Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
LexusXA Installer.msi

Overview

General Information

Sample name:LexusXA Installer.msi
Analysis ID:1565536
MD5:4a4cda00a1e1a32986cc1130d7db54ca
SHA1:57bd34c1c3372dd72d5c7ddcaa5bfb1dc387f4e2
SHA256:5d2ab1efe433963996b35b16231631e7a69a8f7c951b25009626111fbc23d560
Tags:msiStealeruser-kafan_shengui
Infos:

Detection

Score:32
Range:0 - 100
Whitelisted:false
Confidence:0%

Signatures

Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Creates an undocumented autostart registry key
Tries to harvest and steal browser information (history, passwords, etc)
Binary contains a suspicious time stamp
Checks for available system drives (often done to infect USB drives)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to communicate with device drivers
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Deletes files inside the Windows folder
Detected potential crypto function
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Extensive use of GetProcAddress (often used to hide API calls)
File is packed with WinRar
Found dropped PE file which has not been started or loaded
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains executable resources (Code or Archives)
PE file contains more sections than normal
PE file contains sections with non-standard names
PE file does not import any functions
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses code obfuscation techniques (call, push, ret)

Classification

  • System is w10x64
  • msiexec.exe (PID: 1368 cmdline: "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\LexusXA Installer.msi" MD5: E5DA170027542E25EDE42FC54C929077)
  • msiexec.exe (PID: 2108 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
    • msiexec.exe (PID: 2996 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 80745C949CFC24E358273D649EA9B511 C MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • msiexec.exe (PID: 2492 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding D0A27BFD503CBB4ECD262F85E025A5D0 MD5: 9D09DC1EDA745A5F87553048E57620CF)
  • LexusXA-installer-win_x64.exe (PID: 1072 cmdline: "C:\Program Files (x86)\LexusORG\LexusXA Installer\LexusXA-installer-win_x64.exe" MD5: 4A1316F8CF2A432B956BBB00E6AEB2B8)
    • LexusXA-installer-win_x64.tmp (PID: 2132 cmdline: "C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmp" /SL5="$2044C,19187169,794112,C:\Program Files (x86)\LexusORG\LexusXA Installer\LexusXA-installer-win_x64.exe" MD5: C8E01A284D740A1B8962C82CD10667C2)
      • version-iexpress-x64.exe (PID: 1228 cmdline: "C:\Users\user\AppData\Local\Programs\Lexus\version-iexpress-x64.exe" MD5: 18E2B102B1D60F32601C0A398B34301E)
        • version-checker-win-x64.exe (PID: 5980 cmdline: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe MD5: 5191B4E806CD706AF380B5995B602EAE)
          • version-checker-won-x64.exe (PID: 2144 cmdline: "C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe" MD5: A58F0BC8A2E552B1E03870D5326FF4DF)
            • version-checker-won-x64.exe (PID: 928 cmdline: "C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe" MD5: A58F0BC8A2E552B1E03870D5326FF4DF)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: C:\Program Files (x86)\LexusORG\LexusXA Installer\LexusXA-installer-win_x64.exeReversingLabs: Detection: 33%
Source: C:\Users\user\AppData\Local\Programs\Lexus\is-LOG4N.tmpReversingLabs: Detection: 37%
Source: C:\Users\user\AppData\Local\Programs\Lexus\version-iexpress-x64.exe (copy)ReversingLabs: Detection: 37%
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeReversingLabs: Detection: 41%
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeReversingLabs: Detection: 36%
Source: LexusXA Installer.msiReversingLabs: Detection: 18%
Source: LexusXA Installer.msiVirustotal: Detection: 11%Perma Link
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmpRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C3ED9554-CBB3-415C-8158-443CAC428D41}_is1Jump to behavior
Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1962475488.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1962750449.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wextract.pdb source: version-iexpress-x64.exe, 0000000A.00000000.1915420288.00007FF7CC9C9000.00000002.00000001.01000000.00000008.sdmp, version-iexpress-x64.exe, 0000000A.00000002.2071306434.00007FF7CC9C9000.00000002.00000001.01000000.00000008.sdmp
Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1960330766.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ucrtbase.pdb source: version-checker-won-x64.exe, 0000000D.00000002.2060138074.00007FFE01455000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: api-ms-win-core-memory-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1960887245.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb source: _decimal.pyd.12.dr
Source: Binary string: api-ms-win-core-debug-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1960080081.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1961783900.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1962302905.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1962835732.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: version-checker-won-x64.exe, 0000000D.00000002.2056183537.00007FFDF9E69000.00000002.00000001.01000000.0000001C.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: version-checker-won-x64.exe, 0000000C.00000003.1957144635.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2066115279.00007FFE13313000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-312\Release\pywintypes.pdb** source: version-checker-won-x64.exe, 0000000D.00000002.2058999517.00007FFE002A1000.00000002.00000001.01000000.00000037.sdmp
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-312\Release\win32crypt.pdb!! source: version-checker-won-x64.exe, 0000000D.00000002.2059256900.00007FFE00712000.00000002.00000001.01000000.00000036.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_multiprocessing.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1959047757.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-heap-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1960564952.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1957339046.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2065487704.00007FFE12E15000.00000002.00000001.01000000.00000017.sdmp
Source: Binary string: api-ms-win-core-util-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1961955049.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1961618337.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1962228941.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_ctypes.pdb source: version-checker-won-x64.exe, 0000000D.00000002.2065890283.00007FFE13211000.00000002.00000001.01000000.00000012.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1958719632.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2064719044.00007FFE11BC7000.00000002.00000001.01000000.0000001B.sdmp
Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1960154808.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb$$ source: _decimal.pyd.12.dr
Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1961127995.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-0.dll.12.dr
Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1959913414.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1960242326.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_asyncio.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1957466313.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2062840065.00007FFE101D8000.00000002.00000001.01000000.0000001F.sdmp
Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1962142068.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-convert-l1-1-0.dll.12.dr
Source: Binary string: D:\a\1\b\bin\amd64\pyexpat.pdb source: version-checker-won-x64.exe, 0000000D.00000002.2062308333.00007FFE0CFD2000.00000002.00000001.01000000.00000021.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1958900969.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2063199368.00007FFE1025C000.00000002.00000001.01000000.00000015.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1957714044.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2063435354.00007FFE1030E000.00000002.00000001.01000000.00000014.sdmp
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"OpenSSL 3.0.13 30 Jan 20243.0.13built on: Mon Feb 5 17:39:09 2024 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availableget_and_lock..\s\crypto\ex_data.cossl_crypto_get_ex_new_index_exossl_crypto_new_ex_data_exCRYPTO_dup_ex_dataCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8..\s\crypto\getenv.ccompiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificC:\Program Files\Common Files\SSLC:\Program Files\OpenSSL\lib\ossl-modules.dllCPUINFO: ..\s\crypto\init.cOPENSSL_init_cryptoOPENSSL_atexit..\s\crypto\initthread.c..\s\crypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL || WITHIN_ARENA(temp->next)assertion failed: (char **)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/*0123456789ABCDEFCRYPTO_memdup..\s\crypto\o_str.chexstr2buf_sepossl_hexstr2buf_sepbuf2hexstr_sepossl_buf2hexstr_sep..\s\crypto\packet.cwpacket_intern_init_lenWPACKET_start_sub_packet_len__..\s\crypto\param_build.cparam_pushparam_push_numOSSL_PARAM_BLD_push_BN_padNegative big numbers are unsupported for OSSL_PARAMOSSL_PARAM_BLD_push_utf8_stringOSSL_PARAM_BLD_push_utf8_ptrOSSL_PARAM_BLD_push_octet_stringOSSL_PARAM_BLD_
Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1961375118.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ucrtbase.pdbUGP source: version-checker-won-x64.exe, 0000000D.00000002.2060138074.00007FFE01455000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1959381736.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2064850176.00007FFE11BE9000.00000002.00000001.01000000.00000018.sdmp
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\AICustAct.pdb source: LexusXA Installer.msi, MSI2254.tmp.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdbGCTL source: version-checker-won-x64.exe, 0000000C.00000003.1957339046.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2065487704.00007FFE12E15000.00000002.00000001.01000000.00000017.sdmp
Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1963013495.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb source: version-checker-win-x64.exe, 0000000B.00000000.1929652033.0000000000E62000.00000002.00000001.01000000.00000009.sdmp, version-checker-win-x64.exe, 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\python312.pdb source: version-checker-won-x64.exe, 0000000D.00000002.2056908268.00007FFDFA3B1000.00000002.00000001.01000000.0000000F.sdmp
Source: Binary string: api-ms-win-core-handle-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1960491736.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1973523609.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2058593248.00007FFDFF27F000.00000002.00000001.01000000.00000024.sdmp
Source: Binary string: wextract.pdbGCTL source: version-iexpress-x64.exe, 0000000A.00000000.1915420288.00007FF7CC9C9000.00000002.00000001.01000000.00000008.sdmp, version-iexpress-x64.exe, 0000000A.00000002.2071306434.00007FF7CC9C9000.00000002.00000001.01000000.00000008.sdmp
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-312\Release\win32evtlog.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1975204597.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\libcrypto-3.pdb| source: version-checker-won-x64.exe, 0000000D.00000002.2056183537.00007FFDF9F01000.00000002.00000001.01000000.0000001C.sdmp
Source: Binary string: D:\a\1\b\libssl-3.pdbDD source: version-checker-won-x64.exe, 0000000D.00000002.2059871614.00007FFE01354000.00000002.00000001.01000000.0000001E.sdmp
Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1961701595.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-synch-l1-2-0.dll.12.dr
Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1961050706.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-312\Release\win32crypt.pdb source: version-checker-won-x64.exe, 0000000D.00000002.2059256900.00007FFE00712000.00000002.00000001.01000000.00000036.sdmp
Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1960001370.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_overlapped.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1959150635.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2064540196.00007FFE11BB6000.00000002.00000001.01000000.00000020.sdmp
Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1962046130.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1957144635.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2066115279.00007FFE13313000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\sqlite3.pdb source: version-checker-won-x64.exe, 0000000D.00000002.2058435733.00007FFDFAAA5000.00000002.00000001.01000000.00000023.sdmp
Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1962565963.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1960806630.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-312\Release\pywintypes.pdb source: version-checker-won-x64.exe, 0000000D.00000002.2058999517.00007FFE002A1000.00000002.00000001.01000000.00000037.sdmp
Source: Binary string: D:\a\1\b\libcrypto-3.pdb source: version-checker-won-x64.exe, 0000000D.00000002.2056183537.00007FFDF9F01000.00000002.00000001.01000000.0000001C.sdmp
Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1961297642.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1971640496.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2065222536.00007FFE120C3000.00000002.00000001.01000000.00000019.sdmp
Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1960967982.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp