A8E920
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF18905DA3 4_2_00007FFF18905DA3
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF189060DC 4_2_00007FFF189060DC
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF18904D09 4_2_00007FFF18904D09
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF18905E25 4_2_00007FFF18905E25
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF18901B22 4_2_00007FFF18901B22
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF189E2C90 4_2_00007FFF189E2C90
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF18AA2D50 4_2_00007FFF18AA2D50
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF1891EF00 4_2_00007FFF1891EF00
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF18905B14 4_2_00007FFF18905B14
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 19_2_00007FFF169118A0 19_2_00007FFF169118A0
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 19_2_00007FFF16931E90 19_2_00007FFF16931E90
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 19_2_00007FFF169399D0 19_2_00007FFF169399D0
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 19_2_00007FFF16932B00 19_2_00007FFF16932B00
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 19_2_00007FFF16936600 19_2_00007FFF16936600
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 19_2_00007FFF16934DF0 19_2_00007FFF16934DF0
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 19_2_00007FFF16938F30 19_2_00007FFF16938F30
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 19_2_00007FFF16933990 19_2_00007FFF16933990
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 19_2_00007FFF16932E70 19_2_00007FFF16932E70
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 19_2_00007FFF16DC4630 19_2_00007FFF16DC4630
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 19_2_00007FFF16DC37B0 19_2_00007FFF16DC37B0
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 19_2_00007FFF16DC3B90 19_2_00007FFF16DC3B90
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 19_2_00007FFF17163F50 19_2_00007FFF17163F50
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 19_2_00007FFF17161F50 19_2_00007FFF17161F50
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 19_2_00007FFF17162ED0 19_2_00007FFF17162ED0
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 19_2_00007FFF171627A0 19_2_00007FFF171627A0
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 19_2_00007FFF171632E0 19_2_00007FFF171632E0
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 19_2_00007FFF171639F0 19_2_00007FFF171639F0
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 19_2_00007FFF17173200 19_2_00007FFF17173200
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 19_2_00007FFF171F7778 19_2_00007FFF171F7778
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 19_2_00007FFF171F9620 19_2_00007FFF171F9620
Found potential string decryption / allocating functions
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: String function: 00007FFF1890405C appears 702 times
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: String function: 00007FFF16931D70 appears 39 times
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: String function: 00007FFF188D3700 appears 51 times
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: String function: 00007FFF18901EF1 appears 1454 times
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: String function: 00007FFF18904840 appears 118 times
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: String function: 00007FFF189024B9 appears 78 times
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: String function: 00007FFF18903012 appears 55 times
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: String function: 00007FFF18902739 appears 466 times
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: String function: 00007FFF18904D6D appears 31 times
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: String function: 00007FFF16931070 appears 43 times
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: String function: 00007FFF18902A09 appears 172 times
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: String function: 00007FFF188D3770 appears 96 times
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: String function: 00007FFF1890698D appears 43 times
PE file contains executable resources (Code or Archives)
Source: Unconfirmed 763581.crdownload.0.dr Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: unicodedata.pyd.3.dr Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: _overlapped.pyd.3.dr Static PE information: Resource name: RT_VERSION type: COM executable for DOS
PE file does not import any functions
Source: ccec2550-b560-4d10-a7e4-c6a8ddaca766.tmp.0.dr Static PE information: No import functions for PE file found
Source: python3.dll.3.dr Static PE information: No import functions for PE file found
Source: python3.dll.11.dr Static PE information: No import functions for PE file found
PE file overlay found
Source: ccec2550-b560-4d10-a7e4-c6a8ddaca766.tmp.0.dr Static PE information: Data appended to the last section found
Source: classification engine Classification label: mal56.evad.win@36/267@5/5
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 19_2_00007FFF16DC3B90 _PyArg_ParseTuple_SizeT,GetLastError,?PyWin_GetErrorMessageModule@@YAPEAUHINSTANCE__@@K@Z,FormatMessageW,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,?PyWinObject_FromOLECHAR@@YAPEAU_object@@PEB_W@Z,PyErr_Clear,_PyArg_ParseTuple_SizeT,?PyWinObject_AsHANDLE@@YAHPEAU_object@@PEAPEAX@Z,?PyWinObject_AsWCHAR@@YAHPEAU_object@@PEAPEA_WHPEAK@Z,?PyWinSequence_Tuple@@YAPEAU_object@@PEAU1@PEAK@Z,malloc,PyErr_NoMemory,memset,?PyWinObject_AsWCHAR@@YAHPEAU_object@@PEAPEA_WHPEAK@Z,PyEval_SaveThread,FormatMessageW,PyEval_RestoreThread,PyExc_SystemError,PyErr_SetString,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,?PyWinObject_FromOLECHAR@@YAPEAU_object@@PEB_W@Z,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,free,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,LocalFree,_Py_Dealloc, 19_2_00007FFF16DC3B90
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 19_2_00007FFF16937DB0 GetCurrentProcess,OpenProcessToken,GetLastError,ImpersonateSelf,OpenProcessToken,GetLastError,PyErr_SetFromWindowsErrWithFilename,LookupPrivilegeValueA,GetLastError,PyErr_SetFromWindowsErrWithFilename,AdjustTokenPrivileges,GetLastError,PyErr_SetFromWindowsErrWithFilename,AdjustTokenPrivileges,RevertToSelf,CloseHandle, 19_2_00007FFF16937DB0
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 19_2_00007FFF16932A30 PyArg_ParseTuple,PyUnicode_AsWideCharString,PyEval_SaveThread,GetDiskFreeSpaceExW,PyEval_RestoreThread,PyMem_Free,PyExc_OSError,PyErr_SetExcFromWindowsErrWithFilenameObject,Py_BuildValue, 19_2_00007FFF16932A30
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 19_2_00007FFF16934DF0 PyList_New,PyArg_ParseTuple,CreateToolhelp32Snapshot,_Py_Dealloc,CloseHandle,CloseHandle,Thread32First,OpenThread,GetThreadTimes,Py_BuildValue,PyList_Append,_Py_Dealloc,CloseHandle,Thread32Next,CloseHandle,_Py_Dealloc, 19_2_00007FFF16934DF0
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 19_2_00007FFF16DCCEC0 _PyArg_ParseTuple_SizeT,?PyWinObject_AsHANDLE@@YAHPEAU_object@@PEAPEAX@Z,?PyWinObject_AsResourceId@@YAHPEAU_object@@PEAPEA_WH@Z,?PyWinObject_AsResourceId@@YAHPEAU_object@@PEAPEA_WH@Z,?init@PyWinBufferView@@QEAA_NPEAU_object@@_N1@Z,UpdateResourceW,_Py_NoneStruct,_Py_NoneStruct,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,?PyWinObject_FreeResourceId@@YAXPEA_W@Z,?PyWinObject_FreeResourceId@@YAXPEA_W@Z,??1PyWinBufferView@@QEAA@XZ, 19_2_00007FFF16DCCEC0
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 19_2_00007FFF16938AA0 PyArg_ParseTuple,StartServiceA,CloseServiceHandle,CloseServiceHandle,_Py_NoneStruct,_Py_NoneStruct, 19_2_00007FFF16938AA0
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\Downloads\ccec2550-b560-4d10-a7e4-c6a8ddaca766.tmp Jump to behavior
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7448:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7736:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6468:120:WilError_03
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI68482 Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: unknown Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://c51k11nyj56k.pettisville.sbs/lander/FileRotator_ID428/download.php
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1936,i,15114365056342417784,11569837520471091794,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5464 --field-trial-handle=1936,i,15114365056342417784,11569837520471091794,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Users\user\Downloads\actions_version_x32-64_full.exe "C:\Users\user\Downloads\actions_version_x32-64_full.exe"
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Process created: C:\Users\user\Downloads\actions_version_x32-64_full.exe "C:\Users\user\Downloads\actions_version_x32-64_full.exe"
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknown Process created: C:\Users\user\Downloads\actions_version_x32-64_full.exe "C:\Users\user\Downloads\actions_version_x32-64_full.exe"
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Process created: C:\Users\user\Downloads\actions_version_x32-64_full.exe "C:\Users\user\Downloads\actions_version_x32-64_full.exe"
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown Process created: C:\Users\user\Downloads\actions_version_x32-64_full.exe "C:\Users\user\Downloads\actions_version_x32-64_full.exe"
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Process created: C:\Users\user\Downloads\actions_version_x32-64_full.exe "C:\Users\user\Downloads\actions_version_x32-64_full.exe"
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1936,i,15114365056342417784,11569837520471091794,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5464 --field-trial-handle=1936,i,15114365056342417784,11569837520471091794,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Users\user\Downloads\actions_version_x32-64_full.exe "C:\Users\user\Downloads\actions_version_x32-64_full.exe" Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Process created: C:\Users\user\Downloads\actions_version_x32-64_full.exe "C:\Users\user\Downloads\actions_version_x32-64_full.exe" Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver" Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Process created: C:\Users\user\Downloads\actions_version_x32-64_full.exe "C:\Users\user\Downloads\actions_version_x32-64_full.exe" Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver" Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Process created: C:\Users\user\Downloads\actions_version_x32-64_full.exe "C:\Users\user\Downloads\actions_version_x32-64_full.exe" Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver" Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: vcruntime140.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: libffi-8.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: vcruntime140_1.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: secur32.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: libcrypto-1_1.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: libssl-1_1.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: libcrypto-1_1.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: powrprof.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: pdh.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: umpdc.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: wtsapi32.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: sxs.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: vcruntime140.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: libffi-8.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: vcruntime140_1.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: secur32.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: libcrypto-1_1.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: libssl-1_1.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: libcrypto-1_1.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: powrprof.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: pdh.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: umpdc.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: wtsapi32.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: sxs.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: vcruntime140.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: libffi-8.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: vcruntime140_1.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: secur32.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: libcrypto-1_1.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: libssl-1_1.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: libcrypto-1_1.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: powrprof.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: pdh.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: umpdc.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: wtsapi32.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: sxs.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{172BDDF8-CEEA-11D1-8B05-00600806D9B6}\InProcServer32 Jump to behavior
Source: Google Drive.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Window Recorder Window detected: More than 3 window changes detected
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-311\Release\win32api.pdb source: actions_version_x32-64_full.exe, 00000004.00000002.2119572331.00007FFF299D7000.00000002.00000001.01000000.00000015.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: actions_version_x32-64_full.exe, 00000003.00000003.1188717359.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000002.1951746842.00007FFF188C0000.00000002.00000001.01000000.0000001F.sdmp, actions_version_x32-64_full.exe, 0000000B.00000003.1273912934.00000000007E8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-311\Release\_win32sysloader.pdb source: actions_version_x32-64_full.exe, 00000003.00000003.1189204331.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 0000000B.00000003.1274396355.00000000007E8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-311\Release\pywintypes.pdb source: actions_version_x32-64_full.exe, 00000004.00000002.2121938168.00007FFF353F0000.00000002.00000001.01000000.00000012.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-311\Release\pythoncom.pdb}},GCTL source: actions_version_x32-64_full.exe, 00000004.00000002.2038843558.00007FFF1909C000.00000002.00000001.01000000.00000014.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-311\Release\win32api.pdb!! source: actions_version_x32-64_full.exe, 00000004.00000002.2119572331.00007FFF299D7000.00000002.00000001.01000000.00000015.sdmp
Source: Binary string: D:\a\1\b\libssl-1_1.pdb@@ source: actions_version_x32-64_full.exe, 00000004.00000002.2025334270.00007FFF18CD6000.00000002.00000001.01000000.00000017.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-311\Release\pywintypes.pdb** source: actions_version_x32-64_full.exe, 00000004.00000002.2121938168.00007FFF353F0000.00000002.00000001.01000000.00000012.sdmp
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: actions_version_x32-64_full.exe, 00000004.00000002.2002473814.00007FFF18B4F000.00000002.00000001.01000000.00000018.sdmp
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1u 30 May 2023built on: Wed May 31 23:27:41 2023 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: actions_version_x32-64_full.exe, 00000004.00000002.2002473814.00007FFF18B4F000.00000002.00000001.01000000.00000018.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_overlapped.pdb source: actions_version_x32-64_full.exe, 00000003.00000003.1180006039.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000002.2130948771.00007FFF3D856000.00000002.00000001.01000000.0000001A.sdmp, actions_version_x32-64_full.exe, 0000000B.00000003.1263743403.00000000007E8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: actions_version_x32-64_full.exe, 00000003.00000003.1178117675.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000002.2133555692.00007FFF432D1000.00000002.00000001.01000000.00000005.sdmp, actions_version_x32-64_full.exe, 0000000B.00000003.1261147824.00000000007E8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: actions_version_x32-64_full.exe, 00000003.00000003.1178117675.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000002.2133555692.00007FFF432D1000.00000002.00000001.01000000.00000005.sdmp, actions_version_x32-64_full.exe, 0000000B.00000003.1261147824.00000000007E8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-311\Release\win32trace.pdb source: actions_version_x32-64_full.exe, 00000003.00000003.1189641034.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 0000000B.00000003.1274957843.00000000007E8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_multiprocessing.pdb source: actions_version_x32-64_full.exe, 00000003.00000003.1179866955.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 0000000B.00000003.1263565745.00000000007E8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\libcrypto-1_1.pdb source: actions_version_x32-64_full.exe, 00000004.00000002.2002473814.00007FFF18BD1000.00000002.00000001.01000000.00000018.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\python311.pdb source: actions_version_x32-64_full.exe, 00000004.00000002.2077307342.00007FFF195DB000.00000002.00000001.01000000.00000004.sdmp
Source: Binary string: D:\a\1\b\libssl-1_1.pdb source: actions_version_x32-64_full.exe, 00000004.00000002.2025334270.00007FFF18CD6000.00000002.00000001.01000000.00000017.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: actions_version_x32-64_full.exe, 00000003.00000003.1178273579.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000002.2131355626.00007FFF3DCB5000.00000002.00000001.01000000.00000013.sdmp, actions_version_x32-64_full.exe, 0000000B.00000003.1261398858.00000000007E8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: actions_version_x32-64_full.exe, 00000003.00000003.1187742410.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000002.2134287651.00007FFF43AC3000.00000002.00000001.01000000.0000000C.sdmp, actions_version_x32-64_full.exe, 0000000B.00000003.1272452393.00000000007E8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: actions_version_x32-64_full.exe, 00000003.00000003.1179560329.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000002.2120274492.00007FFF29CD7000.00000002.00000001.01000000.0000001C.sdmp, actions_version_x32-64_full.exe, 0000000B.00000003.1263077183.00000000007E8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: actions_version_x32-64_full.exe, 00000003.00000003.1179709167.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 0000000B.00000003.1263329464.00000000007E8000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000016.00000003.1465911665.00000000006D3000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_asyncio.pdb source: actions_version_x32-64_full.exe, 00000003.00000003.1178387754.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000002.2122984027.00007FFF366B9000.00000002.00000001.01000000.00000019.sdmp, actions_version_x32-64_full.exe, 0000000B.00000003.1261626752.00000000007E8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\pyexpat.pdb source: actions_version_x32-64_full.exe, 00000004.00000002.2125420295.00007FFF3BF82000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: actions_version_x32-64_full.exe, 00000003.00000003.1180195896.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000002.2132226438.00007FFF3F523000.00000002.00000001.01000000.00000011.sdmp, actions_version_x32-64_full.exe, 0000000B.00000003.1263957573.00000000007E8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: actions_version_x32-64_full.exe, 00000003.00000003.1179709167.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 0000000B.00000003.1263329464.00000000007E8000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000016.00000003.1465911665.00000000006D3000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: actions_version_x32-64_full.exe, 00000003.00000003.1178553717.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 0000000B.00000003.1261884884.00000000007E8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-311\Release\pythoncom.pdb source: actions_version_x32-64_full.exe, 00000004.00000002.2038843558.00007FFF1909C000.00000002.00000001.01000000.00000014.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: actions_version_x32-64_full.exe, 00000003.00000003.1180347918.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000002.2126756256.00007FFF3BFA8000.00000002.00000001.01000000.0000000B.sdmp, actions_version_x32-64_full.exe, 0000000B.00000003.1264180749.00000000007E8000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000013.00000002.2127209107.00007FFF170FD000.00000002.00000001.01000000.00000039.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\python3.pdb source: actions_version_x32-64_full.exe, 00000003.00000003.1184715824.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000002.1946874747.0000000180000000.00000002.00000001.01000000.00000006.sdmp, actions_version_x32-64_full.exe, 0000000B.00000003.1268874565.00000000007E8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdbGCTL source: actions_version_x32-64_full.exe, 00000003.00000003.1178273579.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000002.2131355626.00007FFF3DCB5000.00000002.00000001.01000000.00000013.sdmp, actions_version_x32-64_full.exe, 0000000B.00000003.1261398858.00000000007E8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: actions_version_x32-64_full.exe, 00000004.00000002.2030713081.00007FFF18D1D000.00000002.00000001.01000000.00000016.sdmp
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 19_2_00007FFF16DCF020 ?PyWinGlobals_Ensure@@YAHXZ,PyModule_Create2,PyModule_GetDict,?PyWinExc_ApiError@@3PEAU_object@@EA,PyDict_SetItemString,PyLong_FromLong,PyDict_SetItemString,PyLong_FromLong,PyDict_SetItemString,PyLong_FromLong,PyDict_SetItemString,PyType_Ready,PyDict_SetItemString,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,GetModuleHandleW,LoadLibraryW,GetProcAddressForCaller,GetProcAddress,GetModuleHandleW,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetModuleHandleW,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetModuleHandleW,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress, 19_2_00007FFF16DCF020
Entry point lies outside standard sections
Source: initial sample Static PE information: section where entry point is pointing to: .didata
PE file contains an invalid checksum
Source: _modexp.pyd.3.dr Static PE information: real checksum: 0x0 should be: 0x16fb9
Source: _raw_cast.pyd.3.dr Static PE information: real checksum: 0x0 should be: 0x7457
Source: _raw_eksblowfish.pyd.3.dr Static PE information: real checksum: 0x0 should be: 0x72e0
Source: _keccak.pyd.11.dr Static PE information: real checksum: 0x0 should be: 0x107a3
Source: pythoncom311.dll.3.dr Static PE information: real checksum: 0x0 should be: 0xa6856
Source: _cffi_backend.cp311-win_amd64.pyd.3.dr Static PE information: real checksum: 0x0 should be: 0x326ad
Source: _cpuid_c.pyd.11.dr Static PE information: real checksum: 0x0 should be: 0x7bd4
Source: _SHA256.pyd.3.dr Static PE information: real checksum: 0x0 should be: 0x5816
Source: _raw_blowfish.pyd.11.dr Static PE information: real checksum: 0x0 should be: 0xffda
Source: _SHA224.pyd.11.dr Static PE information: real checksum: 0x0 should be: 0xecdc
Source: ccec2550-b560-4d10-a7e4-c6a8ddaca766.tmp.0.dr Static PE information: real checksum: 0x11255d6 should be: 0xf8f5
Source: _raw_ctr.pyd.11.dr Static PE information: real checksum: 0x0 should be: 0xdfc1
Source: win32trace.pyd.3.dr Static PE information: real checksum: 0x0 should be: 0xa789
Source: _cffi_backend.cp311-win_amd64.pyd.11.dr Static PE information: real checksum: 0x0 should be: 0x326ad
Source: _raw_cfb.pyd.3.dr Static PE information: real checksum: 0x0 should be: 0xed1d
Source: _scrypt.pyd.3.dr Static PE information: real checksum: 0x0 should be: 0xa546
Source: _ARC4.pyd.11.dr Static PE information: real checksum: 0x0 should be: 0x115a6
Source: _ec_ws.pyd.3.dr Static PE information: real checksum: 0x0 should be: 0xc437e
Source: _pkcs1_decode.pyd.11.dr Static PE information: real checksum: 0x0 should be: 0x5ffb
Source: _Salsa20.pyd.3.dr Static PE information: real checksum: 0x0 should be: 0xaef1
Source: _raw_cbc.pyd.11.dr Static PE information: real checksum: 0x0 should be: 0x10e76
Source: _ec_ws.pyd.11.dr Static PE information: real checksum: 0x0 should be: 0xc437e
Source: _strxor.pyd.11.dr Static PE information: real checksum: 0x0 should be: 0x10656
Source: _raw_ctr.pyd.3.dr Static PE information: real checksum: 0x0 should be: 0xdfc1
Source: pythoncom311.dll.11.dr Static PE information: real checksum: 0x0 should be: 0xa6856
Source: _pkcs1_decode.pyd.3.dr Static PE information: real checksum: 0x0 should be: 0x5ffb
Source: _poly1305.pyd.11.dr Static PE information: real checksum: 0x0 should be: 0xe1ce
Source: _ghash_portable.pyd.3.dr Static PE information: real checksum: 0x0 should be: 0xdb02
Source: _RIPEMD160.pyd.11.dr Static PE information: real checksum: 0x0 should be: 0x6222
Source: _RIPEMD160.pyd.3.dr Static PE information: real checksum: 0x0 should be: 0x6222
Source: _ed25519.pyd.11.dr Static PE information: real checksum: 0x0 should be: 0xd5da
Source: _modexp.pyd.11.dr Static PE information: real checksum: 0x0 should be: 0x16fb9
Source: _x25519.pyd.3.dr Static PE information: real checksum: 0x0 should be: 0xd163
Source: win32ui.pyd.11.dr Static PE information: real checksum: 0x0 should be: 0x121d31
Source: _raw_aes.pyd.3.dr Static PE information: real checksum: 0x0 should be: 0xfc4a
Source: _SHA512.pyd.3.dr Static PE information: real checksum: 0x0 should be: 0x15f36
Source: _raw_aesni.pyd.11.dr Static PE information: real checksum: 0x0 should be: 0x4cc1
Source: _cpuid_c.pyd.3.dr Static PE information: real checksum: 0x0 should be: 0x7bd4
Source: _raw_arc2.pyd.11.dr Static PE information: real checksum: 0x0 should be: 0xa718
Source: _ed448.pyd.11.dr Static PE information: real checksum: 0x0 should be: 0x18ce0
Source: _BLAKE2b.pyd.3.dr Static PE information: real checksum: 0x0 should be: 0xd9be
Source: _ed25519.pyd.3.dr Static PE information: real checksum: 0x0 should be: 0xd5da
Source: _raw_aesni.pyd.3.dr Static PE information: real checksum: 0x0 should be: 0x4cc1
Source: _MD2.pyd.11.dr Static PE information: real checksum: 0x0 should be: 0x4947
Source: _raw_des3.pyd.11.dr Static PE information: real checksum: 0x0 should be: 0x1d733
Source: pywintypes311.dll.3.dr Static PE information: real checksum: 0x0 should be: 0x2d638
Source: _raw_des.pyd.3.dr Static PE information: real checksum: 0x0 should be: 0x10df9
Source: _MD4.pyd.3.dr Static PE information: real checksum: 0x0 should be: 0x581a
Source: _MD5.pyd.11.dr Static PE information: real checksum: 0x0 should be: 0x63cd
Source: _raw_blowfish.pyd.3.dr Static PE information: real checksum: 0x0 should be: 0xffda
Source: _raw_ocb.pyd.11.dr Static PE information: real checksum: 0x0 should be: 0x12b9b
Source: _ghash_clmul.pyd.3.dr Static PE information: real checksum: 0x0 should be: 0x371f
Source: _SHA512.pyd.11.dr Static PE information: real checksum: 0x0 should be: 0x15f36
Source: md.cp311-win_amd64.pyd.3.dr Static PE information: real checksum: 0x0 should be: 0x5ce2
Source: _psutil_windows.pyd.3.dr Static PE information: real checksum: 0x0 should be: 0x1b872
Source: _SHA384.pyd.3.dr Static PE information: real checksum: 0x0 should be: 0x125dc
Source: _raw_des.pyd.11.dr Static PE information: real checksum: 0x0 should be: 0x10df9
Source: _raw_ofb.pyd.11.dr Static PE information: real checksum: 0x0 should be: 0x8b06
Source: _raw_ecb.pyd.3.dr Static PE information: real checksum: 0x0 should be: 0xe3c8
Source: _MD4.pyd.11.dr Static PE information: real checksum: 0x0 should be: 0x581a
Source: _BLAKE2s.pyd.3.dr Static PE information: real checksum: 0x0 should be: 0x4d84
Source: _MD2.pyd.3.dr Static PE information: real checksum: 0x0 should be: 0x4947
Source: _SHA1.pyd.3.dr Static PE information: real checksum: 0x0 should be: 0x126ce
Source: _SHA1.pyd.11.dr Static PE information: real checksum: 0x0 should be: 0x126ce
Source: pywintypes311.dll.11.dr Static PE information: real checksum: 0x0 should be: 0x2d638
Source: _win32sysloader.pyd.3.dr Static PE information: real checksum: 0x0 should be: 0xe1e0
Source: _raw_aes.pyd.11.dr Static PE information: real checksum: 0x0 should be: 0xfc4a
Source: _raw_des3.pyd.3.dr Static PE information: real checksum: 0x0 should be: 0x1d733
Source: _keccak.pyd.3.dr Static PE information: real checksum: 0x0 should be: 0x107a3
Source: _chacha20.pyd.3.dr Static PE information: real checksum: 0x0 should be: 0x78f3
Source: _raw_eksblowfish.pyd.11.dr Static PE information: real checksum: 0x0 should be: 0x72e0
Source: _chacha20.pyd.11.dr Static PE information: real checksum: 0x0 should be: 0x78f3
Source: _raw_ecb.pyd.11.dr Static PE information: real checksum: 0x0 should be: 0xe3c8
Source: _raw_arc2.pyd.3.dr Static PE information: real checksum: 0x0 should be: 0xa718
Source: win32ui.pyd.3.dr Static PE information: real checksum: 0x0 should be: 0x121d31
Source: _scrypt.pyd.11.dr Static PE information: real checksum: 0x0 should be: 0xa546
Source: _ARC4.pyd.3.dr Static PE information: real checksum: 0x0 should be: 0x115a6
Source: _poly1305.pyd.3.dr Static PE information: real checksum: 0x0 should be: 0xe1ce
Source: _x25519.pyd.11.dr Static PE information: real checksum: 0x0 should be: 0xd163
Source: _SHA224.pyd.3.dr Static PE information: real checksum: 0x0 should be: 0xecdc
Source: _SHA256.pyd.11.dr Static PE information: real checksum: 0x0 should be: 0x5816
Source: _MD5.pyd.3.dr Static PE information: real checksum: 0x0 should be: 0x63cd
Source: _ghash_clmul.pyd.11.dr Static PE information: real checksum: 0x0 should be: 0x371f
Source: _raw_cfb.pyd.11.dr Static PE information: real checksum: 0x0 should be: 0xed1d
Source: _raw_ocb.pyd.3.dr Static PE information: real checksum: 0x0 should be: 0x12b9b
Source: md__mypyc.cp311-win_amd64.pyd.3.dr Static PE information: real checksum: 0x0 should be: 0x2b1ad
Source: _Salsa20.pyd.11.dr Static PE information: real checksum: 0x0 should be: 0xaef1
Source: _ed448.pyd.3.dr Static PE information: real checksum: 0x0 should be: 0x18ce0
Source: _ghash_portable.pyd.11.dr Static PE information: real checksum: 0x0 should be: 0xdb02
Source: win32api.pyd.3.dr Static PE information: real checksum: 0x0 should be: 0x2a25c
Source: _SHA384.pyd.11.dr Static PE information: real checksum: 0x0 should be: 0x125dc
Source: shell.pyd.3.dr Static PE information: real checksum: 0x0 should be: 0x8f48c
Source: _strxor.pyd.3.dr Static PE information: real checksum: 0x0 should be: 0x10656
Source: _raw_ofb.pyd.3.dr Static PE information: real checksum: 0x0 should be: 0x8b06
Source: _BLAKE2b.pyd.11.dr Static PE information: real checksum: 0x0 should be: 0xd9be
Source: _raw_cbc.pyd.3.dr Static PE information: real checksum: 0x0 should be: 0x10e76
Source: _raw_cast.pyd.11.dr Static PE information: real checksum: 0x0 should be: 0x7457
Source: _BLAKE2s.pyd.11.dr Static PE information: real checksum: 0x0 should be: 0x4d84
PE file contains sections with non-standard names
Source: ccec2550-b560-4d10-a7e4-c6a8ddaca766.tmp.0.dr Static PE information: section name: _RDATA
Source: ccec2550-b560-4d10-a7e4-c6a8ddaca766.tmp.0.dr Static PE information: section name: .xdata
Source: ccec2550-b560-4d10-a7e4-c6a8ddaca766.tmp.0.dr Static PE information: section name: .didata
Source: Unconfirmed 763581.crdownload.0.dr Static PE information: section name: _RDATA
Source: Unconfirmed 763581.crdownload.0.dr Static PE information: section name: .xdata
Source: Unconfirmed 763581.crdownload.0.dr Static PE information: section name: .didata
Source: python311.dll.3.dr Static PE information: section name: PyRuntim
Source: mfc140u.dll.3.dr Static PE information: section name: .didat
Source: VCRUNTIME140.dll.3.dr Static PE information: section name: _RDATA
Source: libcrypto-1_1.dll.3.dr Static PE information: section name: .00cfg
Source: libssl-1_1.dll.3.dr Static PE information: section name: .00cfg
Source: mfc140u.dll.11.dr Static PE information: section name: .didat
Source: VCRUNTIME140.dll.11.dr Static PE information: section name: _RDATA
Source: libcrypto-1_1.dll.11.dr Static PE information: section name: .00cfg
Source: libssl-1_1.dll.11.dr Static PE information: section name: .00cfg
Source: python311.dll.11.dr Static PE information: section name: PyRuntim
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 11_2_005EE598 push ecx; retf 11_2_005EE599
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 11_2_005ED458 push ecx; retf 11_2_005ED459
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 11_2_005E78A8 push ecx; retf 11_2_005E78A9
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 22_2_005ED458 push ecx; retf 22_2_005ED459
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 22_2_005EE598 push ecx; retf 22_2_005EE599
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 22_2_005E78A8 push ecx; retf 22_2_005E78A9
Source: Unconfirmed 763581.crdownload.0.dr Static PE information: section name: .xdata entropy: 7.604263355391026
Source: Unconfirmed 763581.crdownload.0.dr Static PE information: section name: .didata entropy: 7.638498620331578

Persistence and Installation Behavior
barindex
Contains functionality to infect the boot sector
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: PyDict_New,swprintf_s,CreateFileA,DeviceIoControl,GetLastError,DeviceIoControl,swprintf_s,Py_BuildValue,PyDict_SetItemString,_Py_Dealloc,CloseHandle,GetLastError,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,GetLastError,__acrt_iob_func,fprintf,__acrt_iob_func,PyErr_SetFromWindowsErr,_Py_Dealloc,_Py_Dealloc,CloseHandle, \\.\PhysicalDrive%d 19_2_00007FFF16932B00
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: PyDict_New,swprintf_s,CreateFileA,DeviceIoControl,GetLastError,DeviceIoControl,swprintf_s,Py_BuildValue,PyDict_SetItemString,_Py_Dealloc,CloseHandle,GetLastError,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,GetLastError,__acrt_iob_func,fprintf,__acrt_iob_func,PyErr_SetFromWindowsErr,_Py_Dealloc,_Py_Dealloc,CloseHandle, PhysicalDrive%i 19_2_00007FFF16932B00
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: PyDict_New,swprintf_s,CreateFileA,DeviceIoControl,GetLastError,DeviceIoControl,swprintf_s,Py_BuildValue,PyDict_SetItemString,_Py_Dealloc,CloseHandle,GetLastError,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,GetLastError,__acrt_iob_func,fprintf,__acrt_iob_func,PyErr_SetFromWindowsErr,_Py_Dealloc,_Py_Dealloc,CloseHandle, DeviceIoControl -> ERROR_INVALID_FUNCTION; ignore PhysicalDrive%i 19_2_00007FFF16932B00
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: PyDict_New,swprintf_s,CreateFileA,DeviceIoControl,GetLastError,DeviceIoControl,swprintf_s,Py_BuildValue,PyDict_SetItemString,_Py_Dealloc,CloseHandle,GetLastError,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,GetLastError,__acrt_iob_func,fprintf,__acrt_iob_func,PyErr_SetFromWindowsErr,_Py_Dealloc,_Py_Dealloc,CloseHandle, DeviceIoControl -> ERROR_NOT_SUPPORTED; ignore PhysicalDrive%i 19_2_00007FFF16932B00
Found pyInstaller with non standard icon
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Process created: "C:\Users\user\Downloads\actions_version_x32-64_full.exe"
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Process created: "C:\Users\user\Downloads\actions_version_x32-64_full.exe"
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Process created: "C:\Users\user\Downloads\actions_version_x32-64_full.exe"
Drops PE files
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome\Cipher\_raw_ofb.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI75962\libffi-8.dll Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome\Hash\_SHA384.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI75962\charset_normalizer\md__mypyc.cp311-win_amd64.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI75962\win32\_win32sysloader.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI75962\Cryptodome\Hash\_ghash_portable.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI48922\select.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome\Protocol\_scrypt.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI75962\Cryptodome\Cipher\_raw_arc2.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI75962\win32com\shell\shell.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI68482\charset_normalizer\md__mypyc.cp311-win_amd64.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome\Hash\_BLAKE2b.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome\Hash\_poly1305.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome\Hash\_MD5.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI75962\Cryptodome\Hash\_SHA1.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI75962\Cryptodome\Cipher\_raw_blowfish.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI75962\_multiprocessing.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome\Cipher\_raw_des.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome\Hash\_ghash_clmul.pyd Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\Downloads\ccec2550-b560-4d10-a7e4-c6a8ddaca766.tmp Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI68482\win32\win32api.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI68482\pywin32_system32\pywintypes311.dll Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome\Cipher\_raw_arc2.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI68482\_bz2.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI68482\_ctypes.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI75962\Cryptodome\Cipher\_raw_cfb.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome\Cipher\_raw_eksblowfish.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome\Hash\_ghash_portable.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome\PublicKey\_ed448.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI75962\Cryptodome\Cipher\_raw_ctr.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI75962\Cryptodome\Hash\_BLAKE2b.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI68482\python3.dll Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI48922\_queue.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI75962\Cryptodome\Hash\_RIPEMD160.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome\Cipher\_raw_ctr.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI68482\Pythonwin\win32ui.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI75962\Cryptodome\Cipher\_raw_ecb.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI68482\_hashlib.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome\PublicKey\_x25519.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI48922\_asyncio.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome\Cipher\_raw_cast.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome\Cipher\_chacha20.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome\Cipher\_raw_aesni.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI75962\Cryptodome\PublicKey\_ec_ws.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI75962\pywin32_system32\pywintypes311.dll Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome\Cipher\_raw_ofb.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome\Cipher\_ARC4.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI48922\_socket.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI75962\Cryptodome\Cipher\_raw_cbc.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI75962\Cryptodome\Cipher\_raw_des.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI68482\_cffi_backend.cp311-win_amd64.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome\Hash\_SHA224.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome\Util\_strxor.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome\Hash\_BLAKE2s.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI75962\Cryptodome\Cipher\_ARC4.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI68482\_ssl.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI48922\_overlapped.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI48922\pywin32_system32\pywintypes311.dll Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI68482\libcrypto-1_1.dll Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome\Hash\_SHA256.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI48922\_hashlib.pyd Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\Downloads\actions_version_x32-64_full.exe (copy) Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome\Hash\_MD2.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI75962\_cffi_backend.cp311-win_amd64.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI75962\Cryptodome\Hash\_keccak.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome\Cipher\_raw_ecb.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI48922\python3.dll Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI48922\charset_normalizer\md.cp311-win_amd64.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome\Hash\_ghash_clmul.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome\Cipher\_raw_ctr.pyd Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\Downloads\Unconfirmed 763581.crdownload Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI48922\pyexpat.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI75962\_asyncio.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome\Math\_modexp.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI48922\psutil\_psutil_windows.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI75962\psutil\_psutil_windows.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI75962\Cryptodome\Cipher\_pkcs1_decode.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI48922\Pythonwin\mfc140u.dll Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI75962\VCRUNTIME140_1.dll Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI75962\_queue.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI68482\VCRUNTIME140_1.dll Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI75962\Cryptodome\Hash\_BLAKE2s.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI75962\_bz2.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI48922\_bz2.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome\Hash\_MD2.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI68482\libffi-8.dll Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI75962\win32\win32trace.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI48922\unicodedata.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI48922\Pythonwin\win32ui.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI75962\Cryptodome\PublicKey\_x25519.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome\Hash\_BLAKE2b.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome\Cipher\_raw_ecb.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI68482\_asyncio.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI68482\win32com\shell\shell.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI75962\Cryptodome\Cipher\_raw_aesni.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome\Hash\_SHA384.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI48922\_multiprocessing.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI75962\win32\win32api.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI75962\Cryptodome\Cipher\_raw_aes.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI68482\_decimal.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI48922\VCRUNTIME140.dll Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI75962\Cryptodome\Hash\_MD2.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI68482\pyexpat.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI75962\Cryptodome\Util\_strxor.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI68482\_lzma.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI75962\Cryptodome\Hash\_SHA512.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI75962\Cryptodome\Hash\_poly1305.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI48922\libcrypto-1_1.dll Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI75962\Cryptodome\Cipher\_raw_ofb.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome\Hash\_SHA224.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI75962\pyexpat.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI48922\charset_normalizer\md__mypyc.cp311-win_amd64.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI68482\pywin32_system32\pythoncom311.dll Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome\PublicKey\_ec_ws.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome\Hash\_poly1305.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI75962\Cryptodome\Hash\_SHA256.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome\Util\_cpuid_c.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI48922\win32com\shell\shell.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome\Hash\_SHA256.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome\Hash\_ghash_portable.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome\Cipher\_raw_ocb.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI75962\Cryptodome\PublicKey\_ed25519.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI75962\_ctypes.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome\Cipher\_raw_blowfish.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI68482\_overlapped.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI75962\Cryptodome\Protocol\_scrypt.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI48922\win32\win32api.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome\Protocol\_scrypt.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI68482\_multiprocessing.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI68482\libssl-1_1.dll Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome\Cipher\_raw_eksblowfish.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome\Cipher\_raw_aes.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome\Cipher\_raw_ocb.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome\Cipher\_raw_aesni.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome\Hash\_SHA1.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI48922\pywin32_system32\pythoncom311.dll Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI75962\charset_normalizer\md.cp311-win_amd64.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI48922\_lzma.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome\Hash\_SHA1.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome\Cipher\_pkcs1_decode.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome\Hash\_BLAKE2s.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI68482\psutil\_psutil_windows.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI75962\Cryptodome\Util\_cpuid_c.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI75962\Cryptodome\Math\_modexp.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI75962\libssl-1_1.dll Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI75962\Pythonwin\mfc140u.dll Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome\Cipher\_Salsa20.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI75962\_overlapped.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome\Cipher\_raw_cast.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome\Hash\_SHA512.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome\Cipher\_Salsa20.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI75962\_decimal.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome\Cipher\_raw_des3.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI75962\Cryptodome\Hash\_MD5.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI75962\_lzma.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI68482\win32\_win32sysloader.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome\Math\_modexp.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome\Util\_cpuid_c.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome\Cipher\_raw_arc2.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome\Cipher\_pkcs1_decode.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI75962\Cryptodome\Hash\_ghash_clmul.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI75962\Cryptodome\Cipher\_raw_des3.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome\Cipher\_raw_des3.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome\Cipher\_raw_cfb.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI75962\_socket.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI68482\_queue.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome\Cipher\_chacha20.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome\Hash\_keccak.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome\Hash\_RIPEMD160.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI68482\_socket.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome\Cipher\_raw_aes.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome\Cipher\_raw_des.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome\Hash\_MD4.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome\Cipher\_raw_cbc.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI48922\libssl-1_1.dll Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI75962\Cryptodome\Cipher\_raw_eksblowfish.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI75962\select.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI68482\charset_normalizer\md.cp311-win_amd64.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome\Hash\_MD4.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI75962\python3.dll Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI68482\Pythonwin\mfc140u.dll Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome\Util\_strxor.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI68482\unicodedata.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome\PublicKey\_ed25519.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI75962\Cryptodome\Cipher\_chacha20.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome\Cipher\_raw_blowfish.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome\Hash\_keccak.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome\Cipher\_raw_cfb.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI68482\win32\win32trace.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI68482\python311.dll Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome\PublicKey\_ed448.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI68482\select.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome\PublicKey\_ec_ws.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI75962\Cryptodome\Hash\_SHA384.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI75962\python311.dll Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI48922\libffi-8.dll Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI68482\VCRUNTIME140.dll Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI75962\Pythonwin\win32ui.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome\Hash\_SHA512.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome\Hash\_RIPEMD160.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI48922\VCRUNTIME140_1.dll Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome\Cipher\_ARC4.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI75962\Cryptodome\Cipher\_raw_cast.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI75962\Cryptodome\PublicKey\_ed448.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI75962\Cryptodome\Cipher\_Salsa20.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome\PublicKey\_ed25519.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI48922\win32\_win32sysloader.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI75962\Cryptodome\Hash\_SHA224.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI48922\_cffi_backend.cp311-win_amd64.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI75962\_ssl.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI48922\win32\win32trace.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI75962\VCRUNTIME140.dll Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome\Hash\_MD5.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI48922\_decimal.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI75962\Cryptodome\Cipher\_raw_ocb.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome\Cipher\_raw_cbc.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI48922\python311.dll Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI75962\unicodedata.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome\PublicKey\_x25519.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI48922\_ssl.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI75962\pywin32_system32\pythoncom311.dll Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI75962\Cryptodome\Hash\_MD4.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI75962\_hashlib.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI75962\libcrypto-1_1.dll Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe File created: C:\Users\user\AppData\Local\Temp\_MEI48922\_ctypes.pyd Jump to dropped file

Boot Survival
barindex
Contains functionality to infect the boot sector
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: PyDict_New,swprintf_s,CreateFileA,DeviceIoControl,GetLastError,DeviceIoControl,swprintf_s,Py_BuildValue,PyDict_SetItemString,_Py_Dealloc,CloseHandle,GetLastError,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,GetLastError,__acrt_iob_func,fprintf,__acrt_iob_func,PyErr_SetFromWindowsErr,_Py_Dealloc,_Py_Dealloc,CloseHandle, \\.\PhysicalDrive%d 19_2_00007FFF16932B00
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: PyDict_New,swprintf_s,CreateFileA,DeviceIoControl,GetLastError,DeviceIoControl,swprintf_s,Py_BuildValue,PyDict_SetItemString,_Py_Dealloc,CloseHandle,GetLastError,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,GetLastError,__acrt_iob_func,fprintf,__acrt_iob_func,PyErr_SetFromWindowsErr,_Py_Dealloc,_Py_Dealloc,CloseHandle, PhysicalDrive%i 19_2_00007FFF16932B00
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: PyDict_New,swprintf_s,CreateFileA,DeviceIoControl,GetLastError,DeviceIoControl,swprintf_s,Py_BuildValue,PyDict_SetItemString,_Py_Dealloc,CloseHandle,GetLastError,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,GetLastError,__acrt_iob_func,fprintf,__acrt_iob_func,PyErr_SetFromWindowsErr,_Py_Dealloc,_Py_Dealloc,CloseHandle, DeviceIoControl -> ERROR_INVALID_FUNCTION; ignore PhysicalDrive%i 19_2_00007FFF16932B00
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: PyDict_New,swprintf_s,CreateFileA,DeviceIoControl,GetLastError,DeviceIoControl,swprintf_s,Py_BuildValue,PyDict_SetItemString,_Py_Dealloc,CloseHandle,GetLastError,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,GetLastError,__acrt_iob_func,fprintf,__acrt_iob_func,PyErr_SetFromWindowsErr,_Py_Dealloc,_Py_Dealloc,CloseHandle, DeviceIoControl -> ERROR_NOT_SUPPORTED; ignore PhysicalDrive%i 19_2_00007FFF16932B00
Stores files to the Windows start menu directory
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 19_2_00007FFF16938AA0 PyArg_ParseTuple,StartServiceA,CloseServiceHandle,CloseServiceHandle,_Py_NoneStruct,_Py_NoneStruct, 19_2_00007FFF16938AA0
Extensive use of GetProcAddress (often used to hide API calls)
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 19_2_00007FFF16DCF020 ?PyWinGlobals_Ensure@@YAHXZ,PyModule_Create2,PyModule_GetDict,?PyWinExc_ApiError@@3PEAU_object@@EA,PyDict_SetItemString,PyLong_FromLong,PyDict_SetItemString,PyLong_FromLong,PyDict_SetItemString,PyLong_FromLong,PyDict_SetItemString,PyType_Ready,PyDict_SetItemString,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,GetModuleHandleW,LoadLibraryW,GetProcAddressForCaller,GetProcAddress,GetModuleHandleW,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetModuleHandleW,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetModuleHandleW,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress, 19_2_00007FFF16DCF020
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF189032FB rdtsc 4_2_00007FFF189032FB
Contains functionality to enumerate running services
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: PyList_New,OpenSCManagerA,GetLastError,PyErr_SetFromWindowsErrWithFilename,EnumServicesStatusExW,GetLastError,free,malloc,EnumServicesStatusExW,PyUnicode_FromWideChar,PyUnicode_FromWideChar,Py_BuildValue,PyList_Append,_Py_Dealloc,_Py_Dealloc,_Py_Dealloc,CloseServiceHandle,free,_Py_Dealloc,_Py_Dealloc,_Py_Dealloc,_Py_Dealloc,CloseServiceHandle,free, 19_2_00007FFF16938170
Found dropped PE file which has not been started or loaded
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome\Cipher\_raw_ofb.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome\Hash\_SHA384.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75962\charset_normalizer\md__mypyc.cp311-win_amd64.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75962\win32\_win32sysloader.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75962\Cryptodome\Hash\_ghash_portable.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI48922\select.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome\Protocol\_scrypt.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75962\Cryptodome\Cipher\_raw_arc2.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75962\win32com\shell\shell.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68482\charset_normalizer\md__mypyc.cp311-win_amd64.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome\Hash\_BLAKE2b.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome\Hash\_poly1305.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome\Hash\_MD5.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75962\Cryptodome\Hash\_SHA1.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75962\_multiprocessing.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75962\Cryptodome\Cipher\_raw_blowfish.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome\Cipher\_raw_des.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome\Hash\_ghash_clmul.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68482\win32\win32api.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome\Cipher\_raw_arc2.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68482\pywin32_system32\pywintypes311.dll Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68482\_ctypes.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68482\_bz2.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75962\Cryptodome\Cipher\_raw_cfb.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome\Cipher\_raw_eksblowfish.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome\Hash\_ghash_portable.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome\PublicKey\_ed448.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75962\Cryptodome\Cipher\_raw_ctr.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75962\Cryptodome\Hash\_BLAKE2b.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI48922\_queue.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68482\python3.dll Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75962\Cryptodome\Hash\_RIPEMD160.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome\Cipher\_raw_ctr.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68482\Pythonwin\win32ui.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75962\Cryptodome\Cipher\_raw_ecb.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68482\_hashlib.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome\PublicKey\_x25519.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI48922\_asyncio.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome\Cipher\_raw_cast.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome\Cipher\_chacha20.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome\Cipher\_raw_aesni.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75962\Cryptodome\PublicKey\_ec_ws.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75962\pywin32_system32\pywintypes311.dll Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome\Cipher\_raw_ofb.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome\Cipher\_ARC4.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI48922\_socket.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75962\Cryptodome\Cipher\_raw_des.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75962\Cryptodome\Cipher\_raw_cbc.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68482\_cffi_backend.cp311-win_amd64.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome\Hash\_SHA224.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome\Util\_strxor.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome\Hash\_BLAKE2s.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75962\Cryptodome\Cipher\_ARC4.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68482\_ssl.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI48922\pywin32_system32\pywintypes311.dll Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI48922\_overlapped.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome\Hash\_SHA256.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI48922\_hashlib.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75962\_cffi_backend.cp311-win_amd64.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome\Hash\_MD2.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75962\Cryptodome\Hash\_keccak.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome\Cipher\_raw_ecb.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI48922\python3.dll Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI48922\charset_normalizer\md.cp311-win_amd64.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome\Hash\_ghash_clmul.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome\Cipher\_raw_ctr.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI48922\pyexpat.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75962\_asyncio.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome\Math\_modexp.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI48922\psutil\_psutil_windows.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75962\psutil\_psutil_windows.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75962\Cryptodome\Cipher\_pkcs1_decode.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI48922\Pythonwin\mfc140u.dll Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75962\_queue.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75962\Cryptodome\Hash\_BLAKE2s.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75962\_bz2.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI48922\_bz2.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome\Hash\_MD2.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75962\win32\win32trace.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI48922\unicodedata.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI48922\Pythonwin\win32ui.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75962\Cryptodome\PublicKey\_x25519.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome\Hash\_BLAKE2b.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome\Cipher\_raw_ecb.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68482\_asyncio.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68482\win32com\shell\shell.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75962\Cryptodome\Cipher\_raw_aesni.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome\Hash\_SHA384.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI48922\_multiprocessing.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75962\win32\win32api.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75962\Cryptodome\Cipher\_raw_aes.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68482\_decimal.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75962\Cryptodome\Hash\_MD2.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68482\pyexpat.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75962\Cryptodome\Util\_strxor.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68482\_lzma.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75962\Cryptodome\Hash\_SHA512.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75962\Cryptodome\Hash\_poly1305.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75962\Cryptodome\Cipher\_raw_ofb.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome\Hash\_SHA224.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75962\pyexpat.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI48922\charset_normalizer\md__mypyc.cp311-win_amd64.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68482\pywin32_system32\pythoncom311.dll Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome\PublicKey\_ec_ws.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome\Hash\_poly1305.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75962\Cryptodome\Hash\_SHA256.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome\Util\_cpuid_c.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI48922\win32com\shell\shell.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome\Hash\_SHA256.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome\Hash\_ghash_portable.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75962\Cryptodome\PublicKey\_ed25519.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome\Cipher\_raw_ocb.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75962\_ctypes.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome\Cipher\_raw_blowfish.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68482\_overlapped.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75962\Cryptodome\Protocol\_scrypt.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI48922\win32\win32api.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome\Protocol\_scrypt.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68482\_multiprocessing.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome\Cipher\_raw_eksblowfish.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome\Cipher\_raw_aes.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome\Cipher\_raw_aesni.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome\Cipher\_raw_ocb.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome\Hash\_SHA1.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI48922\pywin32_system32\pythoncom311.dll Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75962\charset_normalizer\md.cp311-win_amd64.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI48922\_lzma.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome\Hash\_SHA1.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome\Cipher\_pkcs1_decode.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome\Hash\_BLAKE2s.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68482\psutil\_psutil_windows.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75962\Cryptodome\Util\_cpuid_c.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75962\Cryptodome\Math\_modexp.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75962\Pythonwin\mfc140u.dll Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome\Cipher\_Salsa20.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75962\_overlapped.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome\Cipher\_raw_cast.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome\Hash\_SHA512.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75962\_decimal.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome\Cipher\_Salsa20.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75962\_lzma.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75962\Cryptodome\Hash\_MD5.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome\Cipher\_raw_des3.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68482\win32\_win32sysloader.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome\Math\_modexp.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome\Util\_cpuid_c.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome\Cipher\_raw_arc2.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75962\Cryptodome\Hash\_ghash_clmul.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome\Cipher\_pkcs1_decode.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75962\Cryptodome\Cipher\_raw_des3.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome\Cipher\_raw_des3.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome\Cipher\_raw_cfb.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75962\_socket.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68482\_queue.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome\Cipher\_chacha20.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome\Hash\_RIPEMD160.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome\Hash\_keccak.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68482\_socket.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome\Cipher\_raw_aes.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome\Cipher\_raw_des.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome\Hash\_MD4.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome\Cipher\_raw_cbc.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75962\Cryptodome\Cipher\_raw_eksblowfish.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75962\select.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68482\charset_normalizer\md.cp311-win_amd64.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome\Hash\_MD4.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75962\python3.dll Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68482\Pythonwin\mfc140u.dll Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome\Util\_strxor.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68482\unicodedata.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome\PublicKey\_ed25519.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75962\Cryptodome\Cipher\_chacha20.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome\Cipher\_raw_blowfish.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome\Hash\_keccak.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome\Cipher\_raw_cfb.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68482\python311.dll Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68482\win32\win32trace.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome\PublicKey\_ed448.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68482\select.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome\PublicKey\_ec_ws.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75962\Cryptodome\Hash\_SHA384.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75962\python311.dll Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75962\Pythonwin\win32ui.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome\Hash\_SHA512.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome\Hash\_RIPEMD160.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome\Cipher\_ARC4.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75962\Cryptodome\PublicKey\_ed448.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75962\Cryptodome\Cipher\_Salsa20.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75962\Cryptodome\Cipher\_raw_cast.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome\PublicKey\_ed25519.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI48922\win32\_win32sysloader.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75962\Cryptodome\Hash\_SHA224.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75962\_ssl.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI48922\_cffi_backend.cp311-win_amd64.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI48922\win32\win32trace.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome\Hash\_MD5.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75962\Cryptodome\Cipher\_raw_ocb.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI48922\_decimal.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome\Cipher\_raw_cbc.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI48922\python311.dll Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75962\unicodedata.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome\PublicKey\_x25519.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI48922\_ssl.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75962\pywin32_system32\pythoncom311.dll Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75962\Cryptodome\Hash\_MD4.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75962\_hashlib.pyd Jump to dropped file
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI48922\_ctypes.pyd Jump to dropped file
Found large amount of non-executed APIs
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe API coverage: 0.6 %
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe API coverage: 3.2 %
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Model FROM Win32_ComputerSystem
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Model FROM Win32_ComputerSystem
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Model FROM Win32_ComputerSystem
Sample execution stops while process was sleeping (likely an evasion)
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF1890322E _errno,malloc,_errno,memset,MultiByteToWideChar,GetLastError,MultiByteToWideChar,MultiByteToWideChar,free,_errno,FindFirstFileW,_errno,FindNextFileW,WideCharToMultiByte, 4_2_00007FFF1890322E
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 19_2_00007FFF16DC37B0 _PyArg_ParseTuple_SizeT,?PyWinObject_AsWCHAR@@YAHPEAU_object@@PEAPEA_WHPEAK@Z,PyList_New,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,FindFirstFileW,GetLastError,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,?PyObject_FromWIN32_FIND_DATAW@@YAPEAU_object@@PEAU_WIN32_FIND_DATAW@@@Z,PyList_Append,_Py_Dealloc,FindNextFileW,GetLastError,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,FindClose,_Py_Dealloc, 19_2_00007FFF16DC37B0
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 19_2_00007FFF16932E70 memset,PyList_New,SetErrorMode,PyArg_ParseTuple,PyObject_IsTrue,PyEval_SaveThread,GetLogicalDriveStringsA,PyEval_RestoreThread,PyErr_SetFromWindowsErr,SetErrorMode,PyEval_SaveThread,GetDriveTypeA,PyEval_RestoreThread,GetVolumeInformationA,strcat_s,SetLastError,strcat_s,strcat_s,strcat_s,FindFirstVolumeMountPointA,strcpy_s,strcat_s,Py_BuildValue,PyList_Append,_Py_Dealloc,FindNextVolumeMountPointA,FindVolumeMountPointClose,strcat_s,strcat_s,Py_BuildValue,PyList_Append,_Py_Dealloc,strchr,SetErrorMode,FindVolumeMountPointClose,SetErrorMode,_Py_Dealloc,_Py_Dealloc, 19_2_00007FFF16932E70
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF1877B990 _Py_NoneStruct,_PyArg_ParseTuple_SizeT,GetSystemInfo,VirtualAlloc,_Py_Dealloc,PyExc_MemoryError,PyErr_SetString,_PyObject_GC_New,PyExc_NotImplementedError,PyErr_Format,Py_FatalError,PyObject_GC_Track,PyExc_SystemError,PyErr_SetString,_Py_Dealloc,_Py_Dealloc, 4_2_00007FFF1877B990
Source: actions_version_x32-64_full.exe, 00000003.00000003.1181398768.00000000000A7000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 0000000B.00000003.1265424119.00000000007E8000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: j2aTPs+9xYa9+bG3tD60B8jzljHz7aRP+KNOjSkVWLjVb3/ubCK1sK9IRQq9qEmU
Source: actions_version_x32-64_full.exe, 00000004.00000003.1674895354.0000000002E2A000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1198755229.0000000002E29000.00000004.00000020.00020000.00000000.sdmp, actions_version_x32-64_full.exe, 00000004.00000003.1200307737.0000000002E29000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAWn"h
Source: actions_version_x32-64_full.exe, 00000004.00000003.1198755229.0000000002D61000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Process information queried: ProcessInformation Jump to behavior

Anti Debugging
barindex
Hides threads from debuggers
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Thread information set: HideFromDebugger Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Thread information set: HideFromDebugger Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Thread information set: HideFromDebugger Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Thread information set: HideFromDebugger Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Thread information set: HideFromDebugger Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Thread information set: HideFromDebugger Jump to behavior
Potentially malicious time measurement code found
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF18905731 4_2_00007FFF18905731
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF18904246 4_2_00007FFF18904246
Checks if the current process is being debugged
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Process queried: DebugObjectHandle Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Process queried: DebugObjectHandle Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Process queried: DebugObjectHandle Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Process queried: DebugObjectHandle Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Process queried: DebugObjectHandle Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Process queried: DebugObjectHandle Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF189032FB rdtsc 4_2_00007FFF189032FB
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF1878B758 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 4_2_00007FFF1878B758
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 19_2_00007FFF16DCF020 ?PyWinGlobals_Ensure@@YAHXZ,PyModule_Create2,PyModule_GetDict,?PyWinExc_ApiError@@3PEAU_object@@EA,PyDict_SetItemString,PyLong_FromLong,PyDict_SetItemString,PyLong_FromLong,PyDict_SetItemString,PyLong_FromLong,PyDict_SetItemString,PyType_Ready,PyDict_SetItemString,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,GetModuleHandleW,LoadLibraryW,GetProcAddressForCaller,GetProcAddress,GetModuleHandleW,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetModuleHandleW,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetModuleHandleW,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress, 19_2_00007FFF16DCF020
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 19_2_00007FFF16934680 PyArg_ParseTuple,GetProcessHeap,HeapAlloc,NtQuerySystemInformation,GetProcessHeap,HeapFree,GetProcessHeap,HeapAlloc,NtQuerySystemInformation,GetProcessHeap,HeapFree,GetProcessHeap,HeapAlloc,NtQuerySystemInformation,GetProcessHeap,HeapFree,Py_BuildValue,PyUnicode_FromWideChar,GetProcessHeap,HeapFree,PyErr_NoMemory, 19_2_00007FFF16934680
Enables debug privileges
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Process token adjusted: Debug Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Process token adjusted: Debug Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF1878ADF0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 4_2_00007FFF1878ADF0
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF1878B758 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 4_2_00007FFF1878B758
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF187B3058 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 4_2_00007FFF187B3058
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF187B2A90 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 4_2_00007FFF187B2A90
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF188E3438 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 4_2_00007FFF188E3438
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF188E2E70 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 4_2_00007FFF188E2E70
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 19_2_00007FFF16901430 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 19_2_00007FFF16901430
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 19_2_00007FFF16901A00 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 19_2_00007FFF16901A00
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 19_2_00007FFF16913FA0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 19_2_00007FFF16913FA0
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 19_2_00007FFF16914570 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 19_2_00007FFF16914570
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 19_2_00007FFF1693A050 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 19_2_00007FFF1693A050
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 19_2_00007FFF1693A978 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 19_2_00007FFF1693A978
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 19_2_00007FFF16951F10 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 19_2_00007FFF16951F10
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 19_2_00007FFF16951940 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 19_2_00007FFF16951940
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 19_2_00007FFF169619A0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 19_2_00007FFF169619A0
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 19_2_00007FFF16961F70 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 19_2_00007FFF16961F70
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 19_2_00007FFF16DD1AF8 SetUnhandledExceptionFilter, 19_2_00007FFF16DD1AF8
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 19_2_00007FFF16DD0D0C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 19_2_00007FFF16DD0D0C
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 19_2_00007FFF16DD1910 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 19_2_00007FFF16DD1910
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 19_2_00007FFF16EA45E8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 19_2_00007FFF16EA45E8
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 19_2_00007FFF16EE14F0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 19_2_00007FFF16EE14F0
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 19_2_00007FFF16EE1AC0 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 19_2_00007FFF16EE1AC0
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 19_2_00007FFF170E1530 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 19_2_00007FFF170E1530
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 19_2_00007FFF170E1B00 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 19_2_00007FFF170E1B00
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 19_2_00007FFF17164D20 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 19_2_00007FFF17164D20
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 19_2_00007FFF171652F0 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 19_2_00007FFF171652F0
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 19_2_00007FFF17176254 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 19_2_00007FFF17176254
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 19_2_00007FFF17175CB0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 19_2_00007FFF17175CB0
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 19_2_00007FFF17200468 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 19_2_00007FFF17200468
Contains functionality to simulate keystroke presses
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 19_2_00007FFF16DCDCC0 _PyArg_ParseTuple_SizeT,PyEval_SaveThread,keybd_event,PyEval_RestoreThread,_Py_NoneStruct,_Py_NoneStruct, 19_2_00007FFF16DCDCC0
Contains functionality to simulate mouse events
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 19_2_00007FFF16DCDD60 _PyArg_ParseTuple_SizeT,PyEval_SaveThread,mouse_event,PyEval_RestoreThread,_Py_NoneStruct,_Py_NoneStruct, 19_2_00007FFF16DCDD60
Creates a process in suspended mode (likely to inject code)
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Process created: C:\Users\user\Downloads\actions_version_x32-64_full.exe "C:\Users\user\Downloads\actions_version_x32-64_full.exe" Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver" Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Process created: C:\Users\user\Downloads\actions_version_x32-64_full.exe "C:\Users\user\Downloads\actions_version_x32-64_full.exe" Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver" Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Process created: C:\Users\user\Downloads\actions_version_x32-64_full.exe "C:\Users\user\Downloads\actions_version_x32-64_full.exe" Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver" Jump to behavior
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome\Cipher VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome\Cipher VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome\Cipher VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome\Cipher VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome\Hash VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome\Hash VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome\Hash VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome\Hash VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome\Hash VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome\Hash VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome\PublicKey VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\Cryptodome\Util VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\pywin32_system32 VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\setuptools-65.5.0.dist-info VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\setuptools-65.5.0.dist-info VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\setuptools-65.5.0.dist-info VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\setuptools-65.5.0.dist-info VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\setuptools-65.5.0.dist-info VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\setuptools-65.5.0.dist-info VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\setuptools-65.5.0.dist-info VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\win32 VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\win32 VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482 VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482 VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482 VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482 VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482 VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482 VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\_bz2.pyd VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482 VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\_lzma.pyd VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482 VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\win32 VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\Pythonwin VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\libcrypto-1_1.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\psutil VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\Pythonwin VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\setuptools-65.5.0.dist-info VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\unicodedata.pyd VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\_lzma.pyd VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482 VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\win32 VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\win32 VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\Pythonwin VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\Pythonwin VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\pywin32_system32 VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482 VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\_socket.pyd VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482 VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\select.pyd VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482 VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\win32 VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\pywin32_system32 VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482 VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\win32 VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\Pythonwin VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482 VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\pyexpat.pyd VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482 VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482 VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\_queue.pyd VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482 VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\win32 VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\Pythonwin VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\pywin32_system32 VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482 VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\win32 VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\Pythonwin VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\pywin32_system32\pythoncom311.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482 VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\win32 VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\win32com VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\win32com VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482 VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\win32 VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\setuptools-65.5.0.dist-info VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\setuptools-65.5.0.dist-info VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\setuptools-65.5.0.dist-info VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\setuptools-65.5.0.dist-info VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\setuptools-65.5.0.dist-info VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\setuptools-65.5.0.dist-info VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482 VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482 VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\_ssl.pyd VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482 VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\_asyncio.pyd VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482 VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\_overlapped.pyd VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\tmp93t2a2df VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482\pywin32_system32 VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\Downloads\actions_version_x32-64_full.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68482 VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome\Cipher VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome\Cipher VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome\Cipher VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome\Cipher VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome\Cipher VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome\Cipher VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome\Cipher VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome\Cipher VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome\Cipher VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome\Cipher VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome\Hash VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome\Hash VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome\Hash VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome\Hash VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome\Hash VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome\Hash VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome\PublicKey VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome\PublicKey VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome\PublicKey VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI48922\Cryptodome\Util VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI48922\Pythonwin VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI48922\certifi VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI48922\charset_normalizer VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 4_2_00007FFF1878B330 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter, 4_2_00007FFF1878B330
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 19_2_00007FFF16DC4440 _PyArg_ParseTuple_SizeT,GetUserNameW,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,?PyWinObject_FromOLECHAR@@YAPEAU_object@@PEB_W@Z, 19_2_00007FFF16DC4440
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 19_2_00007FFF16DC6EB0 _PyArg_ParseTuple_SizeT,GetTimeZoneInformation,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,_Py_BuildValue_SizeT,?PyWinObject_FromSYSTEMTIME@@YAPEAU_object@@AEBU_SYSTEMTIME@@@Z,_Py_BuildValue_SizeT,?PyWinObject_FromSYSTEMTIME@@YAPEAU_object@@AEBU_SYSTEMTIME@@@Z,?PyWinObject_FromOLECHAR@@YAPEAU_object@@PEB_W@Z,?PyWinObject_FromOLECHAR@@YAPEAU_object@@PEB_W@Z,_Py_BuildValue_SizeT, 19_2_00007FFF16DC6EB0
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 19_2_00007FFF169318C0 PyModule_Create2,getenv,RtlGetVersion,GetSystemInfo,InitializeCriticalSection,PyModule_GetState,PyErr_NewException,_Py_Dealloc,PyErr_NewException,PyModule_AddObject,PyErr_NewException,PyModule_AddObject,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant, 19_2_00007FFF169318C0
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Source: C:\Users\user\Downloads\actions_version_x32-64_full.exe Code function: 19_2_00007FFF169528A8 bind,WSAGetLastError,bind,_Py_NoneStruct,PyExc_ValueError,PyErr_SetString, 19_2_00007FFF169528A8
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1430836 URL: https://c51k11nyj56k.pettis... Startdate: 24/04/2024 Architecture: WINDOWS Score: 56 77 tinyurl.com 2->77 9 chrome.exe 23 2->9         started        13 actions_version_x32-64_full.exe 102 2->13         started        16 actions_version_x32-64_full.exe 102 2->16         started        18 rundll32.exe 2->18         started        process3 dnsIp4 83 192.168.2.16, 138, 443, 49697 unknown unknown 9->83 85 239.255.255.250 unknown Reserved 9->85 57 ccec2550-b560-4d10-a7e4-c6a8ddaca766.tmp, PE32+ 9->57 dropped 59 C:\...\actions_version_x32-64_full.exe (copy), PE32+ 9->59 dropped 61 C:\Users\...\Unconfirmed 763581.crdownload, PE32+ 9->61 dropped 20 actions_version_x32-64_full.exe 102 9->20         started        24 chrome.exe 9->24         started        27 chrome.exe 9->27         started        63 C:\Users\user\AppData\Local\...\shell.pyd, PE32+ 13->63 dropped 71 73 other files (none is malicious) 13->71 dropped 97 Hides threads from debuggers 13->97 29 actions_version_x32-64_full.exe 6 13->29         started        65 C:\Users\user\AppData\Local\...\shell.pyd, PE32+ 16->65 dropped 67 C:\Users\user\AppData\...\win32trace.pyd, PE32+ 16->67 dropped 69 C:\Users\user\AppData\Local\...\win32api.pyd, PE32+ 16->69 dropped 73 71 other files (none is malicious) 16->73 dropped 31 actions_version_x32-64_full.exe 6 16->31         started        file5 signatures6 process7 dnsIp8 49 C:\Users\user\AppData\Local\...\shell.pyd, PE32+ 20->49 dropped 51 C:\Users\user\AppData\...\win32trace.pyd, PE32+ 20->51 dropped 53 C:\Users\user\AppData\Local\...\win32api.pyd, PE32+ 20->53 dropped 55 71 other files (none is malicious) 20->55 dropped 89 Contains functionality to infect the boot sector 20->89 91 Hides threads from debuggers 20->91 93 Found pyInstaller with non standard icon 20->93 95 Potentially malicious time measurement code found 20->95 33 actions_version_x32-64_full.exe 6 20->33         started        79 www.google.com 142.250.141.103, 443, 49702, 49719 GOOGLEUS United States 24->79 81 c51k11nyj56k.pettisville.sbs 104.21.91.122, 443, 49697, 49698 CLOUDFLARENETUS United States 24->81 37 cmd.exe 29->37         started        39 cmd.exe 31->39         started        file9 signatures10 process11 dnsIp12 75 tinyurl.com 172.67.1.225, 443, 49709, 49714 CLOUDFLARENETUS United States 33->75 87 Hides threads from debuggers 33->87 41 cmd.exe 1 33->41         started        43 conhost.exe 37->43         started        45 conhost.exe 39->45         started        signatures13 process14 process15 47 conhost.exe 41->47         started       
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
239.255.255.250
 unknown Reserved
unknown unknown false
172.67.1.225
 tinyurl.com United States
13335 CLOUDFLARENETUS false
142.250.141.103
 www.google.com United States
15169 GOOGLEUS false
104.21.91.122
 c51k11nyj56k.pettisville.sbs United States
13335 CLOUDFLARENETUS false

Private

IP
192.168.2.16

Contacted Domains

Name IP Active
tinyurl.com 172.67.1.225 true
www.google.com 142.250.141.103 true
c51k11nyj56k.pettisville.sbs 104.21.91.122 true

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://c51k11nyj56k.pettisville.sbs/lander/FileRotator_ID428/download.php false
    		unknown