Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
l4.exe

Overview

General Information

Sample name:l4.exe
Analysis ID:1610196
MD5:fdd35023de9f8049afc50e19742c3cb6
SHA1:2c5f8c05d79bcccf57f0a7c1180c06fc8d0a0ac3
SHA256:d7c96cabb5c6e07f7d037cc838a36f53ccfd20fca346d5d4bbac6f25884718f3
Tags:exeuser-aachum
Infos:

Detection

Score:52
Range:0 - 100
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Found pyInstaller with non standard icon
Binary contains a suspicious time stamp
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to detect virtual machines (SGDT)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
PE file does not import any functions
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • l4.exe (PID: 7344 cmdline: "C:\Users\user\Desktop\l4.exe" MD5: FDD35023DE9F8049AFC50E19742C3CB6)
    • conhost.exe (PID: 7352 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • l4.exe (PID: 7440 cmdline: "C:\Users\user\Desktop\l4.exe" MD5: FDD35023DE9F8049AFC50E19742C3CB6)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: l4.exeVirustotal: Detection: 30%Perma Link
Source: l4.exeReversingLabs: Detection: 29%
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB37A60 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_malloc,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,strncmp,CRYPTO_free,CRYPTO_free,OPENSSL_sk_new_null,CRYPTO_free,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_push,OPENSSL_sk_delete,OPENSSL_sk_num,OPENSSL_sk_push,CRYPTO_free,OPENSSL_sk_free,CRYPTO_free,OPENSSL_sk_free,2_2_00007FFDFAB37A60
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB3CD30 CRYPTO_free,CRYPTO_free,CRYPTO_free_ex_data,OPENSSL_LH_free,X509_STORE_free,CTLOG_STORE_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_secure_free,EVP_MD_get0_provider,EVP_MD_free,EVP_MD_get0_provider,EVP_MD_free,EVP_CIPHER_get0_provider,EVP_CIPHER_free,EVP_MD_get0_provider,EVP_MD_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_free,CRYPTO_free,2_2_00007FFDFAB3CD30
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB42410 ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_zalloc,CRYPTO_THREAD_lock_new,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,OPENSSL_sk_dup,X509_VERIFY_PARAM_new,X509_VERIFY_PARAM_inherit,CRYPTO_memdup,CRYPTO_memdup,CRYPTO_malloc,memcpy,CRYPTO_new_ex_data,2_2_00007FFDFAB42410
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB4FAF0 CRYPTO_malloc,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,X509_chain_up_ref,CRYPTO_strdup,CRYPTO_strdup,CRYPTO_dup_ex_data,CRYPTO_strdup,CRYPTO_memdup,CRYPTO_memdup,CRYPTO_strdup,CRYPTO_memdup,2_2_00007FFDFAB4FAF0
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB6FB00 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,2_2_00007FFDFAB6FB00
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB83A60 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,ERR_new,ERR_set_debug,EVP_PKEY_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,EVP_PKEY_free,2_2_00007FFDFAB83A60
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB69A60 ERR_new,ERR_set_debug,EVP_MD_CTX_get0_md,EVP_MD_get_size,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_memcmp,ERR_set_mark,ERR_pop_to_mark,ERR_new,ERR_set_debug,ERR_clear_last_mark,EVP_MD_CTX_get0_md,CRYPTO_memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,2_2_00007FFDFAB69A60
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB219E7 CRYPTO_free,2_2_00007FFDFAB219E7
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB21483 CRYPTO_free,CRYPTO_strndup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFDFAB21483
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB2155A ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,2_2_00007FFDFAB2155A
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB21582 CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,2_2_00007FFDFAB21582
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB81B9F CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,2_2_00007FFDFAB81B9F
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB4DBA0 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,_time64,CRYPTO_THREAD_lock_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_new_ex_data,CRYPTO_THREAD_lock_free,CRYPTO_free,2_2_00007FFDFAB4DBA0
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB35BB0 OPENSSL_sk_new,COMP_get_type,CRYPTO_malloc,OPENSSL_sk_push,CRYPTO_free,OPENSSL_sk_sort,2_2_00007FFDFAB35BB0
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB9BB70 OPENSSL_sk_new_null,ERR_new,ERR_set_debug,X509_new_ex,d2i_X509,CRYPTO_free,CRYPTO_memcmp,ERR_new,ERR_set_debug,OPENSSL_sk_push,OPENSSL_sk_num,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,X509_free,OPENSSL_sk_pop_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OPENSSL_sk_value,X509_get0_pubkey,ERR_new,ERR_set_debug,X509_free,OPENSSL_sk_shift,OPENSSL_sk_pop_free,ERR_new,ERR_set_debug,2_2_00007FFDFAB9BB70
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB45B90 CRYPTO_zalloc,CRYPTO_zalloc,OBJ_nid2sn,EVP_get_digestbyname,OBJ_nid2sn,EVP_get_digestbyname,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FFDFAB45B90
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB21E6A ERR_new,ERR_set_debug,CRYPTO_clear_free,2_2_00007FFDFAB21E6A
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB21654 EVP_MD_CTX_new,ERR_new,ERR_set_debug,X509_get0_pubkey,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get_id,EVP_PKEY_get_id,EVP_PKEY_get_id,ERR_new,EVP_MD_get0_name,EVP_DigestVerifyInit_ex,ERR_new,ERR_set_debug,CRYPTO_malloc,ERR_new,ERR_set_debug,BUF_reverse,EVP_PKEY_CTX_set_rsa_padding,EVP_PKEY_CTX_set_rsa_pss_saltlen,ERR_new,EVP_MD_CTX_ctrl,ERR_new,ERR_set_debug,ERR_new,EVP_DigestVerify,ERR_new,ERR_new,ERR_new,ERR_set_debug,BIO_free,EVP_MD_CTX_free,CRYPTO_free,2_2_00007FFDFAB21654
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB9B900 BN_bin2bn,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFDFAB9B900
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB2F910 ERR_new,ERR_set_debug,EVP_PKEY_CTX_new_from_pkey,CRYPTO_malloc,CRYPTO_malloc,EVP_PKEY_encapsulate,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_clear_free,CRYPTO_free,EVP_PKEY_CTX_free,2_2_00007FFDFAB2F910
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB538C0 CRYPTO_malloc,CRYPTO_realloc,ERR_new,ERR_set_debug,ERR_set_error,memset,OSSL_PARAM_locate_const,CRYPTO_strdup,ERR_new,ERR_set_debug,OSSL_PARAM_locate_const,CRYPTO_strdup,ERR_new,OSSL_PARAM_locate_const,OSSL_PARAM_locate_const,CRYPTO_strdup,ERR_new,OSSL_PARAM_locate_const,OSSL_PARAM_get_uint,OSSL_PARAM_locate_const,OSSL_PARAM_get_uint,ERR_new,OSSL_PARAM_locate_const,OSSL_PARAM_locate_const,OSSL_PARAM_get_int,OSSL_PARAM_locate_const,OSSL_PARAM_get_int,OSSL_PARAM_locate_const,OSSL_PARAM_get_int,ERR_set_mark,EVP_KEYMGMT_free,ERR_pop_to_mark,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FFDFAB538C0
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB213DE EVP_MD_CTX_new,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,EVP_MD_CTX_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get_security_bits,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_free,EVP_PKEY_get_bn_param,EVP_PKEY_get_bn_param,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,EVP_MD_CTX_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,EVP_MD_CTX_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,BN_num_bits,BN_num_bits,memset,BN_num_bits,BN_bn2bin,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_get0_name,EVP_DigestSignInit_ex,ERR_new,ERR_set_debug,EVP_PKEY_CTX_set_rsa_padding,EVP_PKEY_CTX_set_rsa_pss_saltlen,ERR_new,ERR_set_debug,EVP_DigestSign,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,EVP_MD_CTX_free,BN_free,BN_free,BN_free,BN_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFDFAB213DE
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB39870 CRYPTO_free,CRYPTO_strdup,2_2_00007FFDFAB39870
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB2589C BIO_get_data,BIO_get_init,BIO_clear_flags,BIO_set_init,CRYPTO_free,CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,BIO_set_init,BIO_clear_flags,BIO_get_data,BIO_set_shutdown,BIO_push,BIO_set_next,BIO_up_ref,BIO_set_init,2_2_00007FFDFAB2589C
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB8BA20 CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FFDFAB8BA20
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB21A41 CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,memcmp,ERR_new,ERR_set_debug,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFDFAB21A41
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB63A00 CRYPTO_free,CRYPTO_free,OPENSSL_cleanse,CRYPTO_free,CRYPTO_free,OPENSSL_cleanse,CRYPTO_free,CRYPTO_free,2_2_00007FFDFAB63A00
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB21A15 CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,2_2_00007FFDFAB21A15
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB211DB EVP_PKEY_free,X509_free,EVP_PKEY_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,X509_STORE_free,X509_STORE_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_free,2_2_00007FFDFAB211DB
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB71970 ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,CRYPTO_free,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,2_2_00007FFDFAB71970
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB2105F ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,CRYPTO_clear_free,CRYPTO_clear_free,2_2_00007FFDFAB2105F
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB6D980 RAND_bytes_ex,CRYPTO_malloc,memset,2_2_00007FFDFAB6D980
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB35F20 CRYPTO_THREAD_run_once,2_2_00007FFDFAB35F20
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB21C53 CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,2_2_00007FFDFAB21C53
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB3BF30 CRYPTO_memcmp,2_2_00007FFDFAB3BF30
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB83F30 ERR_new,ERR_set_debug,X509_get0_pubkey,EVP_PKEY_CTX_new_from_pkey,ERR_new,ERR_set_debug,CRYPTO_malloc,EVP_PKEY_encrypt_init,RAND_bytes_ex,EVP_MD_CTX_new,EVP_DigestInit,EVP_DigestUpdate,EVP_DigestUpdate,EVP_DigestFinal_ex,EVP_MD_CTX_free,EVP_PKEY_CTX_ctrl,EVP_PKEY_encrypt,EVP_PKEY_CTX_free,ERR_new,ERR_set_debug,EVP_PKEY_CTX_free,CRYPTO_clear_free,EVP_MD_CTX_free,2_2_00007FFDFAB83F30
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB8DF40 CRYPTO_malloc,ERR_new,ERR_set_debug,memcpy,2_2_00007FFDFAB8DF40
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB22680 CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,2_2_00007FFDFAB22680
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB25EE0 BIO_get_data,BIO_get_shutdown,BIO_get_init,BIO_clear_flags,BIO_set_init,CRYPTO_free,2_2_00007FFDFAB25EE0
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB2107D CRYPTO_free,2_2_00007FFDFAB2107D
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB23EB0 CRYPTO_free,2_2_00007FFDFAB23EB0
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB225DB CRYPTO_malloc,ERR_new,ERR_set_debug,memcpy,ERR_new,ERR_set_debug,2_2_00007FFDFAB225DB
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB2150F OPENSSL_sk_num,OPENSSL_sk_num,OPENSSL_sk_new_reserve,ERR_new,ERR_set_debug,ERR_set_error,OPENSSL_sk_value,X509_VERIFY_PARAM_get_depth,CRYPTO_dup_ex_data,X509_VERIFY_PARAM_inherit,OPENSSL_sk_dup,OPENSSL_sk_dup,2_2_00007FFDFAB2150F
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB22720 CRYPTO_free,CRYPTO_strdup,2_2_00007FFDFAB22720
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB2202C CRYPTO_free,2_2_00007FFDFAB2202C
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB46030 ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,EVP_MD_get_size,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_malloc,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,memcpy,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_insert,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,EVP_PKEY_free,EVP_PKEY_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,d2i_X509,X509_get0_pubkey,X509_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,X509_free,OPENSSL_sk_new_null,OPENSSL_sk_push,ERR_new,ERR_set_debug,ERR_set_error,X509_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,X509_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FFDFAB46030
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB223EC CRYPTO_free,CRYPTO_memdup,2_2_00007FFDFAB223EC
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB21019 ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFDFAB21019
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB2DFB5 CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFDFAB2DFB5
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB21B18 ERR_new,ERR_set_debug,memset,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,OPENSSL_cleanse,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_new,ERR_set_debug,OPENSSL_cleanse,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,CRYPTO_memcmp,ERR_new,ERR_new,2_2_00007FFDFAB21B18
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB45D20 CRYPTO_free,CRYPTO_free,2_2_00007FFDFAB45D20
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB21CEE CRYPTO_malloc,memset,memcpy,memcpy,CRYPTO_clear_free,CRYPTO_clear_free,CRYPTO_clear_free,CRYPTO_clear_free,OPENSSL_cleanse,2_2_00007FFDFAB21CEE
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB83D20 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,EVP_PKEY_free,2_2_00007FFDFAB83D20
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB22595 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,2_2_00007FFDFAB22595
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB35CB0 COMP_zlib,OPENSSL_sk_new,COMP_get_type,CRYPTO_malloc,COMP_get_name,OPENSSL_sk_push,CRYPTO_free,OPENSSL_sk_sort,2_2_00007FFDFAB35CB0
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB33CC0 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_THREAD_lock_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,2_2_00007FFDFAB33CC0
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB223F1 CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,2_2_00007FFDFAB223F1
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB25C9B CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,BIO_set_init,BIO_set_data,BIO_clear_flags,2_2_00007FFDFAB25C9B
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB8BE20 CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FFDFAB8BE20
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB22310 ERR_new,ERR_set_debug,_time64,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_new,EVP_MD_fetch,ERR_new,ERR_new,ERR_set_debug,EVP_MD_free,EVP_MD_get_size,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,EVP_MD_free,CRYPTO_free,2_2_00007FFDFAB22310
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB45E10 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_realloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_realloc,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FFDFAB45E10
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB2108C ERR_new,ERR_set_debug,CRYPTO_free,2_2_00007FFDFAB2108C
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB21D89 CRYPTO_free,CRYPTO_memdup,2_2_00007FFDFAB21D89
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB592E0 CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FFDFAB592E0
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB2111D CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_THREAD_lock_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,EVP_PKEY_up_ref,X509_up_ref,EVP_PKEY_up_ref,X509_chain_up_ref,CRYPTO_malloc,memcpy,CRYPTO_malloc,memcpy,ERR_new,ERR_set_debug,ERR_set_error,EVP_PKEY_free,X509_free,EVP_PKEY_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,X509_STORE_free,X509_STORE_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_free,ERR_new,CRYPTO_malloc,memcpy,CRYPTO_memdup,X509_STORE_up_ref,X509_STORE_up_ref,CRYPTO_strdup,2_2_00007FFDFAB2111D
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB2B300 CRYPTO_clear_free,2_2_00007FFDFAB2B300
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB217F8 EVP_MD_CTX_new,EVP_PKEY_new_raw_private_key_ex,EVP_DigestSignInit_ex,EVP_DigestSign,EVP_MD_CTX_free,EVP_PKEY_free,CRYPTO_memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,_time64,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_CTX_free,EVP_PKEY_free,ERR_new,ERR_set_debug,EVP_MD_CTX_free,EVP_PKEY_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFDFAB217F8
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB21677 CRYPTO_THREAD_write_lock,OPENSSL_LH_retrieve,OPENSSL_LH_delete,CRYPTO_THREAD_unlock,2_2_00007FFDFAB21677
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB2195B CRYPTO_zalloc,EVP_MAC_free,EVP_MAC_CTX_free,CRYPTO_free,2_2_00007FFDFAB2195B
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB21A32 CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,2_2_00007FFDFAB21A32
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB21F8C CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,2_2_00007FFDFAB21F8C
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB93260 CRYPTO_free,CRYPTO_memdup,2_2_00007FFDFAB93260
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB9B430 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_malloc,ERR_new,ERR_set_debug,EVP_PKEY_CTX_new_from_pkey,ERR_new,ERR_set_debug,EVP_PKEY_decrypt_init,EVP_PKEY_CTX_set_rsa_padding,OSSL_PARAM_construct_uint,OSSL_PARAM_construct_end,EVP_PKEY_CTX_set_params,EVP_PKEY_decrypt,OPENSSL_cleanse,ERR_new,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,EVP_PKEY_CTX_free,2_2_00007FFDFAB9B430
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB21444 EVP_MD_CTX_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_CTX_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,memcpy,2_2_00007FFDFAB21444
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB21997 ERR_new,ERR_set_debug,EVP_PKEY_CTX_new_from_pkey,CRYPTO_malloc,ERR_new,ERR_set_debug,EVP_PKEY_decapsulate,ERR_new,ERR_new,ERR_set_debug,CRYPTO_clear_free,EVP_PKEY_CTX_free,2_2_00007FFDFAB21997
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB2D3CA CRYPTO_free,2_2_00007FFDFAB2D3CA
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB69120 CRYPTO_malloc,ERR_new,ERR_set_debug,2_2_00007FFDFAB69120
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB211A9 EVP_MAC_CTX_free,CRYPTO_free,2_2_00007FFDFAB211A9
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB214CE CRYPTO_free,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,2_2_00007FFDFAB214CE
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB630A0 CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,2_2_00007FFDFAB630A0
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB221DF CRYPTO_memcmp,2_2_00007FFDFAB221DF
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB22374 CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFDFAB22374
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB550D8 EVP_MAC_CTX_free,CRYPTO_free,2_2_00007FFDFAB550D8
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB85070 BN_num_bits,BN_bn2bin,CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFDFAB85070
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB4F070 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,_time64,CRYPTO_THREAD_lock_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_new_ex_data,CRYPTO_THREAD_lock_free,ERR_new,ERR_set_debug,memcpy,2_2_00007FFDFAB4F070
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB9B070 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_strndup,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_memdup,OPENSSL_cleanse,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFDFAB9B070
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB49080 CRYPTO_free,EVP_PKEY_free,CRYPTO_free,2_2_00007FFDFAB49080
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB2D227 CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FFDFAB2D227
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB87230 CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,2_2_00007FFDFAB87230
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB21B90 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,2_2_00007FFDFAB21B90
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB21262 X509_free,EVP_PKEY_free,OPENSSL_sk_pop_free,CRYPTO_free,2_2_00007FFDFAB21262
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB21A23 BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,CRYPTO_strdup,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,2_2_00007FFDFAB21A23
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB2F160 CRYPTO_free,CRYPTO_memdup,2_2_00007FFDFAB2F160
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB81170 ERR_new,ERR_set_debug,CRYPTO_clear_free,2_2_00007FFDFAB81170
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB4D170 CRYPTO_THREAD_write_lock,OPENSSL_sk_new_null,OPENSSL_LH_delete,OPENSSL_sk_push,OPENSSL_LH_set_down_load,CRYPTO_THREAD_unlock,OPENSSL_sk_pop_free,2_2_00007FFDFAB4D170
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB21023 ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,2_2_00007FFDFAB21023
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB71750 CRYPTO_free,CRYPTO_memdup,2_2_00007FFDFAB71750
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB212CB CRYPTO_THREAD_run_once,2_2_00007FFDFAB212CB
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB656D0 CRYPTO_free,2_2_00007FFDFAB656D0
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB8B660 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,2_2_00007FFDFAB8B660
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB37840 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,2_2_00007FFDFAB37840
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB21087 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_THREAD_run_once,CRYPTO_THREAD_run_once,2_2_00007FFDFAB21087
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB957FE CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFDFAB957FE
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB817A1 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,2_2_00007FFDFAB817A1
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB777A0 CRYPTO_malloc,CRYPTO_malloc,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FFDFAB777A0
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB211BD CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,memcpy,CRYPTO_free,CRYPTO_free,2_2_00007FFDFAB211BD
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB2193D CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FFDFAB2193D
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB714E0 CRYPTO_memcmp,2_2_00007FFDFAB714E0
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB21992 ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_zalloc,CRYPTO_THREAD_lock_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_strdup,OPENSSL_LH_new,X509_STORE_new,CTLOG_STORE_new_ex,OPENSSL_sk_num,X509_VERIFY_PARAM_new,OPENSSL_sk_new_null,OPENSSL_sk_new_null,CRYPTO_new_ex_data,CRYPTO_secure_zalloc,RAND_bytes_ex,RAND_priv_bytes_ex,RAND_priv_bytes_ex,RAND_priv_bytes_ex,ERR_new,ERR_set_debug,2_2_00007FFDFAB21992
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB4D510 CRYPTO_free_ex_data,OPENSSL_cleanse,OPENSSL_cleanse,X509_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_clear_free,2_2_00007FFDFAB4D510
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB21EDD CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,OPENSSL_sk_find,CRYPTO_free,ERR_new,ERR_set_debug,OPENSSL_sk_push,CRYPTO_free,ERR_new,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FFDFAB21EDD
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB22126 memcpy,CRYPTO_THREAD_read_lock,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,memcmp,ERR_new,ERR_set_debug,_time64,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFDFAB22126
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB21393 OSSL_PROVIDER_do_all,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,memcpy,2_2_00007FFDFAB21393
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB93480 CRYPTO_free,CRYPTO_strndup,2_2_00007FFDFAB93480
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB31620 CRYPTO_free,CRYPTO_strndup,2_2_00007FFDFAB31620
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB2F650 EVP_PKEY_CTX_new_from_pkey,EVP_PKEY_derive_set_peer,EVP_PKEY_is_a,CRYPTO_malloc,ERR_new,ERR_set_debug,EVP_PKEY_derive,ERR_new,ERR_new,ERR_set_debug,CRYPTO_clear_free,EVP_PKEY_CTX_free,ERR_new,ERR_set_debug,2_2_00007FFDFAB2F650
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB93650 CRYPTO_malloc,ERR_new,ERR_set_debug,EVP_CIPHER_CTX_new,ERR_new,ERR_new,ERR_new,ERR_set_debug,EVP_CIPHER_fetch,EVP_CIPHER_get_iv_length,RAND_bytes_ex,EVP_CIPHER_free,EVP_EncryptUpdate,EVP_EncryptFinal,ERR_new,ERR_new,CRYPTO_free,EVP_CIPHER_CTX_free,ERR_new,ERR_new,ERR_set_debug,EVP_CIPHER_CTX_get_iv_length,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,EVP_CIPHER_CTX_free,2_2_00007FFDFAB93650
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB21181 CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FFDFAB21181
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB22379 CRYPTO_free,2_2_00007FFDFAB22379
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB2110E EVP_PKEY_free,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_CTX_new,ERR_new,ERR_set_debug,EVP_DigestVerifyInit_ex,ERR_new,ERR_set_debug,ERR_new,CRYPTO_free,ERR_new,ERR_set_debug,EVP_MD_CTX_free,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_CTX_free,2_2_00007FFDFAB2110E
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB22469 CRYPTO_memcmp,ERR_new,ERR_set_debug,memchr,ERR_new,CRYPTO_free,CRYPTO_free,CRYPTO_strndup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFDFAB22469
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB221E9 ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,memcpy,ERR_new,ERR_set_debug,2_2_00007FFDFAB221E9
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB77570 CRYPTO_realloc,2_2_00007FFDFAB77570
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB220F4 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FFDFAB220F4
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB21460 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,BIO_snprintf,2_2_00007FFDFAB21460
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB36B20 CRYPTO_THREAD_run_once,OPENSSL_sk_find,OPENSSL_sk_value,EVP_CIPHER_fetch,EVP_CIPHER_get_flags,2_2_00007FFDFAB36B20
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB24B30 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FFDFAB24B30
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB3EB48 CRYPTO_free,2_2_00007FFDFAB3EB48
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB4EB10 CRYPTO_THREAD_write_lock,OPENSSL_LH_retrieve,OPENSSL_LH_delete,CRYPTO_THREAD_unlock,2_2_00007FFDFAB4EB10
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB2114F CRYPTO_free,ERR_new,ERR_set_debug,2_2_00007FFDFAB2114F
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB84C40 ERR_new,ERR_set_debug,X509_get0_pubkey,ERR_new,ERR_set_debug,CRYPTO_malloc,ERR_new,ERR_set_debug,RAND_bytes_ex,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_CTX_new_from_pkey,EVP_PKEY_encrypt_init,EVP_PKEY_encrypt,EVP_PKEY_encrypt,EVP_PKEY_CTX_free,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_clear_free,EVP_PKEY_CTX_free,2_2_00007FFDFAB84C40
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB21AB4 CRYPTO_free,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,2_2_00007FFDFAB21AB4
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB24C00 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FFDFAB24C00
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB6EC10 CRYPTO_free,2_2_00007FFDFAB6EC10
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB21A0F ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_CIPHER_CTX_get0_cipher,EVP_CIPHER_get_flags,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_CTX_get0_md,EVP_MD_get_size,CRYPTO_memcmp,ERR_set_mark,ERR_clear_last_mark,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_pop_to_mark,ERR_clear_last_mark,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,EVP_MD_CTX_get0_md,CRYPTO_memcmp,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,strncmp,strncmp,strncmp,strncmp,strncmp,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,2_2_00007FFDFAB21A0F
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB6E920 CRYPTO_free,2_2_00007FFDFAB6E920
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB34930 CRYPTO_get_ex_new_index,2_2_00007FFDFAB34930
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB21EE2 CRYPTO_free,CRYPTO_strndup,CRYPTO_free,OPENSSL_cleanse,_time64,memcpy,EVP_MD_get0_name,EVP_MD_is_a,ERR_new,ERR_set_debug,OPENSSL_cleanse,ERR_new,OPENSSL_cleanse,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_new,EVP_MD_get_size,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,2_2_00007FFDFAB21EE2
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB8C8E0 CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,memcpy,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FFDFAB8C8E0
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB9A8F0 EVP_PKEY_CTX_new_from_pkey,ERR_new,ERR_set_debug,EVP_PKEY_decrypt_init,ERR_new,ERR_set_debug,X509_get0_pubkey,ERR_clear_error,ASN1_item_d2i,ASN1_TYPE_get,ERR_new,ERR_set_debug,EVP_PKEY_decrypt,ERR_new,EVP_PKEY_CTX_ctrl,ERR_new,ERR_new,ERR_set_debug,EVP_PKEY_CTX_free,ASN1_item_free,2_2_00007FFDFAB9A8F0
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB2139D memcpy,CRYPTO_THREAD_read_lock,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,2_2_00007FFDFAB2139D
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB226B2 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_strdup,2_2_00007FFDFAB226B2
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB6E8C0 CRYPTO_free,2_2_00007FFDFAB6E8C0
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB84860 ERR_new,ERR_set_debug,memset,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_memdup,CRYPTO_strdup,CRYPTO_free,CRYPTO_free,ERR_new,ERR_new,ERR_set_debug,OPENSSL_cleanse,OPENSSL_cleanse,CRYPTO_clear_free,CRYPTO_clear_free,2_2_00007FFDFAB84860
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB98870 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OPENSSL_sk_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_num,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_num,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OPENSSL_sk_free,OPENSSL_sk_dup,OPENSSL_sk_free,OPENSSL_sk_dup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_num,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_free,ERR_new,ERR_set_debug,OPENSSL_sk_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,2_2_00007FFDFAB98870
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB21A05 ERR_new,ERR_set_debug,ERR_set_error,ASN1_item_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,memcpy,_time64,X509_free,memcpy,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,ASN1_item_free,2_2_00007FFDFAB21A05
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB21492 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,2_2_00007FFDFAB21492
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB62A50 SRP_Calc_u_ex,BN_num_bits,CRYPTO_malloc,ERR_new,ERR_set_debug,BN_bn2bin,BN_clear_free,BN_clear_free,2_2_00007FFDFAB62A50
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB224EB CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,2_2_00007FFDFAB224EB
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB789F0 CRYPTO_free,CRYPTO_memdup,2_2_00007FFDFAB789F0
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB21893 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_strdup,ERR_new,ERR_set_debug,2_2_00007FFDFAB21893
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB217DF ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_realloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_realloc,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FFDFAB217DF
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB2204F CRYPTO_free,CRYPTO_malloc,ERR_new,RAND_bytes_ex,ERR_new,ERR_new,ERR_new,ERR_new,ERR_set_debug,2_2_00007FFDFAB2204F
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB22185 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,CRYPTO_free,ERR_new,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,2_2_00007FFDFAB22185
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB34990 i2d_X509_NAME,i2d_X509_NAME,memcmp,CRYPTO_free,CRYPTO_free,2_2_00007FFDFAB34990
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB92EE0 CRYPTO_memcmp,2_2_00007FFDFAB92EE0
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB2CEA0 CRYPTO_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_clear_free,CRYPTO_free,CRYPTO_free,EVP_PKEY_free,EVP_PKEY_free,CRYPTO_free,CRYPTO_free,memset,CRYPTO_free,2_2_00007FFDFAB2CEA0
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB217E9 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcmp,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcmp,ERR_new,CRYPTO_memdup,ERR_new,ERR_new,ERR_new,ERR_set_debug,2_2_00007FFDFAB217E9
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB2236A CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,memcpy,CRYPTO_free,CRYPTO_free,2_2_00007FFDFAB2236A
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB68E90 CRYPTO_malloc,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,2_2_00007FFDFAB68E90
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB2117C _time64,OPENSSL_LH_retrieve,OPENSSL_LH_delete,CRYPTO_THREAD_unlock,2_2_00007FFDFAB2117C
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB22117 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,2_2_00007FFDFAB22117
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB220E5 CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFDFAB220E5
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB24FD0 CRYPTO_free,2_2_00007FFDFAB24FD0
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB22144 EVP_CIPHER_get_mode,EVP_CIPHER_get_mode,EVP_CIPHER_get_iv_length,EVP_CIPHER_get_key_length,CRYPTO_malloc,ERR_new,ERR_set_debug,2_2_00007FFDFAB22144
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB2136B ERR_new,ERR_set_debug,CRYPTO_THREAD_read_lock,CRYPTO_THREAD_unlock,ERR_new,ERR_set_debug,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,memset,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFDFAB2136B
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB68D40 OPENSSL_cleanse,CRYPTO_free,2_2_00007FFDFAB68D40
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB21CBC EVP_MD_get_size,ERR_new,ERR_set_debug,RAND_bytes_ex,ERR_new,ERR_set_debug,_time64,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFDFAB21CBC
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB78CA0 CRYPTO_free,CRYPTO_strndup,2_2_00007FFDFAB78CA0
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB2257C ERR_new,ERR_set_debug,CRYPTO_free,BIO_clear_flags,BIO_set_flags,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,OPENSSL_cleanse,2_2_00007FFDFAB2257C
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB6EC70 CRYPTO_free,2_2_00007FFDFAB6EC70
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB68C80 CRYPTO_free,2_2_00007FFDFAB68C80
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB222D9 CRYPTO_malloc,CONF_parse_list,CRYPTO_memdup,CRYPTO_free,CRYPTO_free,2_2_00007FFDFAB222D9
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB21811 CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,2_2_00007FFDFAB21811
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB3EDC1 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,BUF_MEM_free,EVP_MD_CTX_free,X509_free,X509_VERIFY_PARAM_move_peername,CRYPTO_free,2_2_00007FFDFAB3EDC1
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB21B54 memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,memcmp,EVP_CIPHER_CTX_free,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcmp,memcmp,ERR_new,ERR_set_debug,memcpy,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,2_2_00007FFDFAB21B54
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB3EDC1 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,BUF_MEM_free,EVP_MD_CTX_free,X509_free,X509_VERIFY_PARAM_move_peername,CRYPTO_free,2_2_00007FFDFAB3EDC1
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB21771 CRYPTO_free,2_2_00007FFDFAB21771
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB2222F ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_clear_free,2_2_00007FFDFAB2222F
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB80330 CRYPTO_free,CRYPTO_strndup,2_2_00007FFDFAB80330
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB21B31 CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFDFAB21B31
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB24300 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FFDFAB24300
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB3E427 CRYPTO_THREAD_write_lock,2_2_00007FFDFAB3E427
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB2198D CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,2_2_00007FFDFAB2198D
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB223DD EVP_MD_get_size,EVP_CIPHER_get_iv_length,EVP_CIPHER_get_key_length,CRYPTO_clear_free,CRYPTO_malloc,ERR_new,ERR_set_debug,2_2_00007FFDFAB223DD
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB21D93 EVP_CIPHER_CTX_free,EVP_CIPHER_CTX_free,EVP_CIPHER_CTX_free,CRYPTO_zalloc,EVP_MAC_CTX_free,EVP_MAC_free,CRYPTO_free,EVP_CIPHER_CTX_free,EVP_MAC_fetch,EVP_MAC_CTX_new,EVP_MAC_free,EVP_CIPHER_CTX_new,EVP_CIPHER_fetch,OSSL_PARAM_construct_utf8_string,OSSL_PARAM_construct_end,EVP_MAC_init,EVP_DecryptInit_ex,EVP_CIPHER_free,EVP_CIPHER_free,EVP_CIPHER_free,EVP_MAC_CTX_get_mac_size,EVP_CIPHER_CTX_get_iv_length,EVP_MAC_final,CRYPTO_memcmp,CRYPTO_malloc,CRYPTO_free,CRYPTO_free,memcpy,ERR_clear_error,CRYPTO_free,EVP_CIPHER_CTX_free,EVP_MAC_CTX_free,CRYPTO_free,2_2_00007FFDFAB21D93
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB843C0 EVP_MD_CTX_new,EVP_DigestInit,EVP_DigestUpdate,EVP_DigestUpdate,EVP_DigestFinal_ex,EVP_MD_CTX_free,CRYPTO_malloc,EVP_PKEY_CTX_ctrl,EVP_PKEY_encrypt,EVP_PKEY_CTX_free,ERR_new,ERR_set_debug,EVP_PKEY_CTX_free,CRYPTO_clear_free,ERR_new,ERR_set_debug,2_2_00007FFDFAB843C0
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB8A3D0 ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,CRYPTO_strndup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFDFAB8A3D0
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB32360 CRYPTO_THREAD_run_once,2_2_00007FFDFAB32360
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB78390 CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FFDFAB78390
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB219DD BN_copy,BN_free,BN_dup,BN_copy,BN_free,BN_dup,BN_copy,BN_free,BN_dup,BN_copy,BN_free,CRYPTO_free,CRYPTO_strdup,2_2_00007FFDFAB219DD
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB21361 CRYPTO_malloc,EVP_PKEY_set_type,EVP_PKEY_CTX_new_from_pkey,EVP_PKEY_CTX_free,ERR_pop_to_mark,CRYPTO_free,EVP_PKEY_free,2_2_00007FFDFAB21361
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB24100 CRYPTO_free,2_2_00007FFDFAB24100
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB420A0 memcpy,CRYPTO_THREAD_read_lock,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock,2_2_00007FFDFAB420A0
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB800A0 CRYPTO_free,CRYPTO_memdup,2_2_00007FFDFAB800A0
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB2E0AD ERR_set_debug,CRYPTO_free,CRYPTO_strdup,ERR_new,2_2_00007FFDFAB2E0AD
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB780C0 CRYPTO_memdup,CRYPTO_memdup,CRYPTO_memdup,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FFDFAB780C0
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB3C080 CRYPTO_free,CRYPTO_memdup,2_2_00007FFDFAB3C080
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB22527 CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFDFAB22527
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB21389 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FFDFAB21389
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB6E200 CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFDFAB6E200
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB215E6 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,memcpy,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,memcpy,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FFDFAB215E6
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB21F55 CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,2_2_00007FFDFAB21F55
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB6E190 CRYPTO_free,2_2_00007FFDFAB6E190
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB216A4 CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFDFAB216A4
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB2103C CRYPTO_malloc,COMP_expand_block,2_2_00007FFDFAB2103C
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB6E700 CRYPTO_free,2_2_00007FFDFAB6E700
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB2120D EVP_PKEY_free,EVP_PKEY_free,CRYPTO_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_clear_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,memset,2_2_00007FFDFAB2120D
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB626B0 ERR_new,ERR_set_debug,BN_num_bits,CRYPTO_malloc,ERR_new,ERR_set_debug,BN_bn2bin,ERR_new,ERR_set_debug,BN_clear_free,BN_clear_free,CRYPTO_clear_free,ERR_new,ERR_set_debug,BN_clear_free,BN_clear_free,BN_clear_free,2_2_00007FFDFAB626B0
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB3A6D0 CRYPTO_free,CRYPTO_free,OPENSSL_sk_pop_free,CRYPTO_free,2_2_00007FFDFAB3A6D0
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB64660 CRYPTO_malloc,memset,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,2_2_00007FFDFAB64660
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB2162C EVP_MD_CTX_new,ERR_new,ERR_set_debug,ERR_new,EVP_MD_get0_name,EVP_DigestSignInit_ex,ERR_new,ERR_set_debug,EVP_PKEY_CTX_set_rsa_padding,EVP_PKEY_CTX_set_rsa_pss_saltlen,ERR_new,EVP_DigestSignUpdate,EVP_DigestSignFinal,CRYPTO_malloc,EVP_DigestSignFinal,ERR_new,ERR_new,EVP_DigestSign,ERR_new,CRYPTO_malloc,EVP_DigestSign,BUF_reverse,ERR_new,CRYPTO_free,EVP_MD_CTX_free,ERR_new,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,EVP_MD_CTX_free,2_2_00007FFDFAB2162C
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB22423 CRYPTO_zalloc,CRYPTO_zalloc,OBJ_nid2sn,EVP_get_digestbyname,OBJ_nid2sn,EVP_get_digestbyname,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FFDFAB22423
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB21CA3 CRYPTO_strdup,CRYPTO_free,2_2_00007FFDFAB21CA3
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB225F4 CRYPTO_malloc,ERR_new,ERR_set_debug,memcpy,memcpy,memcmp,memcmp,memcmp,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_clear_free,2_2_00007FFDFAB225F4
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB21F3C CRYPTO_malloc,ERR_new,ERR_set_debug,2_2_00007FFDFAB21F3C
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB21401 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,2_2_00007FFDFAB21401
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB21F28 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_strdup,2_2_00007FFDFAB21F28
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB6E781 CRYPTO_free,CRYPTO_free,2_2_00007FFDFAB6E781
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB34530 OPENSSL_sk_num,X509_STORE_CTX_new_ex,ERR_new,ERR_set_debug,ERR_set_error,OPENSSL_sk_value,X509_STORE_CTX_init,ERR_new,ERR_set_debug,ERR_set_error,X509_STORE_CTX_free,X509_STORE_CTX_set_flags,CRYPTO_THREAD_run_once,X509_STORE_CTX_set_ex_data,OPENSSL_sk_num,X509_STORE_CTX_set0_dane,X509_STORE_CTX_set_default,X509_VERIFY_PARAM_set1,X509_STORE_CTX_set_verify_cb,X509_verify_cert,X509_STORE_CTX_get_error,OPENSSL_sk_pop_free,X509_STORE_CTX_get0_chain,X509_STORE_CTX_get1_chain,ERR_new,ERR_set_debug,ERR_set_error,X509_VERIFY_PARAM_move_peername,X509_STORE_CTX_free,2_2_00007FFDFAB34530
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB96550 CRYPTO_memcmp,2_2_00007FFDFAB96550
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB21ACD ERR_new,ERR_set_debug,CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,memcpy,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,memcpy,ERR_new,memcpy,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,2_2_00007FFDFAB21ACD
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB226E4 BIO_s_file,BIO_new,ERR_new,ERR_set_debug,BIO_ctrl,ERR_new,ERR_set_debug,strncmp,ERR_new,ERR_set_debug,strncmp,CRYPTO_realloc,memcpy,CRYPTO_free,CRYPTO_free,CRYPTO_free,PEM_read_bio,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,BIO_free,2_2_00007FFDFAB226E4
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB21AC3 CRYPTO_THREAD_read_lock,CRYPTO_THREAD_unlock,2_2_00007FFDFAB21AC3
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB218B6 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FFDFAB218B6
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB54490 CRYPTO_realloc,memcpy,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FFDFAB54490
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB78620 CRYPTO_memcmp,2_2_00007FFDFAB78620
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB224CD CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,memcpy,2_2_00007FFDFAB224CD
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB21212 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,2_2_00007FFDFAB21212
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB86650 EVP_CIPHER_CTX_free,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,2_2_00007FFDFAB86650
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB213D9 OPENSSL_sk_new_null,ERR_new,ERR_set_debug,X509_new_ex,d2i_X509,CRYPTO_free,OPENSSL_sk_push,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_new,ERR_set_debug,X509_free,OPENSSL_sk_pop_free,2_2_00007FFDFAB213D9
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB405E0 X509_VERIFY_PARAM_free,CRYPTO_free_ex_data,BIO_pop,BIO_free,BIO_free_all,BIO_free_all,BUF_MEM_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,SCT_LIST_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,EVP_MD_CTX_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,ASYNC_WAIT_CTX_free,CRYPTO_free,OPENSSL_sk_free,CRYPTO_THREAD_lock_free,CRYPTO_free,2_2_00007FFDFAB405E0
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB285A0 CRYPTO_zalloc,CRYPTO_free,2_2_00007FFDFAB285A0
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB21488 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FFDFAB21488
Source: l4.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: l4.exe, 00000000.00000003.1667270569.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-runtime-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: l4.exe, 00000000.00000003.1664617672.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l1-2-0.dll.0.dr
Source: Binary string: ucrtbase.pdb source: l4.exe, 00000002.00000002.1751146044.00007FFDFB861000.00000002.00000001.01000000.00000004.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb source: _decimal.pyd.0.dr
Source: Binary string: api-ms-win-core-debug-l1-1-0.pdb source: l4.exe, 00000000.00000003.1664340433.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: l4.exe, 00000000.00000003.1665934166.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-sysinfo-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: l4.exe, 00000000.00000003.1666809497.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-filesystem-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-memory-l1-1-0.pdbGCTL source: l4.exe, 00000000.00000003.1665158353.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdbGCTL source: l4.exe, 00000000.00000003.1666900470.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-heap-l1-1-0.pdb source: l4.exe, 00000000.00000003.1664857372.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-heap-l1-1-0.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: l4.exe, 00000000.00000003.1662378215.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.1752711439.00007FFE130C5000.00000002.00000001.01000000.0000000F.sdmp, VCRUNTIME140_1.dll.0.dr
Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: l4.exe, 00000000.00000003.1666678581.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdbGCTL source: l4.exe, 00000000.00000003.1666809497.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-filesystem-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: l4.exe, 00000000.00000003.1665389142.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-time-l1-1-0.pdbGCTL source: l4.exe, 00000000.00000003.1667609890.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-time-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: l4.exe, 00000000.00000003.1664192735.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdbGCTL source: l4.exe, 00000000.00000003.1666313733.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdbGCTL source: l4.exe, 00000000.00000003.1665308021.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: l4.exe, 00000000.00000003.1663702832.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.1751733196.00007FFE1025C000.00000002.00000001.01000000.00000014.sdmp
Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: l4.exe, 00000000.00000003.1665557217.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-profile-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-file-l1-1-0.pdbGCTL source: l4.exe, 00000000.00000003.1664490045.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdbGCTL source: l4.exe, 00000000.00000003.1666678581.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: l4.exe, 00000000.00000003.1667609890.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-time-l1-1-0.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\python312.pdb source: l4.exe, 00000002.00000002.1750271218.00007FFDFB4F2000.00000002.00000001.01000000.00000005.sdmp
Source: Binary string: api-ms-win-core-handle-l1-1-0.pdb source: l4.exe, 00000000.00000003.1664778255.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdbGCTL source: l4.exe, 00000000.00000003.1665934166.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-sysinfo-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: l4.exe, 00000000.00000003.1665858579.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: l4.exe, 00000000.00000003.1665308021.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: l4.exe, 00000000.00000003.1662172375.000001A65B8AF000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.1753184819.00007FFE1A463000.00000002.00000001.01000000.00000006.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: l4.exe, 00000000.00000003.1665080815.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-localization-l1-2-0.dll.0.dr
Source: Binary string: api-ms-win-core-string-l1-1-0.pdbGCTL source: l4.exe, 00000000.00000003.1665710373.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-string-l1-1-0.pdbGCTL source: l4.exe, 00000000.00000003.1667490682.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: l4.exe, 00000000.00000003.1665477020.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-1.dll.0.dr
Source: Binary string: api-ms-win-core-debug-l1-1-0.pdbGCTL source: l4.exe, 00000000.00000003.1664340433.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdbGCTL source: l4.exe, 00000000.00000003.1665005466.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-localization-l1-2-0.pdbGCTL source: l4.exe, 00000000.00000003.1665080815.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-localization-l1-2-0.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: l4.exe, 00000000.00000003.1678665035.000001A65B8B8000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.1753056075.00007FFE148E3000.00000002.00000001.01000000.00000009.sdmp, select.pyd.0.dr
Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: l4.exe, 00000000.00000003.1665231198.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: l4.exe, 00000000.00000003.1665634754.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-rtlsupport-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-console-l1-1-0.pdbGCTL source: l4.exe, 00000000.00000003.1664192735.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: l4.exe, 00000000.00000003.1667185506.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-process-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdbGCTL source: l4.exe, 00000000.00000003.1667727010.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: bcrypt_rust.pdb source: _bcrypt.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb source: l4.exe, 00000000.00000003.1664119386.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.1752824254.00007FFE13304000.00000002.00000001.01000000.0000000E.sdmp, _wmi.pyd.0.dr
Source: Binary string: api-ms-win-core-synch-l1-1-0.pdbGCTL source: l4.exe, 00000000.00000003.1665786403.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-synch-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: l4.exe, 00000000.00000003.1664933294.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-interlocked-l1-1-0.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb''&GCTL source: l4.exe, 00000000.00000003.1664119386.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.1752824254.00007FFE13304000.00000002.00000001.01000000.0000000E.sdmp, _wmi.pyd.0.dr
Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdbGCTL source: l4.exe, 00000000.00000003.1665634754.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-rtlsupport-l1-1-0.dll.0.dr
Source: Binary string: D:\a\1\b\libssl-3.pdb source: l4.exe, 00000002.00000002.1749231529.00007FFDFABA5000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: l4.exe, 00000000.00000003.1666900470.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-string-l1-1-0.pdb source: l4.exe, 00000000.00000003.1667490682.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: l4.exe, 00000002.00000002.1752349351.00007FFE11ECD000.00000002.00000001.01000000.0000000A.sdmp, _ssl.pyd.0.dr
Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: l4.exe, 00000000.00000003.1667012024.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-locale-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-memory-l1-1-0.pdb source: l4.exe, 00000000.00000003.1665158353.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"OpenSSL 3.0.15 3 Sep 20243.0.15built on: Wed Sep 4 15:52:04 2024 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availableget_and_lock..\s\crypto\ex_data.cossl_crypto_get_ex_new_index_exossl_crypto_new_ex_data_exCRYPTO_dup_ex_dataCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8..\s\crypto\getenv.ccompiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificC:\Program Files\Common Files\SSLC:\Program Files\OpenSSL\lib\ossl-modules.dllCPUINFO: ..\s\crypto\init.cOPENSSL_init_cryptoOPENSSL_atexit..\s\crypto\initthread.c..\s\crypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL || WITHIN_ARENA(temp->next)assertion failed: (char **)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/*0123456789ABCDEFCRYPTO_memdup..\s\crypto\o_str.chexstr2buf_sepossl_hexstr2buf_sepbuf2hexstr_sepossl_buf2hexstr_sep..\s\crypto\packet.cwpacket_intern_init_lenWPACKET_start_sub_packet_len__..\s\crypto\param_build.cparam_pushparam_push_numOSSL_PARAM_BLD_push_BN_padNegative big numbers are unsupported for OSSL_PARAMOSSL_PARAM_BLD_push_utf8_stringOSSL_PARAM_BLD_push_utf8_ptrOSSL_PARAM_BLD_push_octet_stringOSSL_PARAM_BLD_p
Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: l4.exe, 00000000.00000003.1667366788.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-stdio-l1-1-0.dll.0.dr
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: l4.exe, 00000002.00000002.1749752791.00007FFDFAFA2000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: l4.exe, 00000000.00000003.1662172375.000001A65B8AF000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.1753184819.00007FFE1A463000.00000002.00000001.01000000.00000006.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: api-ms-win-core-util-l1-1-0.pdb source: l4.exe, 00000000.00000003.1666424498.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-util-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: l4.exe, 00000000.00000003.1665786403.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-synch-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-heap-l1-1-0.pdbGCTL source: l4.exe, 00000000.00000003.1664857372.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-heap-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-math-l1-1-0.pdbGCTL source: l4.exe, 00000000.00000003.1667094228.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-math-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-handle-l1-1-0.pdbGCTL source: l4.exe, 00000000.00000003.1664778255.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: l4.exe, 00000000.00000003.1664414890.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: l4.exe, 00000000.00000003.1663593875.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.1752243191.00007FFE11EA7000.00000002.00000001.01000000.00000011.sdmp, _hashlib.pyd.0.dr
Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdbGCTL source: l4.exe, 00000000.00000003.1665389142.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb$$ source: _decimal.pyd.0.dr
Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: l4.exe, 00000000.00000003.1664490045.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-synch-l1-2-0.pdbGCTL source: l4.exe, 00000000.00000003.1665858579.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-process-l1-1-0.pdbGCTL source: l4.exe, 00000000.00000003.1667185506.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-process-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: l4.exe, 00000000.00000003.1666585929.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-convert-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-util-l1-1-0.pdbGCTL source: l4.exe, 00000000.00000003.1666424498.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-util-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdbGCTL source: l4.exe, 00000000.00000003.1664265546.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-datetime-l1-1-0.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: l4.exe, 00000000.00000003.1662773946.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.1752132595.00007FFE1151E000.00000002.00000001.01000000.00000013.sdmp
Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdbGCTL source: l4.exe, 00000000.00000003.1664414890.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ucrtbase.pdbUGP source: l4.exe, 00000002.00000002.1751146044.00007FFDFB861000.00000002.00000001.01000000.00000004.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: l4.exe, 00000000.00000003.1663889108.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.1752941055.00007FFE13339000.00000002.00000001.01000000.00000008.sdmp, _socket.pyd.0.dr
Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdbGCTL source: l4.exe, 00000000.00000003.1667366788.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-stdio-l1-1-0.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdbGCTL source: l4.exe, 00000000.00000003.1662378215.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.1752711439.00007FFE130C5000.00000002.00000001.01000000.0000000F.sdmp, VCRUNTIME140_1.dll.0.dr
Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdbGCTL source: l4.exe, 00000000.00000003.1666585929.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-convert-l1-1-0.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: l4.exe, 00000000.00000003.1680601791.000001A65B8B8000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1680761556.000001A65B8BF000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.1748648572.00007FFDFAA3F000.00000002.00000001.01000000.00000017.sdmp
Source: Binary string: D:\a\1\b\libcrypto-3.pdb| source: l4.exe, 00000002.00000002.1749752791.00007FFDFB03A000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: D:\a\1\b\libssl-3.pdbDD source: l4.exe, 00000002.00000002.1749231529.00007FFDFABA5000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: api-ms-win-core-file-l1-2-0.pdbGCTL source: l4.exe, 00000000.00000003.1664617672.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l1-2-0.dll.0.dr
Source: Binary string: api-ms-win-core-profile-l1-1-0.pdbGCTL source: l4.exe, 00000000.00000003.1665557217.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-profile-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: l4.exe, 00000000.00000003.1664265546.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-datetime-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: l4.exe, 00000000.00000003.1666507684.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-conio-l1-1-0.dll.0.dr
Source: Binary string: bcrypt_rust.pdbD source: _bcrypt.pyd.0.dr
Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: l4.exe, 00000000.00000003.1667094228.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-math-l1-1-0.dll.0.dr
Source: Binary string: D:\a\1\b\libcrypto-3.pdb source: l4.exe, 00000002.00000002.1749752791.00007FFDFB03A000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdbGCTL source: l4.exe, 00000000.00000003.1664933294.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-interlocked-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdbGCTL source: l4.exe, 00000000.00000003.1667012024.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-locale-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: l4.exe, 00000000.00000003.1667727010.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: l4.exe, 00000000.00000003.1666313733.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-string-l1-1-0.pdb source: l4.exe, 00000000.00000003.1665710373.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-file-l2-1-0.pdb source: l4.exe, 00000000.00000003.1664703216.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: l4.exe, 00000000.00000003.1663702832.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.1751733196.00007FFE1025C000.00000002.00000001.01000000.00000014.sdmp
Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: l4.exe, 00000000.00000003.1665005466.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: l4.exe, 00000000.00000003.1663813261.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.1752597769.00007FFE12E13000.00000002.00000001.01000000.00000012.sdmp
Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdbGCTL source: l4.exe, 00000000.00000003.1665231198.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdbGCTL source: l4.exe, 00000000.00000003.1667270569.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-runtime-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdbGCTL source: l4.exe, 00000000.00000003.1665477020.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-1.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\python3.pdb source: l4.exe, 00000000.00000003.1675951876.000001A65B8B8000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.1737929140.0000027149340000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdbGCTL source: l4.exe, 00000000.00000003.1666507684.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-conio-l1-1-0.dll.0.dr
Source: C:\Users\user\Desktop\l4.exeCode function: 0_2_00007FF7C28587E0 FindFirstFileExW,FindClose,0_2_00007FF7C28587E0
Source: C:\Users\user\Desktop\l4.exeCode function: 0_2_00007FF7C2857810 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00007FF7C2857810
Source: C:\Users\user\Desktop\l4.exeCode function: 0_2_00007FF7C2872A84 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF7C2872A84
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FF7C28587E0 FindFirstFileExW,FindClose,2_2_00007FF7C28587E0
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FF7C2872A84 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,2_2_00007FF7C2872A84
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FF7C2857810 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,2_2_00007FF7C2857810
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFB81EFEC FindFirstFileExW,FindClose,FindNextFileW,2_2_00007FFDFB81EFEC
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFB7F2DFC FindFirstFileExW,2_2_00007FFDFB7F2DFC
Source: Joe Sandbox ViewIP Address: 185.199.108.133 185.199.108.133
Source: Joe Sandbox ViewIP Address: 185.199.108.133 185.199.108.133
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: raw.githubusercontent.com
Source: l4.exe, 00000002.00000002.1747746639.000002714BC58000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://.../back.jpeg
Source: l4.exe, 00000002.00000002.1749054059.00007FFDFAAA6000.00000002.00000001.01000000.0000000D.sdmp, _brotli.cp312-win_amd64.pyd.0.drString found in binary or memory: http://.css
Source: l4.exe, 00000002.00000002.1749054059.00007FFDFAAA6000.00000002.00000001.01000000.0000000D.sdmp, _brotli.cp312-win_amd64.pyd.0.drString found in binary or memory: http://.jpg
Source: l4.exe, 00000000.00000003.1676041090.000001A65B8B2000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1680761556.000001A65B8B2000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1663813261.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1673977206.000001A65B8B2000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1673977206.000001A65B8BF000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1676041090.000001A65B8BF000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1663702832.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1678665035.000001A65B8B8000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1664119386.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1673920400.000001A65B8BF000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1680601791.000001A65B8B8000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1675675652.000001A65B8B2000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1675616269.000001A65B8B8000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1675675652.000001A65B8BF000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1675951876.000001A65B8B8000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1664001701.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1663434984.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1678719453.000001A65B8B2000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1680761556.000001A65B8BF000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1678719453.000001A65B8BF000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1663593875.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: l4.exe, 00000000.00000003.1676041090.000001A65B8B2000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1680761556.000001A65B8B2000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1677111697.000001A65B8B8000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1663813261.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1673977206.000001A65B8BF000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1676041090.000001A65B8BF000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1663702832.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1678665035.000001A65B8B8000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1664119386.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1673920400.000001A65B8BF000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1680601791.000001A65B8B8000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1675616269.000001A65B8B8000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1675675652.000001A65B8BF000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1675951876.000001A65B8B8000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1664001701.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1663434984.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1678719453.000001A65B8B2000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1673920400.000001A65B8BA000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1663593875.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1662773946.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1677135135.000001A65B8B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: l4.exe, 00000000.00000003.1676041090.000001A65B8B2000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1680761556.000001A65B8B2000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1677111697.000001A65B8B8000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1663813261.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1673977206.000001A65B8B2000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1676041090.000001A65B8BF000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1663702832.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1678665035.000001A65B8B8000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1664119386.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1680601791.000001A65B8B8000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1675675652.000001A65B8B2000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1675951876.000001A65B8B8000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1664001701.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1663434984.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1663593875.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1662773946.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1663889108.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: l4.exe, 00000000.00000003.1676041090.000001A65B8B2000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1680761556.000001A65B8B2000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1677111697.000001A65B8B8000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1663813261.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1673977206.000001A65B8B2000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1676041090.000001A65B8BF000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1663702832.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1678665035.000001A65B8B8000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1664119386.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1680601791.000001A65B8B8000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1675675652.000001A65B8B2000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1675616269.000001A65B8B8000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1675675652.000001A65B8BF000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1675951876.000001A65B8B8000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1664001701.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1663434984.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1678719453.000001A65B8B2000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1680761556.000001A65B8BF000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1673920400.000001A65B8BA000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1677135135.000001A65B8BF000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1678719453.000001A65B8BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: l4.exe, 00000002.00000003.1720684406.000002714B2BA000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720070639.000002714B221000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722801710.000002714B32F000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720786535.000002714B2EB000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722214200.000002714B2EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://code.activestate.com/recipes/577452-a-memoize-decorator-for-instance-methods/
Source: l4.exe, 00000002.00000003.1733105029.000002714B99A000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722996334.000002714B740000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1724858254.000002714B93B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1724072681.000002714B751000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725687556.000002714B957000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720919198.000002714B99A000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725384469.000002714B948000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.1747329841.000002714B97A000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720919198.000002714B93B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1732708978.000002714B97A000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725242111.000002714B947000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1726259282.000002714B97A000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720533373.000002714B73A000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1719898604.000002714B93B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725950348.000002714B979000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722489125.000002714B73A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.certigna.fr/certignarootca.crl01
Source: l4.exe, 00000002.00000003.1733674202.000002714B1EC000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722467432.000002714B1DA000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722741757.000002714B1E9000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1721758644.000002714B1C6000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725210564.000002714B1EB000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720684406.000002714B2BA000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1726523386.000002714B33A000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1723845811.000002714B330000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.1744991581.000002714B1EC000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720070639.000002714B221000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722801710.000002714B32F000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720786535.000002714B2EB000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722214200.000002714B2EC000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722894366.000002714B330000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1724681727.000002714B331000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: l4.exe, 00000002.00000002.1740158479.0000027149476000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1719898604.000002714B910000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1728233551.0000027149472000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1721865040.000002714946F000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1731088017.0000027149473000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1724858254.000002714B938000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1721693912.0000027149464000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720919198.000002714B910000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl
Source: l4.exe, 00000002.00000003.1722996334.000002714B740000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1724072681.000002714B751000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720533373.000002714B73A000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722489125.000002714B73A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl0
Source: l4.exe, 00000002.00000003.1719898604.000002714B910000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1724858254.000002714B938000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720919198.000002714B910000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crlB
Source: l4.exe, 00000002.00000002.1740158479.0000027149476000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1728233551.0000027149472000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1721865040.000002714946F000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1731088017.0000027149473000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1721693912.0000027149464000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crlKq
Source: l4.exe, 00000002.00000003.1724858254.000002714B93B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725687556.000002714B957000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725384469.000002714B948000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.1747329841.000002714B97A000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720919198.000002714B93B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1732708978.000002714B97A000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725242111.000002714B947000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1726259282.000002714B97A000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1719898604.000002714B93B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725950348.000002714B979000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl
Source: l4.exe, 00000002.00000003.1724858254.000002714B93B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725687556.000002714B957000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725384469.000002714B948000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.1747329841.000002714B97A000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720919198.000002714B93B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1732708978.000002714B97A000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725242111.000002714B947000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1726259282.000002714B97A000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1719898604.000002714B93B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725950348.000002714B979000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl(
Source: l4.exe, 00000002.00000003.1733105029.000002714B99A000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720919198.000002714B99A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl0
Source: l4.exe, 00000002.00000003.1722996334.000002714B740000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1724072681.000002714B751000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720533373.000002714B73A000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722489125.000002714B73A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl_
Source: l4.exe, 00000002.00000003.1725670603.000002714B91B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1719898604.000002714B910000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720919198.000002714B910000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl
Source: l4.exe, 00000002.00000003.1722489125.000002714B7A9000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1723415697.000002714B7C5000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1726765587.000002714B7E8000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1723898598.000002714B7E6000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725712727.000002714B7E7000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722996334.000002714B7A9000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720533373.000002714B7A9000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1724580221.000002714B7E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl0
Source: l4.exe, 00000002.00000003.1725670603.000002714B91B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1719898604.000002714B910000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720919198.000002714B910000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl
Source: l4.exe, 00000002.00000003.1722489125.000002714B7A9000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1723415697.000002714B7C5000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1726765587.000002714B7E8000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1723898598.000002714B7E6000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725712727.000002714B7E7000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722996334.000002714B7A9000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720533373.000002714B7A9000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1724580221.000002714B7E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl0
Source: l4.exe, 00000002.00000003.1725670603.000002714B91B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1719898604.000002714B910000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720919198.000002714B910000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl
Source: l4.exe, 00000002.00000003.1720684406.000002714B2BA000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1726523386.000002714B33A000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1723845811.000002714B330000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720070639.000002714B221000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722801710.000002714B32F000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720786535.000002714B2EB000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722214200.000002714B2EC000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722894366.000002714B330000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1724681727.000002714B331000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
Source: l4.exe, 00000000.00000003.1676041090.000001A65B8B2000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1680761556.000001A65B8B2000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1677111697.000001A65B8B8000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1663813261.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1673977206.000001A65B8B2000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1673977206.000001A65B8BF000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1676041090.000001A65B8BF000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1663702832.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1678665035.000001A65B8B8000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1664119386.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1673920400.000001A65B8BF000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1680601791.000001A65B8B8000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1675675652.000001A65B8B2000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1675616269.000001A65B8B8000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1675675652.000001A65B8BF000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1675951876.000001A65B8B8000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1664001701.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1663434984.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1678719453.000001A65B8B2000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1680761556.000001A65B8BF000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1677135135.000001A65B8BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: l4.exe, 00000000.00000003.1676041090.000001A65B8B2000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1680761556.000001A65B8B2000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1677111697.000001A65B8B8000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1663813261.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1673977206.000001A65B8BF000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1676041090.000001A65B8BF000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1663702832.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1678665035.000001A65B8B8000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1664119386.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1673920400.000001A65B8BF000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1680601791.000001A65B8B8000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1675675652.000001A65B8B2000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1675616269.000001A65B8B8000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1675675652.000001A65B8BF000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1675951876.000001A65B8B8000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1664001701.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1663434984.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1678719453.000001A65B8B2000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1673920400.000001A65B8BA000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1663593875.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1662773946.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: l4.exe, 00000000.00000003.1676041090.000001A65B8B2000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1680761556.000001A65B8B2000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1677111697.000001A65B8B8000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1663813261.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1673977206.000001A65B8B2000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1676041090.000001A65B8BF000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1663702832.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1678665035.000001A65B8B8000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1664119386.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1680601791.000001A65B8B8000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1675675652.000001A65B8B2000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1675951876.000001A65B8B8000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1664001701.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1663434984.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1663593875.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1662773946.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1663889108.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: _hashlib.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: l4.exe, 00000000.00000003.1663813261.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeS
Source: l4.exe, 00000000.00000003.1676041090.000001A65B8B2000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1680761556.000001A65B8B2000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1677111697.000001A65B8B8000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1663813261.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1673977206.000001A65B8BF000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1676041090.000001A65B8BF000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1663702832.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1678665035.000001A65B8B8000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1664119386.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1673920400.000001A65B8BF000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1680601791.000001A65B8B8000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1675675652.000001A65B8B2000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1675616269.000001A65B8B8000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1675675652.000001A65B8BF000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1675951876.000001A65B8B8000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1664001701.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1663434984.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1678719453.000001A65B8B2000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1673920400.000001A65B8BA000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1663593875.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1662773946.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: l4.exe, 00000002.00000002.1747746639.000002714BC04000.00000004.00001000.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1727424361.000002714B760000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722996334.000002714B740000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1724072681.000002714B751000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1726783359.000002714B75D000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1736661708.000002714B760000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720533373.000002714B73A000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722489125.000002714B73A000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.1746417560.000002714B762000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://curl.haxx.se/rfc/cookie_spec.html
Source: l4.exe, 00000002.00000003.1722894366.000002714B360000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.1745702138.000002714B2F4000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725327239.000002714B2EE000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722801710.000002714B360000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720786535.000002714B360000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1726887219.000002714B2EF000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720684406.000002714B2BA000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725082539.000002714B374000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1727749915.000002714B379000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1728671213.000002714B2EF000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1734010974.000002714B2F4000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720070639.000002714B221000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720786535.000002714B2EB000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722214200.000002714B2EC000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1723770552.000002714B373000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/
Source: l4.exe, 00000002.00000003.1722894366.000002714B360000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725175449.000002714B37C000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722801710.000002714B360000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720786535.000002714B360000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725082539.000002714B374000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1723770552.000002714B373000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/mail/
Source: l4.exe, 00000002.00000003.1722894366.000002714B360000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.1745479111.000002714B2D3000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722801710.000002714B360000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720786535.000002714B360000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720684406.000002714B2BA000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1691281716.000002714B2CC000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725082539.000002714B374000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1724228913.000002714B2BB000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725100760.000002714B2C9000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1691094855.000002714B360000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1727668730.000002714B2CC000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720070639.000002714B221000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1723607324.000002714B2BB000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1723770552.000002714B373000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535
Source: l4.exe, 00000002.00000002.1749054059.00007FFDFAAA6000.00000002.00000001.01000000.0000000D.sdmp, _brotli.cp312-win_amd64.pyd.0.drString found in binary or memory: http://html4/loose.dtd
Source: l4.exe, 00000002.00000003.1724858254.000002714B93B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725687556.000002714B957000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725384469.000002714B948000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720919198.000002714B93B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725242111.000002714B947000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1719898604.000002714B93B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es
Source: l4.exe, 00000002.00000003.1724858254.000002714B93B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725687556.000002714B957000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725384469.000002714B948000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720919198.000002714B93B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725242111.000002714B947000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1719898604.000002714B93B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es0
Source: l4.exe, 00000002.00000003.1724858254.000002714B93B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725687556.000002714B957000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725384469.000002714B948000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720919198.000002714B93B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725242111.000002714B947000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1719898604.000002714B93B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.esf5
Source: l4.exe, 00000000.00000003.1676041090.000001A65B8B2000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1680761556.000001A65B8B2000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1677111697.000001A65B8B8000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1663813261.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1673977206.000001A65B8BF000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1676041090.000001A65B8BF000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1663702832.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1678665035.000001A65B8B8000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1664119386.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1673920400.000001A65B8BF000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1680601791.000001A65B8B8000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1675616269.000001A65B8B8000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1675675652.000001A65B8BF000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1675951876.000001A65B8B8000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1664001701.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1663434984.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1678719453.000001A65B8B2000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1673920400.000001A65B8BA000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1663593875.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1662773946.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1677135135.000001A65B8B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
Source: l4.exe, 00000000.00000003.1676041090.000001A65B8B2000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1680761556.000001A65B8B2000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1677111697.000001A65B8B8000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1663813261.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1673977206.000001A65B8B2000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1676041090.000001A65B8BF000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1663702832.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1678665035.000001A65B8B8000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1664119386.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1680601791.000001A65B8B8000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1675675652.000001A65B8B2000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1675616269.000001A65B8B8000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1675675652.000001A65B8BF000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1675951876.000001A65B8B8000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1664001701.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1663434984.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1678719453.000001A65B8B2000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1680761556.000001A65B8BF000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1673920400.000001A65B8BA000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1677135135.000001A65B8BF000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1678719453.000001A65B8BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
Source: l4.exe, 00000000.00000003.1676041090.000001A65B8B2000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1680761556.000001A65B8B2000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1677111697.000001A65B8B8000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1663813261.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1673977206.000001A65B8B2000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1673977206.000001A65B8BF000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1676041090.000001A65B8BF000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1663702832.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1678665035.000001A65B8B8000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1664119386.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1673920400.000001A65B8BF000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1680601791.000001A65B8B8000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1675675652.000001A65B8B2000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1675616269.000001A65B8B8000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1675675652.000001A65B8BF000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1675951876.000001A65B8B8000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1664001701.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1663434984.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1678719453.000001A65B8B2000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1680761556.000001A65B8BF000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1677135135.000001A65B8BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
Source: l4.exe, 00000000.00000003.1676041090.000001A65B8B2000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1680761556.000001A65B8B2000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1677111697.000001A65B8B8000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1663813261.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1673977206.000001A65B8B2000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1676041090.000001A65B8BF000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1663702832.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1678665035.000001A65B8B8000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1664119386.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1680601791.000001A65B8B8000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1675675652.000001A65B8B2000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1675951876.000001A65B8B8000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1664001701.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1663434984.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1663593875.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1662773946.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1663889108.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0X
Source: l4.exe, 00000000.00000003.1673308329.000001A65B8B5000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: http://python-hyper.org/en/latest/contributing.html
Source: l4.exe, 00000002.00000003.1722894366.000002714B360000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722801710.000002714B360000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720786535.000002714B360000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.1747230152.000002714B924000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720684406.000002714B2BA000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725082539.000002714B374000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1724228913.000002714B2BB000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725670603.000002714B91B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.1740158479.0000027149476000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725100760.000002714B2C9000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1719898604.000002714B910000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1728233551.0000027149472000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1721865040.000002714946F000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.1745851796.000002714B375000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720070639.000002714B221000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1731088017.0000027149473000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1721693912.0000027149464000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1723607324.000002714B2BB000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720919198.000002714B910000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1723770552.000002714B373000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/
Source: l4.exe, 00000002.00000003.1722894366.000002714B360000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722801710.000002714B360000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720786535.000002714B360000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725082539.000002714B374000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.1745851796.000002714B375000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1723770552.000002714B373000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/0
Source: l4.exe, 00000002.00000002.1740158479.0000027149476000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1728233551.0000027149472000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1721865040.000002714946F000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1731088017.0000027149473000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1721693912.0000027149464000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/e
Source: l4.exe, 00000002.00000002.1747746639.000002714BC04000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc6125#section-6.4.3
Source: l4.exe, 00000002.00000003.1724858254.000002714B93B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725687556.000002714B957000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725384469.000002714B948000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720919198.000002714B93B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725242111.000002714B947000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1719898604.000002714B93B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
Source: l4.exe, 00000002.00000003.1735602908.000002714B912000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1719898604.000002714B910000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1727089726.000002714B911000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720919198.000002714B910000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl
Source: l4.exe, 00000002.00000003.1724858254.000002714B93B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725687556.000002714B957000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725384469.000002714B948000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720919198.000002714B93B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725242111.000002714B947000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1719898604.000002714B93B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
Source: l4.exe, 00000002.00000003.1735602908.000002714B912000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1719898604.000002714B910000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1727089726.000002714B911000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720919198.000002714B910000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl?v
Source: l4.exe, 00000002.00000002.1747257043.000002714B942000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1724858254.000002714B93B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725384469.000002714B93B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720919198.000002714B93B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1719898604.000002714B93B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm
Source: l4.exe, 00000002.00000003.1724858254.000002714B93B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725687556.000002714B957000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725384469.000002714B948000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720919198.000002714B93B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725242111.000002714B947000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1719898604.000002714B93B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm0U
Source: l4.exe, 00000002.00000002.1747257043.000002714B942000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1724858254.000002714B93B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725384469.000002714B93B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725687556.000002714B957000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725384469.000002714B948000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720919198.000002714B93B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725242111.000002714B947000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1719898604.000002714B93B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es00
Source: l4.exe, 00000002.00000003.1726045721.000002714B97B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1721075648.000002714B708000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1724858254.000002714B93B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725687556.000002714B957000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725384469.000002714B948000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720919198.000002714B93B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1727352428.000002714B70A000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725242111.000002714B947000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1719898604.000002714B93B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725950348.000002714B979000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/
Source: l4.exe, 00000000.00000003.1676041090.000001A65B8B2000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1680761556.000001A65B8B2000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1677111697.000001A65B8B8000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1663813261.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1673977206.000001A65B8BF000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1676041090.000001A65B8BF000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1663702832.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1678665035.000001A65B8B8000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1664119386.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1673920400.000001A65B8BF000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1680601791.000001A65B8B8000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1675616269.000001A65B8B8000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1675675652.000001A65B8BF000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1675951876.000001A65B8B8000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1664001701.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1663434984.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1678719453.000001A65B8B2000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1673920400.000001A65B8BA000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1663593875.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1662773946.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1677135135.000001A65B8B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
Source: l4.exe, 00000002.00000003.1724037004.000002714B31E000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.1747464275.000002714B9BB000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1719898604.000002714B9BA000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720684406.000002714B2BA000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725635542.000002714B9BB000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725566781.000002714B320000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1727607401.000002714B327000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1724195001.000002714B9BA000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720070639.000002714B221000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720786535.000002714B2EB000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722214200.000002714B2EC000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722894366.000002714B314000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.firmaprofesional.com/cps0
Source: l4.exe, 00000002.00000003.1722894366.000002714B360000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.1745874410.000002714B37D000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725175449.000002714B37C000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722801710.000002714B360000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720786535.000002714B360000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1727749915.000002714B37D000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1691094855.000002714B346000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720684406.000002714B2BA000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1733206918.000002714B349000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725082539.000002714B374000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1723436832.000002714B347000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1691094855.000002714B360000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1691094855.000002714B2FB000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720070639.000002714B221000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722801710.000002714B32F000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720786535.000002714B2EB000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1691480512.000002714B37C000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722214200.000002714B2EC000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722894366.000002714B330000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1723770552.000002714B373000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6
Source: l4.exe, 00000002.00000003.1735665684.000002714B232000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.1745322366.000002714B23B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1723680474.000002714B22D000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725044874.000002714B22E000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720070639.000002714B221000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1737351145.000002714B237000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1729659043.000002714B22E000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722961650.000002714B228000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps
Source: l4.exe, 00000002.00000002.1747230152.000002714B924000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725670603.000002714B91B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1719898604.000002714B910000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720919198.000002714B910000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps0
Source: l4.exe, 00000002.00000003.1735665684.000002714B232000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.1745322366.000002714B23B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1723680474.000002714B22D000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725044874.000002714B22E000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720070639.000002714B221000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1737351145.000002714B237000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1729659043.000002714B22E000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722961650.000002714B228000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cpsVY
Source: l4.exe, 00000002.00000003.1727424361.000002714B760000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722996334.000002714B740000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1724072681.000002714B751000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1726783359.000002714B75D000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1736661708.000002714B760000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.1746182677.000002714B680000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720533373.000002714B73A000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722489125.000002714B73A000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.1746417560.000002714B762000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wwwsearch.sf.net/):
Source: l4.exe, 00000000.00000003.1673308329.000001A65B8B5000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://codecov.io/gh/python-hyper/h2
Source: l4.exe, 00000000.00000003.1673308329.000001A65B8B5000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://codecov.io/gh/python-hyper/h2/branch/master/graph/badge.svg
Source: l4.exe, 00000000.00000003.1669978459.000001A65B8B5000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://cryptography.io
Source: METADATA.0.drString found in binary or memory: https://cryptography.io/
Source: l4.exe, 00000000.00000003.1669978459.000001A65B8B5000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://cryptography.io/en/latest/changelog/
Source: l4.exe, 00000000.00000003.1669978459.000001A65B8B5000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://cryptography.io/en/latest/installation/
Source: l4.exe, 00000000.00000003.1669978459.000001A65B8B5000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://cryptography.io/en/latest/security/
Source: l4.exe, 00000002.00000003.1732934331.000002714B1D3000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.1744836882.000002714B1D3000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1721758644.000002714B1C6000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1723481238.000002714B1D1000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1727316143.000002714B1D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64
Source: l4.exe, 00000002.00000002.1740446424.000002714ACBC000.00000004.00001000.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1688070617.000002714AD95000.00000004.00000020.00020000.00000000.sdmp, base_library.zip.0.drString found in binary or memory: https://docs.python.org/3/howto/mro.html.
Source: l4.exe, 00000002.00000002.1740446424.000002714AC40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.ExecutionLoader.get_filename
Source: l4.exe, 00000002.00000002.1740446424.000002714ACBC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_code
Source: l4.exe, 00000002.00000002.1740446424.000002714ACBC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_source
Source: l4.exe, 00000002.00000002.1740446424.000002714ACBC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.is_package
Source: l4.exe, 00000002.00000002.1740446424.000002714AC40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.create_module
Source: l4.exe, 00000002.00000002.1743830453.000002714AF80000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.exec_module
Source: l4.exe, 00000002.00000002.1743830453.000002714AF80000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.MetaPathFinder.invalidate_caches
Source: l4.exe, 00000002.00000002.1740446424.000002714ACBC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.PathEntryFinder.find_spec
Source: l4.exe, 00000002.00000003.1729030069.000002714948E000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1735747303.0000027149490000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1733602397.0000027149490000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722695078.000002714948D000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.1740276151.0000027149490000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1731215850.000002714948F000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1721865040.000002714946F000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1721693912.0000027149464000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.ResourceLoader.get_data
Source: l4.exe, 00000002.00000002.1743830453.000002714AF80000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/socket.html#socket.socket.connect_ex
Source: _bcrypt.pyd.0.drString found in binary or memory: https://docs.rs/getrandom#nodejs-es-module-support
Source: l4.exe, 00000002.00000002.1745896869.000002714B380000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://foss.heptapod.net/pypy/pypy/-/issues/3539
Source: l4.exe, 00000002.00000003.1727108554.000002714B75A000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722996334.000002714B740000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1724072681.000002714B751000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720533373.000002714B73A000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722489125.000002714B73A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Ousret/charset_normalizer
Source: l4.exe, 00000002.00000003.1729030069.000002714948E000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1735747303.0000027149490000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1733602397.0000027149490000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722695078.000002714948D000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.1740276151.0000027149490000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1731215850.000002714948F000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1721865040.000002714946F000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1721693912.0000027149464000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
Source: l4.exe, 00000000.00000003.1673308329.000001A65B8B5000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://github.com/orgs/python-hyper/people
Source: l4.exe, 00000002.00000002.1747746639.000002714BCB8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/psf/requests/pull/6710
Source: _bcrypt.pyd.0.drString found in binary or memory: https://github.com/pyca/bcrypt/__version_ex__4.2.0The
Source: l4.exe, 00000000.00000003.1669978459.000001A65B8B5000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/pyca/cryptography
Source: l4.exe, 00000000.00000003.1669978459.000001A65B8B5000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/pyca/cryptography/
Source: l4.exe, 00000000.00000003.1669978459.000001A65B8B5000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/pyca/cryptography/actions?query=workflow%3ACI
Source: METADATA.0.drString found in binary or memory: https://github.com/pyca/cryptography/issues
Source: l4.exe, 00000000.00000003.1669978459.000001A65B8B5000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/pyca/cryptography/workflows/CI/badge.svg?branch=main
Source: l4.exe, 00000000.00000003.1673308329.000001A65B8B5000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://github.com/python-hyper/h2
Source: l4.exe, 00000000.00000003.1673308329.000001A65B8B5000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://github.com/python-hyper/h2/actions
Source: l4.exe, 00000000.00000003.1673308329.000001A65B8B5000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://github.com/python-hyper/h2/workflows/CI/badge.svg
Source: l4.exe, 00000002.00000002.1740446424.000002714AC40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
Source: l4.exe, 00000002.00000003.1721693912.0000027149464000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
Source: l4.exe, 00000002.00000003.1729030069.000002714948E000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1735747303.0000027149490000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1733602397.0000027149490000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722695078.000002714948D000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.1740276151.0000027149490000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1731215850.000002714948F000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1721865040.000002714946F000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1721693912.0000027149464000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
Source: l4.exe, 00000002.00000003.1721796025.000002714B1F4000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1723338356.000002714B1F6000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1721758644.000002714B1C6000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1690325153.000002714B1E4000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1690300366.000002714B22F000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1737073978.000002714B1F6000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.1745020737.000002714B1F6000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1690384326.000002714B236000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/issues/86361.
Source: l4.exe, 00000002.00000002.1747618383.000002714BAC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/importlib_metadata/wiki/Development-Methodology
Source: l4.exe, 00000002.00000003.1729030069.000002714948E000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1735747303.0000027149490000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1733602397.0000027149490000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722695078.000002714948D000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.1740276151.0000027149490000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1731215850.000002714948F000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1721865040.000002714946F000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1721693912.0000027149464000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
Source: l4.exe, 00000002.00000002.1745896869.000002714B380000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963
Source: l4.exe, 00000002.00000003.1727388468.000002714B2B1000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1723514911.000002714B2AE000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720070639.000002714B221000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722714007.000002714B279000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.
Source: l4.exe, 00000002.00000002.1747746639.000002714BC04000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2920
Source: l4.exe, 00000002.00000002.1747746639.000002714BC04000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/29200m
Source: l4.exe, 00000002.00000002.1747618383.000002714BAC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/3290
Source: l4.exe, 00000000.00000003.1673308329.000001A65B8B5000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://gitter.im/python-hyper/community
Source: l4.exe, 00000002.00000003.1721516954.000002714ADF4000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1724072681.000002714B7A9000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722489125.000002714B7A9000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720684406.000002714B2BA000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1726930256.000002714B7BB000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1727070999.000002714B23D000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720754317.000002714ADF3000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1723680474.000002714B22D000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722996334.000002714B7A9000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1726733448.000002714ADF6000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725044874.000002714B22E000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1726887219.000002714B2ED000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720070639.000002714B221000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720786535.000002714B2EB000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722214200.000002714B2EC000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720533373.000002714B7A9000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722961650.000002714B228000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1726783359.000002714B7A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/
Source: l4.exe, 00000002.00000003.1720684406.000002714B2BA000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1727070999.000002714B23D000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1723680474.000002714B22D000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725044874.000002714B22E000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1726887219.000002714B2ED000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720070639.000002714B221000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720786535.000002714B2EB000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722214200.000002714B2EC000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722961650.000002714B228000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/mail
Source: l4.exe, 00000002.00000003.1724776411.000002714AD60000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/mail/
Source: l4.exe, 00000000.00000003.1673308329.000001A65B8B5000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://h2.readthedocs.io
Source: l4.exe, 00000000.00000003.1673308329.000001A65B8B5000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://h2.readthedocs.io/en/latest/
Source: l4.exe, 00000002.00000003.1720684406.000002714B2BA000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.1745727269.000002714B30D000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1734512728.000002714B30C000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725026172.000002714B30A000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720070639.000002714B221000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720786535.000002714B2EB000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722214200.000002714B2EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/
Source: l4.exe, 00000002.00000003.1726783359.000002714B7A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/
Source: l4.exe, 00000002.00000002.1747937233.000002714BD20000.00000004.00001000.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1726169906.000002714B1B5000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1723898598.000002714B7E6000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725712727.000002714B7E7000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1723680474.000002714B22D000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722996334.000002714B7A9000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.1745387891.000002714B24C000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1724432660.000002714B24C000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1723786781.000002714B24B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722864675.000002714B189000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725778302.000002714B203000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720070639.000002714B221000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720424515.000002714B826000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720533373.000002714B7A9000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722961650.000002714B228000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1723283461.000002714B203000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1724580221.000002714B7E7000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1724728259.000002714B203000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/get
Source: l4.exe, 00000002.00000003.1732934331.000002714B1D3000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1721758644.000002714B1C6000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1733674202.000002714B1D8000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1723481238.000002714B1D1000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1727316143.000002714B1D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/post
Source: l4.exe, 00000000.00000003.1673308329.000001A65B8B5000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://img.shields.io/badge/chat-join_now-brightgreen.svg
Source: l4.exe, 00000000.00000003.1669978459.000001A65B8B5000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://img.shields.io/pypi/v/cryptography.svg
Source: l4.exe, 00000002.00000002.1747618383.000002714BB1C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://importlib-resources.readthedocs.io/en/latest/using.html#migrating-from-legacy
Source: l4.exe, 00000002.00000003.1732934331.000002714B1D3000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.1745702138.000002714B2F4000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.1744836882.000002714B1D3000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725327239.000002714B2EE000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1721758644.000002714B1C6000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1726887219.000002714B2EF000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720684406.000002714B2BA000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1723481238.000002714B1D1000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1727316143.000002714B1D3000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1728671213.000002714B2EF000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1734010974.000002714B2F4000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1734512728.000002714B30C000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725026172.000002714B30A000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720533373.000002714B71F000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720070639.000002714B221000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720786535.000002714B2EB000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722214200.000002714B2EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://json.org
Source: l4.exe, 00000002.00000003.1722489125.000002714B7A9000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725712727.000002714B7E0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1723415697.000002714B7C5000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722996334.000002714B7A9000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720533373.000002714B7A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mahler:8092/site-updates.py
Source: l4.exe, 00000000.00000003.1669978459.000001A65B8B5000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://mail.python.org/mailman/listinfo/cryptography-dev
Source: l4.exe, 00000002.00000002.1745992482.000002714B480000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/specifications/entry-points/
Source: l4.exe, 00000002.00000002.1743830453.000002714AF80000.00000004.00001000.00020000.00000000.sdmp, base_library.zip.0.drString found in binary or memory: https://peps.python.org/pep-0205/
Source: l4.exe, 00000002.00000002.1750271218.00007FFDFB4F2000.00000002.00000001.01000000.00000005.sdmpString found in binary or memory: https://peps.python.org/pep-0263/
Source: l4.exe, 00000000.00000003.1669978459.000001A65B8B5000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://pypi.org/project/cryptography/
Source: l4.exe, 00000000.00000003.1673308329.000001A65B8B5000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://raw.github.com/python-hyper/documentation/master/source/logo/hyper-black-bg-white.png
Source: l4.exe, 00000002.00000002.1747937233.000002714BDC8000.00000004.00001000.00020000.00000000.sdmp, l4.exe, 00000002.00000002.1744161768.000002714B080000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/TheSpeedX/SOCKS-List/master/socks5.txt
Source: l4.exe, 00000002.00000002.1747937233.000002714BDC8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/TheSpeedX/SOCKS-List/master/socks5.txt?
Source: l4.exe, 00000002.00000002.1744161768.000002714B080000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/TheSpeedX/SOCKS-List/master/socks5.txtpy0
Source: l4.exe, 00000000.00000003.1669978459.000001A65B8B5000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://readthedocs.org/projects/cryptography/badge/?version=latest
Source: l4.exe, 00000000.00000003.1673308329.000001A65B8B5000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://readthedocs.org/projects/h2/badge/?version=latest
Source: l4.exe, 00000002.00000002.1747937233.000002714BD3C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://requests.readthedocs.io
Source: l4.exe, 00000002.00000003.1728100278.000002714B2AD000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725348574.000002714B2A7000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720070639.000002714B221000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722714007.000002714B279000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc2388#section-4.4
Source: l4.exe, 00000002.00000003.1691281716.000002714B22F000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1732934331.000002714B1D3000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.1744836882.000002714B1D3000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1721758644.000002714B1C6000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1723481238.000002714B1D1000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1727316143.000002714B1D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7231#section-4.3.6)
Source: l4.exe, 00000002.00000003.1721516954.000002714ADF4000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1724072681.000002714B7A9000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722489125.000002714B7A9000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1726930256.000002714B7BB000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720754317.000002714ADF3000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722996334.000002714B7A9000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1726733448.000002714ADF6000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720533373.000002714B7A9000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1726783359.000002714B7A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
Source: l4.exe, 00000002.00000002.1747618383.000002714BAC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxy
Source: l4.exe, 00000002.00000002.1746087720.000002714B580000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings
Source: l4.exe, 00000002.00000002.1745702138.000002714B2F4000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725327239.000002714B2EE000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1726887219.000002714B2EF000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720684406.000002714B2BA000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1728671213.000002714B2EF000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1734010974.000002714B2F4000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720070639.000002714B221000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720786535.000002714B2EB000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722214200.000002714B2EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warningsN
Source: l4.exe, 00000000.00000003.1670336342.000001A65B8B2000.00000004.00000020.00020000.00000000.sdmp, LICENSE.APACHE.0.drString found in binary or memory: https://www.apache.org/licenses/
Source: l4.exe, 00000000.00000003.1670306650.000001A65B8C0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1670388871.000001A65B8C0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1670336342.000001A65B8B2000.00000004.00000020.00020000.00000000.sdmp, LICENSE.APACHE.0.drString found in binary or memory: https://www.apache.org/licenses/LICENSE-2.0
Source: l4.exe, 00000000.00000003.1675616269.000001A65B8B8000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.1749280138.00007FFDFABE0000.00000002.00000001.01000000.0000000B.sdmp, l4.exe, 00000002.00000002.1750009225.00007FFDFB0E4000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: https://www.openssl.org/H
Source: l4.exe, 00000002.00000003.1732934331.000002714B1D3000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1721758644.000002714B1C6000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1733674202.000002714B1D8000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1723481238.000002714B1D1000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1727316143.000002714B1D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org
Source: l4.exe, 00000002.00000003.1722489125.000002714B7A9000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725712727.000002714B7E0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1723415697.000002714B7C5000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722996334.000002714B7A9000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720533373.000002714B7A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/
Source: l4.exe, 00000002.00000002.1750660866.00007FFDFB669000.00000008.00000001.01000000.00000005.sdmpString found in binary or memory: https://www.python.org/psf/license/
Source: l4.exe, 00000002.00000002.1750271218.00007FFDFB4F2000.00000002.00000001.01000000.00000005.sdmpString found in binary or memory: https://www.python.org/psf/license/)
Source: l4.exe, 00000002.00000003.1724432660.000002714B247000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1723680474.000002714B22D000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720070639.000002714B221000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722961650.000002714B228000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.rfc-editor.org/rfc/rfc8259#section-8.1
Source: l4.exe, 00000002.00000003.1726045721.000002714B996000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725585524.000002714B98A000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1724858254.000002714B93B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725384469.000002714B948000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720919198.000002714B93B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725242111.000002714B947000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1719898604.000002714B93B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/
Source: l4.exe, 00000002.00000003.1733105029.000002714B99A000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722996334.000002714B740000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1724072681.000002714B751000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720919198.000002714B99A000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720533373.000002714B73A000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722489125.000002714B73A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/0m
Source: l4.exe, 00000002.00000003.1720684406.000002714B2BA000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1727070999.000002714B23D000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1723680474.000002714B22D000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725044874.000002714B22E000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1726887219.000002714B2ED000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720070639.000002714B221000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720786535.000002714B2EB000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722214200.000002714B2EC000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722961650.000002714B228000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yahoo.com/
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: C:\Users\user\Desktop\l4.exeCode function: 0_2_00007FF7C2877B740_2_00007FF7C2877B74
Source: C:\Users\user\Desktop\l4.exeCode function: 0_2_00007FF7C2871AD80_2_00007FF7C2871AD8
Source: C:\Users\user\Desktop\l4.exeCode function: 0_2_00007FF7C2876E100_2_00007FF7C2876E10
Source: C:\Users\user\Desktop\l4.exeCode function: 0_2_00007FF7C2857E300_2_00007FF7C2857E30
Source: C:\Users\user\Desktop\l4.exeCode function: 0_2_00007FF7C28623C00_2_00007FF7C28623C0
Source: C:\Users\user\Desktop\l4.exeCode function: 0_2_00007FF7C28643F00_2_00007FF7C28643F0
Source: C:\Users\user\Desktop\l4.exeCode function: 0_2_00007FF7C2863B280_2_00007FF7C2863B28
Source: C:\Users\user\Desktop\l4.exeCode function: 0_2_00007FF7C2860CB80_2_00007FF7C2860CB8
Source: C:\Users\user\Desktop\l4.exeCode function: 0_2_00007FF7C28614D80_2_00007FF7C28614D8
Source: C:\Users\user\Desktop\l4.exeCode function: 0_2_00007FF7C2866C900_2_00007FF7C2866C90
Source: C:\Users\user\Desktop\l4.exeCode function: 0_2_00007FF7C28599DB0_2_00007FF7C28599DB
Source: C:\Users\user\Desktop\l4.exeCode function: 0_2_00007FF7C285A20D0_2_00007FF7C285A20D
Source: C:\Users\user\Desktop\l4.exeCode function: 0_2_00007FF7C287A9380_2_00007FF7C287A938
Source: C:\Users\user\Desktop\l4.exeCode function: 0_2_00007FF7C28612CC0_2_00007FF7C28612CC
Source: C:\Users\user\Desktop\l4.exeCode function: 0_2_00007FF7C28752BC0_2_00007FF7C28752BC
Source: C:\Users\user\Desktop\l4.exeCode function: 0_2_00007FF7C286EAC40_2_00007FF7C286EAC4
Source: C:\Users\user\Desktop\l4.exeCode function: 0_2_00007FF7C2872A840_2_00007FF7C2872A84
Source: C:\Users\user\Desktop\l4.exeCode function: 0_2_00007FF7C2868FC00_2_00007FF7C2868FC0
Source: C:\Users\user\Desktop\l4.exeCode function: 0_2_00007FF7C2863F2C0_2_00007FF7C2863F2C
Source: C:\Users\user\Desktop\l4.exeCode function: 0_2_00007FF7C28627580_2_00007FF7C2862758
Source: C:\Users\user\Desktop\l4.exeCode function: 0_2_00007FF7C286EF580_2_00007FF7C286EF58
Source: C:\Users\user\Desktop\l4.exeCode function: 0_2_00007FF7C28610C80_2_00007FF7C28610C8
Source: C:\Users\user\Desktop\l4.exeCode function: 0_2_00007FF7C285983B0_2_00007FF7C285983B
Source: C:\Users\user\Desktop\l4.exeCode function: 0_2_00007FF7C287708C0_2_00007FF7C287708C
Source: C:\Users\user\Desktop\l4.exeCode function: 0_2_00007FF7C286ADC00_2_00007FF7C286ADC0
Source: C:\Users\user\Desktop\l4.exeCode function: 0_2_00007FF7C286F5D80_2_00007FF7C286F5D8
Source: C:\Users\user\Desktop\l4.exeCode function: 0_2_00007FF7C2858D600_2_00007FF7C2858D60
Source: C:\Users\user\Desktop\l4.exeCode function: 0_2_00007FF7C2860EBC0_2_00007FF7C2860EBC
Source: C:\Users\user\Desktop\l4.exeCode function: 0_2_00007FF7C28636F00_2_00007FF7C28636F0
Source: C:\Users\user\Desktop\l4.exeCode function: 0_2_00007FF7C28616DC0_2_00007FF7C28616DC
Source: C:\Users\user\Desktop\l4.exeCode function: 0_2_00007FF7C28776280_2_00007FF7C2877628
Source: C:\Users\user\Desktop\l4.exeCode function: 0_2_00007FF7C2871AD80_2_00007FF7C2871AD8
Source: C:\Users\user\Desktop\l4.exeCode function: 0_2_00007FF7C2874E200_2_00007FF7C2874E20
Source: C:\Users\user\Desktop\l4.exeCode function: 0_2_00007FF7C28696700_2_00007FF7C2869670
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FF7C2877B742_2_00007FF7C2877B74
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FF7C2863F2C2_2_00007FF7C2863F2C
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FF7C2876E102_2_00007FF7C2876E10
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FF7C28623C02_2_00007FF7C28623C0
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FF7C28643F02_2_00007FF7C28643F0
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FF7C2863B282_2_00007FF7C2863B28
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FF7C2860CB82_2_00007FF7C2860CB8
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FF7C28614D82_2_00007FF7C28614D8
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FF7C2866C902_2_00007FF7C2866C90
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FF7C28599DB2_2_00007FF7C28599DB
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FF7C285A20D2_2_00007FF7C285A20D
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FF7C287A9382_2_00007FF7C287A938
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FF7C28612CC2_2_00007FF7C28612CC
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FF7C28752BC2_2_00007FF7C28752BC
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FF7C286EAC42_2_00007FF7C286EAC4
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FF7C2871AD82_2_00007FF7C2871AD8
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FF7C2872A842_2_00007FF7C2872A84
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FF7C2868FC02_2_00007FF7C2868FC0
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FF7C28627582_2_00007FF7C2862758
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FF7C286EF582_2_00007FF7C286EF58
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FF7C28610C82_2_00007FF7C28610C8
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FF7C285983B2_2_00007FF7C285983B
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FF7C287708C2_2_00007FF7C287708C
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FF7C286ADC02_2_00007FF7C286ADC0
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FF7C286F5D82_2_00007FF7C286F5D8
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FF7C2858D602_2_00007FF7C2858D60
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FF7C2860EBC2_2_00007FF7C2860EBC
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FF7C28636F02_2_00007FF7C28636F0
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FF7C28616DC2_2_00007FF7C28616DC
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FF7C28776282_2_00007FF7C2877628
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FF7C2857E302_2_00007FF7C2857E30
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FF7C2871AD82_2_00007FF7C2871AD8
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FF7C2874E202_2_00007FF7C2874E20
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FF7C28696702_2_00007FF7C2869670
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFA9312F02_2_00007FFDFA9312F0
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFA9318802_2_00007FFDFA931880
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAA869102_2_00007FFDFAA86910
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAA567102_2_00007FFDFAA56710
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAA80F002_2_00007FFDFAA80F00
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAA9FF002_2_00007FFDFAA9FF00
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAA995002_2_00007FFDFAA99500
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAA97AF02_2_00007FFDFAA97AF0
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAA812E02_2_00007FFDFAA812E0
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAA7E0E02_2_00007FFDFAA7E0E0
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAA846E02_2_00007FFDFAA846E0
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAA827502_2_00007FFDFAA82750
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAA5B3502_2_00007FFDFAA5B350
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAA659402_2_00007FFDFAA65940
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAA909402_2_00007FFDFAA90940
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAA82B302_2_00007FFDFAA82B30
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAA7C9302_2_00007FFDFAA7C930
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAAA22802_2_00007FFDFAAA2280
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAA7B6702_2_00007FFDFAA7B670
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAA7A8602_2_00007FFDFAA7A860
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAA7B2C02_2_00007FFDFAA7B2C0
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAA67EC02_2_00007FFDFAA67EC0
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAA520C02_2_00007FFDFAA520C0
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAA9E8B02_2_00007FFDFAA9E8B0
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAA578BB2_2_00007FFDFAA578BB
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAA976B02_2_00007FFDFAA976B0
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAA874A02_2_00007FFDFAA874A0
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAA970102_2_00007FFDFAA97010
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAA669F02_2_00007FFDFAA669F0
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAA55BF02_2_00007FFDFAA55BF0
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAAA09F02_2_00007FFDFAAA09F0
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAA79DE02_2_00007FFDFAA79DE0
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAA85C502_2_00007FFDFAA85C50
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAA6BA502_2_00007FFDFAA6BA50
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAA9F4502_2_00007FFDFAA9F450
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAA906502_2_00007FFDFAA90650
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAA7FA302_2_00007FFDFAA7FA30
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAA842302_2_00007FFDFAA84230
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAA7F6202_2_00007FFDFAA7F620
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAA62A202_2_00007FFDFAA62A20
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAA86F902_2_00007FFDFAA86F90
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAA5C9902_2_00007FFDFAA5C990
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAA9C3902_2_00007FFDFAA9C390
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAA5DF702_2_00007FFDFAA5DF70
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAA9B7602_2_00007FFDFAA9B760
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAA9DBC02_2_00007FFDFAA9DBC0
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAA5A5B02_2_00007FFDFAA5A5B0
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAA53DB02_2_00007FFDFAA53DB0
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAAA1BB02_2_00007FFDFAAA1BB0
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAA647A02_2_00007FFDFAA647A0
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAA97DA02_2_00007FFDFAA97DA0
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB4BAE02_2_00007FFDFAB4BAE0
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB69A602_2_00007FFDFAB69A60
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB2155A2_2_00007FFDFAB2155A
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB65C002_2_00007FFDFAB65C00
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB216542_2_00007FFDFAB21654
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB213DE2_2_00007FFDFAB213DE
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB221C62_2_00007FFDFAB221C6
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB215962_2_00007FFDFAB21596
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB6D9802_2_00007FFDFAB6D980
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB21AD72_2_00007FFDFAB21AD7
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB215462_2_00007FFDFAB21546
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB460302_2_00007FFDFAB46030
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB6DE502_2_00007FFDFAB6DE50
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB21FDC2_2_00007FFDFAB21FDC
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB221E42_2_00007FFDFAB221E4
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB217F82_2_00007FFDFAB217F8
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB8D2D02_2_00007FFDFAB8D2D0
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB227022_2_00007FFDFAB22702
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB224DC2_2_00007FFDFAB224DC
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB21C122_2_00007FFDFAB21C12
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB936502_2_00007FFDFAB93650
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB226172_2_00007FFDFAB22617
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB21A0F2_2_00007FFDFAB21A0F
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB589202_2_00007FFDFAB58920
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB21EE22_2_00007FFDFAB21EE2
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB988702_2_00007FFDFAB98870
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB216182_2_00007FFDFAB21618
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB2117C2_2_00007FFDFAB2117C
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB21CBC2_2_00007FFDFAB21CBC
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB2149C2_2_00007FFDFAB2149C
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB9AC802_2_00007FFDFAB9AC80
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB21B542_2_00007FFDFAB21B54
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB21D932_2_00007FFDFAB21D93
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB287202_2_00007FFDFAB28720
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB2116D2_2_00007FFDFAB2116D
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB216FE2_2_00007FFDFAB216FE
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFB7BDC302_2_00007FFDFB7BDC30
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFB7B2B902_2_00007FFDFB7B2B90
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFB7BBBB02_2_00007FFDFB7BBBB0
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFB7CCAE42_2_00007FFDFB7CCAE4
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFB7B1AF82_2_00007FFDFB7B1AF8
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFB7DAB552_2_00007FFDFB7DAB55
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFB7B5A202_2_00007FFDFB7B5A20
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFB81EA3C2_2_00007FFDFB81EA3C
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFB7C195E2_2_00007FFDFB7C195E
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFB7B39842_2_00007FFDFB7B3984
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFB85495C2_2_00007FFDFB85495C
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFB81E8642_2_00007FFDFB81E864
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFB7B30002_2_00007FFDFB7B3000
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFB7BA0302_2_00007FFDFB7BA030
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFB7B8EA02_2_00007FFDFB7B8EA0
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFB7F2EC02_2_00007FFDFB7F2EC0
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFB7CCEC02_2_00007FFDFB7CCEC0
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFB81CEC02_2_00007FFDFB81CEC0
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFB81DDF02_2_00007FFDFB81DDF0
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFB7DBE102_2_00007FFDFB7DBE10
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFB7C6E302_2_00007FFDFB7C6E30
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFB81EE442_2_00007FFDFB81EE44
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFB7B8D302_2_00007FFDFB7B8D30
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFB7D8D502_2_00007FFDFB7D8D50
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFB7CDC602_2_00007FFDFB7CDC60
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFB7EACC42_2_00007FFDFB7EACC4
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFB855CC02_2_00007FFDFB855CC0
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFB7CD4082_2_00007FFDFB7CD408
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFB7BA4002_2_00007FFDFB7BA400
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFB7C641C2_2_00007FFDFB7C641C
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFB7C22F02_2_00007FFDFB7C22F0
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFB7B22A42_2_00007FFDFB7B22A4
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFB83B2AC2_2_00007FFDFB83B2AC
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFB7B423C2_2_00007FFDFB7B423C
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFB7B91202_2_00007FFDFB7B9120
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFB7BB0B02_2_00007FFDFB7BB0B0
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFB7C47882_2_00007FFDFB7C4788
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFB7C57B82_2_00007FFDFB7C57B8
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFB7B87D02_2_00007FFDFB7B87D0
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFB8146F82_2_00007FFDFB8146F8
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFB7DD6E02_2_00007FFDFB7DD6E0
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFB7F26942_2_00007FFDFB7F2694
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFB7B26A02_2_00007FFDFB7B26A0
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFB7CC6B02_2_00007FFDFB7CC6B0
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFB7B86502_2_00007FFDFB7B8650
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFB7DC5702_2_00007FFDFB7DC570
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFB7D05802_2_00007FFDFB7D0580
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFB7D654C2_2_00007FFDFB7D654C
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFE012F49502_2_00007FFE012F4950
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFE012D1D402_2_00007FFE012D1D40
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFE012F39B02_2_00007FFE012F39B0
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFE012F81902_2_00007FFE012F8190
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFE012DD1902_2_00007FFE012DD190
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFE012E71802_2_00007FFE012E7180
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFE012F69E02_2_00007FFE012F69E0
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFE012FA1E02_2_00007FFE012FA1E0
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFE012FA9D02_2_00007FFE012FA9D0
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFE012F75C02_2_00007FFE012F75C0
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFE012F0E102_2_00007FFE012F0E10
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFE012FC0702_2_00007FFE012FC070
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFE012D5C632_2_00007FFE012D5C63
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFE012D58502_2_00007FFE012D5850
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFE012EA0402_2_00007FFE012EA040
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFE012E88A02_2_00007FFE012E88A0
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFE012F34802_2_00007FFE012F3480
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFE012FB8802_2_00007FFE012FB880
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFE012D90802_2_00007FFE012D9080
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFE013131302_2_00007FFE01313130
Source: C:\Users\user\Desktop\l4.exeCode function: String function: 00007FFDFAB9D425 appears 48 times
Source: C:\Users\user\Desktop\l4.exeCode function: String function: 00007FFDFB7B6448 appears 32 times
Source: C:\Users\user\Desktop\l4.exeCode function: String function: 00007FF7C2852020 appears 34 times
Source: C:\Users\user\Desktop\l4.exeCode function: String function: 00007FFDFAB21325 appears 471 times
Source: C:\Users\user\Desktop\l4.exeCode function: String function: 00007FF7C2851E50 appears 106 times
Source: C:\Users\user\Desktop\l4.exeCode function: String function: 00007FFDFAB9DB03 appears 45 times
Source: C:\Users\user\Desktop\l4.exeCode function: String function: 00007FFDFAB9D32F appears 327 times
Source: C:\Users\user\Desktop\l4.exeCode function: String function: 00007FFDFAB9D33B appears 43 times
Source: C:\Users\user\Desktop\l4.exeCode function: String function: 00007FFDFAB9D341 appears 1193 times
Source: unicodedata.pyd.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: api-ms-win-core-processenvironment-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-interlocked-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-stdio-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-util-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-errorhandling-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-console-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-process-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-timezone-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-file-l2-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-debug-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-string-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-handle-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-2-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-profile-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-localization-l1-2-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-datetime-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-math-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-time-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-locale-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-1.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-utility-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-namedpipe-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-filesystem-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-rtlsupport-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-conio-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-heap-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-convert-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-runtime-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-string-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-2-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-memory-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-sysinfo-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-libraryloader-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: python3.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-heap-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-environment-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: l4.exe, 00000000.00000003.1667490682.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs l4.exe
Source: l4.exe, 00000000.00000003.1666424498.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs l4.exe
Source: l4.exe, 00000000.00000003.1663813261.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs l4.exe
Source: l4.exe, 00000000.00000003.1667727010.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs l4.exe
Source: l4.exe, 00000000.00000003.1666507684.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs l4.exe
Source: l4.exe, 00000000.00000003.1665634754.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs l4.exe
Source: l4.exe, 00000000.00000003.1665231198.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs l4.exe
Source: l4.exe, 00000000.00000003.1664414890.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs l4.exe
Source: l4.exe, 00000000.00000003.1665005466.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs l4.exe
Source: l4.exe, 00000000.00000003.1663702832.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs l4.exe
Source: l4.exe, 00000000.00000003.1678665035.000001A65B8B8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs l4.exe
Source: l4.exe, 00000000.00000003.1667185506.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs l4.exe
Source: l4.exe, 00000000.00000003.1664119386.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_wmi.pyd. vs l4.exe
Source: l4.exe, 00000000.00000003.1667012024.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs l4.exe
Source: l4.exe, 00000000.00000003.1664340433.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs l4.exe
Source: l4.exe, 00000000.00000003.1665786403.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs l4.exe
Source: l4.exe, 00000000.00000003.1667609890.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs l4.exe
Source: l4.exe, 00000000.00000003.1667366788.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs l4.exe
Source: l4.exe, 00000000.00000003.1665080815.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs l4.exe
Source: l4.exe, 00000000.00000003.1667270569.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs l4.exe
Source: l4.exe, 00000000.00000003.1680601791.000001A65B8B8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs l4.exe
Source: l4.exe, 00000000.00000003.1662378215.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140_1.dllT vs l4.exe
Source: l4.exe, 00000000.00000003.1675616269.000001A65B8B8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibsslH vs l4.exe
Source: l4.exe, 00000000.00000003.1675951876.000001A65B8B8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepython3.dll. vs l4.exe
Source: l4.exe, 00000000.00000003.1678922077.000001A65B8B8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameucrtbase.dllj% vs l4.exe
Source: l4.exe, 00000000.00000003.1664857372.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs l4.exe
Source: l4.exe, 00000000.00000003.1665158353.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs l4.exe
Source: l4.exe, 00000000.00000003.1665710373.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs l4.exe
Source: l4.exe, 00000000.00000003.1665477020.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs l4.exe
Source: l4.exe, 00000000.00000003.1665557217.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs l4.exe
Source: l4.exe, 00000000.00000003.1664001701.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs l4.exe
Source: l4.exe, 00000000.00000003.1665934166.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs l4.exe
Source: l4.exe, 00000000.00000003.1666809497.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs l4.exe
Source: l4.exe, 00000000.00000003.1666313733.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs l4.exe
Source: l4.exe, 00000000.00000003.1663434984.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_decimal.pyd. vs l4.exe
Source: l4.exe, 00000000.00000003.1664265546.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs l4.exe
Source: l4.exe, 00000000.00000003.1664778255.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs l4.exe
Source: l4.exe, 00000000.00000003.1666900470.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs l4.exe
Source: l4.exe, 00000000.00000003.1664933294.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs l4.exe
Source: l4.exe, 00000000.00000003.1664703216.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs l4.exe
Source: l4.exe, 00000000.00000003.1665858579.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs l4.exe
Source: l4.exe, 00000000.00000003.1664490045.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs l4.exe
Source: l4.exe, 00000000.00000003.1667094228.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs l4.exe
Source: l4.exe, 00000000.00000003.1666678581.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs l4.exe
Source: l4.exe, 00000000.00000003.1662172375.000001A65B8AF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs l4.exe
Source: l4.exe, 00000000.00000003.1663593875.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs l4.exe
Source: l4.exe, 00000000.00000003.1666585929.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs l4.exe
Source: l4.exe, 00000000.00000003.1664617672.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs l4.exe
Source: l4.exe, 00000000.00000003.1662773946.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs l4.exe
Source: l4.exe, 00000000.00000003.1663889108.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs l4.exe
Source: l4.exe, 00000000.00000003.1664192735.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs l4.exe
Source: l4.exe, 00000000.00000003.1665389142.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs l4.exe
Source: l4.exe, 00000000.00000003.1665308021.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs l4.exe
Source: l4.exeBinary or memory string: OriginalFilename vs l4.exe
Source: l4.exe, 00000002.00000002.1737929140.0000027149340000.00000002.00000001.01000000.00000007.sdmpBinary or memory string: OriginalFilenamepython3.dll. vs l4.exe
Source: l4.exe, 00000002.00000002.1749280138.00007FFDFABE0000.00000002.00000001.01000000.0000000B.sdmpBinary or memory string: OriginalFilenamelibsslH vs l4.exe
Source: l4.exe, 00000002.00000002.1751025704.00007FFDFB791000.00000002.00000001.01000000.00000005.sdmpBinary or memory string: OriginalFilenamepython312.dll. vs l4.exe
Source: l4.exe, 00000002.00000002.1752641087.00007FFE12E16000.00000002.00000001.01000000.00000012.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs l4.exe
Source: l4.exe, 00000002.00000002.1752176622.00007FFE11523000.00000002.00000001.01000000.00000013.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs l4.exe
Source: l4.exe, 00000002.00000002.1748968567.00007FFDFAA44000.00000002.00000001.01000000.00000017.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs l4.exe
Source: l4.exe, 00000002.00000002.1751896734.00007FFE10265000.00000002.00000001.01000000.00000014.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs l4.exe
Source: l4.exe, 00000002.00000002.1752987705.00007FFE13343000.00000002.00000001.01000000.00000008.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs l4.exe
Source: l4.exe, 00000002.00000002.1752442209.00007FFE11EE9000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs l4.exe
Source: l4.exe, 00000002.00000002.1753235966.00007FFE1A469000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs l4.exe
Source: l4.exe, 00000002.00000002.1751205534.00007FFDFB89C000.00000002.00000001.01000000.00000004.sdmpBinary or memory string: OriginalFilenameucrtbase.dllj% vs l4.exe
Source: l4.exe, 00000002.00000002.1750009225.00007FFDFB0E4000.00000002.00000001.01000000.0000000C.sdmpBinary or memory string: OriginalFilenamelibcryptoH vs l4.exe
Source: l4.exe, 00000002.00000002.1752285182.00007FFE11EAE000.00000002.00000001.01000000.00000011.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs l4.exe
Source: l4.exe, 00000002.00000002.1753102394.00007FFE148E6000.00000002.00000001.01000000.00000009.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs l4.exe
Source: l4.exe, 00000002.00000002.1752754724.00007FFE130C9000.00000002.00000001.01000000.0000000F.sdmpBinary or memory string: OriginalFilenamevcruntime140_1.dllT vs l4.exe
Source: l4.exe, 00000002.00000002.1752871564.00007FFE13308000.00000002.00000001.01000000.0000000E.sdmpBinary or memory string: OriginalFilename_wmi.pyd. vs l4.exe
Source: classification engineClassification label: mal52.winEXE@4/79@1/1
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7352:120:WilError_03
Source: C:\Users\user\Desktop\l4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73442Jump to behavior
Source: l4.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\l4.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: l4.exeVirustotal: Detection: 30%
Source: l4.exeReversingLabs: Detection: 29%
Source: C:\Users\user\Desktop\l4.exeFile read: C:\Users\user\Desktop\l4.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\l4.exe "C:\Users\user\Desktop\l4.exe"
Source: C:\Users\user\Desktop\l4.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\l4.exeProcess created: C:\Users\user\Desktop\l4.exe "C:\Users\user\Desktop\l4.exe"
Source: C:\Users\user\Desktop\l4.exeProcess created: C:\Users\user\Desktop\l4.exe "C:\Users\user\Desktop\l4.exe"Jump to behavior
Source: C:\Users\user\Desktop\l4.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\l4.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\l4.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\l4.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Users\user\Desktop\l4.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\l4.exeSection loaded: libcrypto-3.dllJump to behavior
Source: C:\Users\user\Desktop\l4.exeSection loaded: libssl-3.dllJump to behavior
Source: C:\Users\user\Desktop\l4.exeSection loaded: libcrypto-3.dllJump to behavior
Source: C:\Users\user\Desktop\l4.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\l4.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\l4.exeSection loaded: vcruntime140_1.dllJump to behavior
Source: C:\Users\user\Desktop\l4.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\l4.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\l4.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\l4.exeSection loaded: kernel.appcore.dllJump to behavior
Source: l4.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: l4.exeStatic file information: File size 13758678 > 1048576
Source: l4.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: l4.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: l4.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: l4.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: l4.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: l4.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: l4.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: l4.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: l4.exe, 00000000.00000003.1667270569.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-runtime-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: l4.exe, 00000000.00000003.1664617672.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l1-2-0.dll.0.dr
Source: Binary string: ucrtbase.pdb source: l4.exe, 00000002.00000002.1751146044.00007FFDFB861000.00000002.00000001.01000000.00000004.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb source: _decimal.pyd.0.dr
Source: Binary string: api-ms-win-core-debug-l1-1-0.pdb source: l4.exe, 00000000.00000003.1664340433.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: l4.exe, 00000000.00000003.1665934166.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-sysinfo-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: l4.exe, 00000000.00000003.1666809497.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-filesystem-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-memory-l1-1-0.pdbGCTL source: l4.exe, 00000000.00000003.1665158353.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdbGCTL source: l4.exe, 00000000.00000003.1666900470.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-heap-l1-1-0.pdb source: l4.exe, 00000000.00000003.1664857372.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-heap-l1-1-0.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: l4.exe, 00000000.00000003.1662378215.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.1752711439.00007FFE130C5000.00000002.00000001.01000000.0000000F.sdmp, VCRUNTIME140_1.dll.0.dr
Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: l4.exe, 00000000.00000003.1666678581.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdbGCTL source: l4.exe, 00000000.00000003.1666809497.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-filesystem-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: l4.exe, 00000000.00000003.1665389142.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-time-l1-1-0.pdbGCTL source: l4.exe, 00000000.00000003.1667609890.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-time-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: l4.exe, 00000000.00000003.1664192735.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdbGCTL source: l4.exe, 00000000.00000003.1666313733.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdbGCTL source: l4.exe, 00000000.00000003.1665308021.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: l4.exe, 00000000.00000003.1663702832.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.1751733196.00007FFE1025C000.00000002.00000001.01000000.00000014.sdmp
Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: l4.exe, 00000000.00000003.1665557217.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-profile-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-file-l1-1-0.pdbGCTL source: l4.exe, 00000000.00000003.1664490045.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdbGCTL source: l4.exe, 00000000.00000003.1666678581.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: l4.exe, 00000000.00000003.1667609890.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-time-l1-1-0.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\python312.pdb source: l4.exe, 00000002.00000002.1750271218.00007FFDFB4F2000.00000002.00000001.01000000.00000005.sdmp
Source: Binary string: api-ms-win-core-handle-l1-1-0.pdb source: l4.exe, 00000000.00000003.1664778255.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdbGCTL source: l4.exe, 00000000.00000003.1665934166.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-sysinfo-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: l4.exe, 00000000.00000003.1665858579.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: l4.exe, 00000000.00000003.1665308021.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: l4.exe, 00000000.00000003.1662172375.000001A65B8AF000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.1753184819.00007FFE1A463000.00000002.00000001.01000000.00000006.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: l4.exe, 00000000.00000003.1665080815.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-localization-l1-2-0.dll.0.dr
Source: Binary string: api-ms-win-core-string-l1-1-0.pdbGCTL source: l4.exe, 00000000.00000003.1665710373.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-string-l1-1-0.pdbGCTL source: l4.exe, 00000000.00000003.1667490682.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: l4.exe, 00000000.00000003.1665477020.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-1.dll.0.dr
Source: Binary string: api-ms-win-core-debug-l1-1-0.pdbGCTL source: l4.exe, 00000000.00000003.1664340433.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdbGCTL source: l4.exe, 00000000.00000003.1665005466.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-localization-l1-2-0.pdbGCTL source: l4.exe, 00000000.00000003.1665080815.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-localization-l1-2-0.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: l4.exe, 00000000.00000003.1678665035.000001A65B8B8000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.1753056075.00007FFE148E3000.00000002.00000001.01000000.00000009.sdmp, select.pyd.0.dr
Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: l4.exe, 00000000.00000003.1665231198.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: l4.exe, 00000000.00000003.1665634754.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-rtlsupport-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-console-l1-1-0.pdbGCTL source: l4.exe, 00000000.00000003.1664192735.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: l4.exe, 00000000.00000003.1667185506.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-process-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdbGCTL source: l4.exe, 00000000.00000003.1667727010.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: bcrypt_rust.pdb source: _bcrypt.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb source: l4.exe, 00000000.00000003.1664119386.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.1752824254.00007FFE13304000.00000002.00000001.01000000.0000000E.sdmp, _wmi.pyd.0.dr
Source: Binary string: api-ms-win-core-synch-l1-1-0.pdbGCTL source: l4.exe, 00000000.00000003.1665786403.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-synch-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: l4.exe, 00000000.00000003.1664933294.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-interlocked-l1-1-0.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb''&GCTL source: l4.exe, 00000000.00000003.1664119386.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.1752824254.00007FFE13304000.00000002.00000001.01000000.0000000E.sdmp, _wmi.pyd.0.dr
Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdbGCTL source: l4.exe, 00000000.00000003.1665634754.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-rtlsupport-l1-1-0.dll.0.dr
Source: Binary string: D:\a\1\b\libssl-3.pdb source: l4.exe, 00000002.00000002.1749231529.00007FFDFABA5000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: l4.exe, 00000000.00000003.1666900470.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-string-l1-1-0.pdb source: l4.exe, 00000000.00000003.1667490682.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: l4.exe, 00000002.00000002.1752349351.00007FFE11ECD000.00000002.00000001.01000000.0000000A.sdmp, _ssl.pyd.0.dr
Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: l4.exe, 00000000.00000003.1667012024.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-locale-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-memory-l1-1-0.pdb source: l4.exe, 00000000.00000003.1665158353.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"OpenSSL 3.0.15 3 Sep 20243.0.15built on: Wed Sep 4 15:52:04 2024 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availableget_and_lock..\s\crypto\ex_data.cossl_crypto_get_ex_new_index_exossl_crypto_new_ex_data_exCRYPTO_dup_ex_dataCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8..\s\crypto\getenv.ccompiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificC:\Program Files\Common Files\SSLC:\Program Files\OpenSSL\lib\ossl-modules.dllCPUINFO: ..\s\crypto\init.cOPENSSL_init_cryptoOPENSSL_atexit..\s\crypto\initthread.c..\s\crypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL || WITHIN_ARENA(temp->next)assertion failed: (char **)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/*0123456789ABCDEFCRYPTO_memdup..\s\crypto\o_str.chexstr2buf_sepossl_hexstr2buf_sepbuf2hexstr_sepossl_buf2hexstr_sep..\s\crypto\packet.cwpacket_intern_init_lenWPACKET_start_sub_packet_len__..\s\crypto\param_build.cparam_pushparam_push_numOSSL_PARAM_BLD_push_BN_padNegative big numbers are unsupported for OSSL_PARAMOSSL_PARAM_BLD_push_utf8_stringOSSL_PARAM_BLD_push_utf8_ptrOSSL_PARAM_BLD_push_octet_stringOSSL_PARAM_BLD_p
Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: l4.exe, 00000000.00000003.1667366788.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-stdio-l1-1-0.dll.0.dr
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: l4.exe, 00000002.00000002.1749752791.00007FFDFAFA2000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: l4.exe, 00000000.00000003.1662172375.000001A65B8AF000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.1753184819.00007FFE1A463000.00000002.00000001.01000000.00000006.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: api-ms-win-core-util-l1-1-0.pdb source: l4.exe, 00000000.00000003.1666424498.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-util-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: l4.exe, 00000000.00000003.1665786403.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-synch-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-heap-l1-1-0.pdbGCTL source: l4.exe, 00000000.00000003.1664857372.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-heap-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-math-l1-1-0.pdbGCTL source: l4.exe, 00000000.00000003.1667094228.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-math-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-handle-l1-1-0.pdbGCTL source: l4.exe, 00000000.00000003.1664778255.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: l4.exe, 00000000.00000003.1664414890.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: l4.exe, 00000000.00000003.1663593875.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.1752243191.00007FFE11EA7000.00000002.00000001.01000000.00000011.sdmp, _hashlib.pyd.0.dr
Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdbGCTL source: l4.exe, 00000000.00000003.1665389142.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb$$ source: _decimal.pyd.0.dr
Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: l4.exe, 00000000.00000003.1664490045.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-synch-l1-2-0.pdbGCTL source: l4.exe, 00000000.00000003.1665858579.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-process-l1-1-0.pdbGCTL source: l4.exe, 00000000.00000003.1667185506.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-process-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: l4.exe, 00000000.00000003.1666585929.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-convert-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-util-l1-1-0.pdbGCTL source: l4.exe, 00000000.00000003.1666424498.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-util-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdbGCTL source: l4.exe, 00000000.00000003.1664265546.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-datetime-l1-1-0.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: l4.exe, 00000000.00000003.1662773946.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.1752132595.00007FFE1151E000.00000002.00000001.01000000.00000013.sdmp
Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdbGCTL source: l4.exe, 00000000.00000003.1664414890.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ucrtbase.pdbUGP source: l4.exe, 00000002.00000002.1751146044.00007FFDFB861000.00000002.00000001.01000000.00000004.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: l4.exe, 00000000.00000003.1663889108.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.1752941055.00007FFE13339000.00000002.00000001.01000000.00000008.sdmp, _socket.pyd.0.dr
Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdbGCTL source: l4.exe, 00000000.00000003.1667366788.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-stdio-l1-1-0.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdbGCTL source: l4.exe, 00000000.00000003.1662378215.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.1752711439.00007FFE130C5000.00000002.00000001.01000000.0000000F.sdmp, VCRUNTIME140_1.dll.0.dr
Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdbGCTL source: l4.exe, 00000000.00000003.1666585929.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-convert-l1-1-0.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: l4.exe, 00000000.00000003.1680601791.000001A65B8B8000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1680761556.000001A65B8BF000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.1748648572.00007FFDFAA3F000.00000002.00000001.01000000.00000017.sdmp
Source: Binary string: D:\a\1\b\libcrypto-3.pdb| source: l4.exe, 00000002.00000002.1749752791.00007FFDFB03A000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: D:\a\1\b\libssl-3.pdbDD source: l4.exe, 00000002.00000002.1749231529.00007FFDFABA5000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: api-ms-win-core-file-l1-2-0.pdbGCTL source: l4.exe, 00000000.00000003.1664617672.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l1-2-0.dll.0.dr
Source: Binary string: api-ms-win-core-profile-l1-1-0.pdbGCTL source: l4.exe, 00000000.00000003.1665557217.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-profile-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: l4.exe, 00000000.00000003.1664265546.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-datetime-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: l4.exe, 00000000.00000003.1666507684.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-conio-l1-1-0.dll.0.dr
Source: Binary string: bcrypt_rust.pdbD source: _bcrypt.pyd.0.dr
Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: l4.exe, 00000000.00000003.1667094228.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-math-l1-1-0.dll.0.dr
Source: Binary string: D:\a\1\b\libcrypto-3.pdb source: l4.exe, 00000002.00000002.1749752791.00007FFDFB03A000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdbGCTL source: l4.exe, 00000000.00000003.1664933294.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-interlocked-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdbGCTL source: l4.exe, 00000000.00000003.1667012024.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-locale-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: l4.exe, 00000000.00000003.1667727010.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: l4.exe, 00000000.00000003.1666313733.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-string-l1-1-0.pdb source: l4.exe, 00000000.00000003.1665710373.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-file-l2-1-0.pdb source: l4.exe, 00000000.00000003.1664703216.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: l4.exe, 00000000.00000003.1663702832.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.1751733196.00007FFE1025C000.00000002.00000001.01000000.00000014.sdmp
Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: l4.exe, 00000000.00000003.1665005466.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: l4.exe, 00000000.00000003.1663813261.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.1752597769.00007FFE12E13000.00000002.00000001.01000000.00000012.sdmp
Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdbGCTL source: l4.exe, 00000000.00000003.1665231198.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdbGCTL source: l4.exe, 00000000.00000003.1667270569.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-runtime-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdbGCTL source: l4.exe, 00000000.00000003.1665477020.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-1.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\python3.pdb source: l4.exe, 00000000.00000003.1675951876.000001A65B8B8000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.1737929140.0000027149340000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdbGCTL source: l4.exe, 00000000.00000003.1666507684.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-conio-l1-1-0.dll.0.dr
Source: l4.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: l4.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: l4.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: l4.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: l4.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: api-ms-win-crt-time-l1-1-0.dll.0.drStatic PE information: 0x86AADB47 [Mon Aug 5 19:36:39 2041 UTC]
Source: VCRUNTIME140.dll.0.drStatic PE information: section name: fothk
Source: VCRUNTIME140.dll.0.drStatic PE information: section name: _RDATA
Source: libcrypto-3.dll.0.drStatic PE information: section name: .00cfg
Source: libssl-3.dll.0.drStatic PE information: section name: .00cfg
Source: python312.dll.0.drStatic PE information: section name: PyRuntim
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB44331 push rcx; ret 2_2_00007FFDFAB44332
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFB7D4A15 push rdi; ret 2_2_00007FFDFB7D4A1B
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFB7D9F52 push rdi; ret 2_2_00007FFDFB7D9F56
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFB7D983D push rdi; ret 2_2_00007FFDFB7D9844
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFB7D44F9 push rdi; ret 2_2_00007FFDFB7D4502

Persistence and Installation Behavior

barindex
Found pyInstaller with non standard icon
Source: C:\Users\user\Desktop\l4.exeProcess created: "C:\Users\user\Desktop\l4.exe"
Source: C:\Users\user\Desktop\l4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-core-file-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\l4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73442\_queue.pydJump to dropped file
Source: C:\Users\user\Desktop\l4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\l4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73442\libcrypto-3.dllJump to dropped file
Source: C:\Users\user\Desktop\l4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73442\charset_normalizer\md__mypyc.cp312-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\l4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\l4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73442\VCRUNTIME140.dllJump to dropped file
Source: C:\Users\user\Desktop\l4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\l4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-core-console-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\l4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-core-string-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\l4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73442\_ssl.pydJump to dropped file
Source: C:\Users\user\Desktop\l4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\l4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73442\_bz2.pydJump to dropped file
Source: C:\Users\user\Desktop\l4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73442\python3.dllJump to dropped file
Source: C:\Users\user\Desktop\l4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\l4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\l4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\l4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\l4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73442\python312.dllJump to dropped file
Source: C:\Users\user\Desktop\l4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\l4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\l4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\l4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73442\cryptography\hazmat\bindings\_rust.pydJump to dropped file
Source: C:\Users\user\Desktop\l4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-core-file-l2-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\l4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\l4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\l4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73442\zstandard\_cffi.cp312-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\l4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73442\zstandard\backend_c.cp312-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\l4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\l4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73442\libssl-3.dllJump to dropped file
Source: C:\Users\user\Desktop\l4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\l4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\l4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73442\ucrtbase.dllJump to dropped file
Source: C:\Users\user\Desktop\l4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73442\charset_normalizer\md.cp312-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\l4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\l4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73442\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\l4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73442\_decimal.pydJump to dropped file
Source: C:\Users\user\Desktop\l4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\l4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\l4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
Source: C:\Users\user\Desktop\l4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73442\_hashlib.pydJump to dropped file
Source: C:\Users\user\Desktop\l4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\l4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\l4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73442\_wmi.pydJump to dropped file
Source: C:\Users\user\Desktop\l4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\l4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-core-util-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\l4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\l4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73442\select.pydJump to dropped file
Source: C:\Users\user\Desktop\l4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73442\_lzma.pydJump to dropped file
Source: C:\Users\user\Desktop\l4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\l4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\l4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73442\VCRUNTIME140_1.dllJump to dropped file
Source: C:\Users\user\Desktop\l4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73442\bcrypt\_bcrypt.pydJump to dropped file
Source: C:\Users\user\Desktop\l4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\l4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-core-file-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\l4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73442\_brotli.cp312-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\l4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\l4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73442\_cffi_backend.cp312-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\l4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\l4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\l4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\l4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73442\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\l4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\l4.exeCode function: 0_2_00007FF7C2854C50 GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,0_2_00007FF7C2854C50
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB68816 sgdt fword ptr [rax]2_2_00007FFDFAB68816
Source: C:\Users\user\Desktop\l4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-core-file-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\l4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73442\_queue.pydJump to dropped file
Source: C:\Users\user\Desktop\l4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\l4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73442\charset_normalizer\md__mypyc.cp312-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\l4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\l4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\l4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-core-console-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\l4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-core-string-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\l4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73442\_ssl.pydJump to dropped file
Source: C:\Users\user\Desktop\l4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\l4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73442\_bz2.pydJump to dropped file
Source: C:\Users\user\Desktop\l4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73442\python3.dllJump to dropped file
Source: C:\Users\user\Desktop\l4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\l4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\l4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\l4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73442\python312.dllJump to dropped file
Source: C:\Users\user\Desktop\l4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\l4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\l4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\l4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\l4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73442\cryptography\hazmat\bindings\_rust.pydJump to dropped file
Source: C:\Users\user\Desktop\l4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-core-file-l2-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\l4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\l4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\l4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73442\zstandard\_cffi.cp312-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\l4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73442\zstandard\backend_c.cp312-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\l4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\l4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\l4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\l4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73442\charset_normalizer\md.cp312-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\l4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\l4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73442\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\l4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73442\_decimal.pydJump to dropped file
Source: C:\Users\user\Desktop\l4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
Source: C:\Users\user\Desktop\l4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\l4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\l4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73442\_hashlib.pydJump to dropped file
Source: C:\Users\user\Desktop\l4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\l4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\l4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73442\_wmi.pydJump to dropped file
Source: C:\Users\user\Desktop\l4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-core-util-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\l4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\l4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73442\select.pydJump to dropped file
Source: C:\Users\user\Desktop\l4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\l4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73442\_lzma.pydJump to dropped file
Source: C:\Users\user\Desktop\l4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\l4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\l4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-core-file-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\l4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\l4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73442\bcrypt\_bcrypt.pydJump to dropped file
Source: C:\Users\user\Desktop\l4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73442\_brotli.cp312-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\l4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\l4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73442\_cffi_backend.cp312-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\l4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\l4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\l4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\l4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\l4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73442\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\l4.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_0-18422
Source: C:\Users\user\Desktop\l4.exeAPI coverage: 1.5 %
Source: C:\Users\user\Desktop\l4.exeCode function: 0_2_00007FF7C28587E0 FindFirstFileExW,FindClose,0_2_00007FF7C28587E0
Source: C:\Users\user\Desktop\l4.exeCode function: 0_2_00007FF7C2857810 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00007FF7C2857810
Source: C:\Users\user\Desktop\l4.exeCode function: 0_2_00007FF7C2872A84 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF7C2872A84
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FF7C28587E0 FindFirstFileExW,FindClose,2_2_00007FF7C28587E0
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FF7C2872A84 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,2_2_00007FF7C2872A84
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FF7C2857810 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,2_2_00007FF7C2857810
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFB81EFEC FindFirstFileExW,FindClose,FindNextFileW,2_2_00007FFDFB81EFEC
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFB7F2DFC FindFirstFileExW,2_2_00007FFDFB7F2DFC
Source: l4.exe, 00000000.00000003.1669297431.000001A65B8B0000.00000004.00000020.00020000.00000000.sdmp, cacert.pem.0.drBinary or memory string: j2aTPs+9xYa9+bG3tD60B8jzljHz7aRP+KNOjSkVWLjVb3/ubCK1sK9IRQq9qEmU
Source: l4.exe, 00000002.00000003.1722775302.000002714AD6D000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1721930678.000002714AD51000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1733849411.000002714AD75000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1728861695.000002714AD73000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll)
Source: cacert.pem.0.drBinary or memory string: zJVSk/BwJVmcIGfE7vmLV2H0knZ9P4SNVbfo5azV8fUZVqZa+5Acr5Pr5RzUZ5dd
Source: C:\Users\user\Desktop\l4.exeCode function: 0_2_00007FF7C286B4F8 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF7C286B4F8
Source: C:\Users\user\Desktop\l4.exeCode function: 0_2_00007FF7C2874690 GetProcessHeap,0_2_00007FF7C2874690
Source: C:\Users\user\Desktop\l4.exeCode function: 0_2_00007FF7C286B4F8 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF7C286B4F8
Source: C:\Users\user\Desktop\l4.exeCode function: 0_2_00007FF7C285C840 SetUnhandledExceptionFilter,0_2_00007FF7C285C840
Source: C:\Users\user\Desktop\l4.exeCode function: 0_2_00007FF7C285BE00 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF7C285BE00
Source: C:\Users\user\Desktop\l4.exeCode function: 0_2_00007FF7C285C69C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF7C285C69C
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FF7C286B4F8 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF7C286B4F8
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FF7C285C840 SetUnhandledExceptionFilter,2_2_00007FF7C285C840
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FF7C285BE00 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FF7C285BE00
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FF7C285C69C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF7C285C69C
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFA932A70 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFDFA932A70
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFA933028 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFDFA933028
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAAA40A0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFDFAAA40A0
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFAB2212B IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFDFAB2212B
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFB81CC28 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFDFB81CC28
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFDFB7F22DC IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFDFB7F22DC
Source: C:\Users\user\Desktop\l4.exeCode function: 2_2_00007FFE0133DC70 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFE0133DC70
Source: C:\Users\user\Desktop\l4.exeProcess created: C:\Users\user\Desktop\l4.exe "C:\Users\user\Desktop\l4.exe"Jump to behavior
Source: C:\Users\user\Desktop\l4.exeCode function: 0_2_00007FF7C287A780 cpuid 0_2_00007FF7C287A780
Source: C:\Users\user\Desktop\l4.exeCode function: GetProcAddress,GetLocaleInfoW,2_2_00007FFDFB7B3AE0
Source: C:\Users\user\Desktop\l4.exeCode function: EnumSystemLocalesW,2_2_00007FFDFB81AF64
Source: C:\Users\user\Desktop\l4.exeCode function: EnterCriticalSection,EnumSystemLocalesW,LeaveCriticalSection,2_2_00007FFDFB818FB8
Source: C:\Users\user\Desktop\l4.exeCode function: GetPrimaryLen,EnumSystemLocalesW,2_2_00007FFDFB81AFC4
Source: C:\Users\user\Desktop\l4.exeCode function: GetPrimaryLen,EnumSystemLocalesW,2_2_00007FFDFB81B074
Source: C:\Users\user\Desktop\l4.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,2_2_00007FFDFB81B62C
Source: C:\Users\user\Desktop\l4.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,2_2_00007FFDFB81B4B8
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442\certifi VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442\cryptography-43.0.1.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442\cryptography-43.0.1.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442\cryptography-43.0.1.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442\cryptography-43.0.1.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442\cryptography-43.0.1.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442\cryptography-43.0.1.dist-info\license_files VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442\cryptography-43.0.1.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442\cryptography-43.0.1.dist-info\license_files VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442\h2-4.1.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442\h2-4.1.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442\h2-4.1.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442\h2-4.1.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442\h2-4.1.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442\zstandard VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442\ucrtbase.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442\_socket.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442\select.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442\_ssl.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442\_brotli.cp312-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442\_wmi.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442\zstandard VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442\zstandard VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442\zstandard VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442\zstandard\backend_c.cp312-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442\_hashlib.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442\_queue.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442\_bz2.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442\_lzma.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442\charset_normalizer\md__mypyc.cp312-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442\unicodedata.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442\certifi VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73442 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeCode function: 0_2_00007FF7C285C580 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00007FF7C285C580
Source: C:\Users\user\Desktop\l4.exeCode function: 0_2_00007FF7C2876E10 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,0_2_00007FF7C2876E10

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
Native API		1
DLL Side-Loading		11
Process Injection		1
Virtualization/Sandbox Evasion		OS Credential Dumping2
System Time Discovery		Remote Services1
Archive Collected Data		22
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		11
Process Injection		LSASS Memory21
Security Software Discovery		Remote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Deobfuscate/Decode Files or Information		Security Account Manager1
Virtualization/Sandbox Evasion		SMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook2
Obfuscated Files or Information		NTDS1
File and Directory Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
Timestomp		LSA Secrets32
System Information Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
DLL Side-Loading		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
l4.exe31%VirustotalBrowse
l4.exe29%ReversingLabsWin64.Trojan.DDOSAgent

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\_MEI73442\VCRUNTIME140.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI73442\VCRUNTIME140_1.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI73442\_brotli.cp312-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI73442\_bz2.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI73442\_cffi_backend.cp312-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI73442\_decimal.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI73442\_hashlib.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI73442\_lzma.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI73442\_queue.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI73442\_socket.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI73442\_ssl.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI73442\_wmi.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-core-console-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-core-datetime-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-core-debug-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-core-errorhandling-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-core-file-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-core-file-l1-2-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-core-file-l2-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-core-handle-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-core-heap-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-core-interlocked-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-core-libraryloader-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-core-localization-l1-2-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-core-memory-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-core-namedpipe-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-core-processenvironment-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-core-processthreads-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-core-processthreads-l1-1-1.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-core-profile-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-core-rtlsupport-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-core-string-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-core-synch-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-core-synch-l1-2-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-core-sysinfo-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-core-timezone-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-core-util-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-crt-conio-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-crt-convert-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-crt-environment-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-crt-filesystem-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-crt-heap-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-crt-locale-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-crt-math-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-crt-process-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-crt-runtime-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-crt-stdio-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-crt-string-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-crt-time-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-crt-utility-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI73442\bcrypt\_bcrypt.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI73442\charset_normalizer\md.cp312-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI73442\charset_normalizer\md__mypyc.cp312-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI73442\cryptography\hazmat\bindings\_rust.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI73442\libcrypto-3.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI73442\libssl-3.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI73442\python3.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI73442\python312.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI73442\select.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI73442\ucrtbase.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI73442\unicodedata.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI73442\zstandard\_cffi.cp312-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI73442\zstandard\backend_c.cp312-win_amd64.pyd0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://repository.swisssign.com/e0%Avira URL Cloudsafe
http://ocsp.accv.esf50%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
bg.microsoft.map.fastly.net
199.232.214.172
truefalse
    		high
    raw.githubusercontent.com
    		185.199.108.133
    		truefalse
      		high

      URLs from Memory and Binaries

      NameSourceMaliciousAntivirus DetectionReputation
      http://ocsp.accv.esf5l4.exe, 00000002.00000003.1724858254.000002714B93B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725687556.000002714B957000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725384469.000002714B948000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720919198.000002714B93B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725242111.000002714B947000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1719898604.000002714B93B000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      http://crl.dhimyotis.com/certignarootca.crl(l4.exe, 00000002.00000003.1724858254.000002714B93B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725687556.000002714B957000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725384469.000002714B948000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.1747329841.000002714B97A000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720919198.000002714B93B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1732708978.000002714B97A000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725242111.000002714B947000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1726259282.000002714B97A000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1719898604.000002714B93B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725950348.000002714B979000.00000004.00000020.00020000.00000000.sdmpfalse
        		high
        https://codecov.io/gh/python-hyper/h2l4.exe, 00000000.00000003.1673308329.000001A65B8B5000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drfalse
          		high
          http://crl.dhimyotis.com/certignarootca.crl0l4.exe, 00000002.00000003.1733105029.000002714B99A000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720919198.000002714B99A000.00000004.00000020.00020000.00000000.sdmpfalse
            		high
            http://repository.swisssign.com/0l4.exe, 00000002.00000003.1722894366.000002714B360000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722801710.000002714B360000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720786535.000002714B360000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725082539.000002714B374000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.1745851796.000002714B375000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1723770552.000002714B373000.00000004.00000020.00020000.00000000.sdmpfalse
              		high
              https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#l4.exe, 00000002.00000003.1729030069.000002714948E000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1735747303.0000027149490000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1733602397.0000027149490000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722695078.000002714948D000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.1740276151.0000027149490000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1731215850.000002714948F000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1721865040.000002714946F000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1721693912.0000027149464000.00000004.00000020.00020000.00000000.sdmpfalse
                		high
                https://github.com/pyca/cryptography/actions?query=workflow%3ACIl4.exe, 00000000.00000003.1669978459.000001A65B8B5000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                  		high
                  https://tools.ietf.org/html/rfc2388#section-4.4l4.exe, 00000002.00000003.1728100278.000002714B2AD000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725348574.000002714B2A7000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720070639.000002714B221000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722714007.000002714B279000.00000004.00000020.00020000.00000000.sdmpfalse
                    		high
                    https://www.apache.org/licenses/LICENSE-2.0l4.exe, 00000000.00000003.1670306650.000001A65B8C0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1670388871.000001A65B8C0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1670336342.000001A65B8B2000.00000004.00000020.00020000.00000000.sdmp, LICENSE.APACHE.0.drfalse
                      		high
                      https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64l4.exe, 00000002.00000003.1732934331.000002714B1D3000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.1744836882.000002714B1D3000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1721758644.000002714B1C6000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1723481238.000002714B1D1000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1727316143.000002714B1D3000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        http://repository.swisssign.com/el4.exe, 00000002.00000002.1740158479.0000027149476000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1728233551.0000027149472000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1721865040.000002714946F000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1731088017.0000027149473000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1721693912.0000027149464000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://github.com/python-hyper/h2/workflows/CI/badge.svgl4.exe, 00000000.00000003.1673308329.000001A65B8B5000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drfalse
                          		high
                          https://github.com/orgs/python-hyper/peoplel4.exe, 00000000.00000003.1673308329.000001A65B8B5000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drfalse
                            		high
                            https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963l4.exe, 00000002.00000002.1745896869.000002714B380000.00000004.00001000.00020000.00000000.sdmpfalse
                              		high
                              https://peps.python.org/pep-0205/l4.exe, 00000002.00000002.1743830453.000002714AF80000.00000004.00001000.00020000.00000000.sdmp, base_library.zip.0.drfalse
                                		high
                                http://crl.dhimyotis.com/certignarootca.crll4.exe, 00000002.00000003.1724858254.000002714B93B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725687556.000002714B957000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725384469.000002714B948000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.1747329841.000002714B97A000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720919198.000002714B93B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1732708978.000002714B97A000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725242111.000002714B947000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1726259282.000002714B97A000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1719898604.000002714B93B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725950348.000002714B979000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  http://curl.haxx.se/rfc/cookie_spec.htmll4.exe, 00000002.00000002.1747746639.000002714BC04000.00000004.00001000.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1727424361.000002714B760000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722996334.000002714B740000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1724072681.000002714B751000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1726783359.000002714B75D000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1736661708.000002714B760000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720533373.000002714B73A000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722489125.000002714B73A000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.1746417560.000002714B762000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    http://ocsp.accv.esl4.exe, 00000002.00000003.1724858254.000002714B93B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725687556.000002714B957000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725384469.000002714B948000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720919198.000002714B93B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725242111.000002714B947000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1719898604.000002714B93B000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      https://readthedocs.org/projects/h2/badge/?version=latestl4.exe, 00000000.00000003.1673308329.000001A65B8B5000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drfalse
                                        		high
                                        http://crl.dhimyotis.com/certignarootca.crl_l4.exe, 00000002.00000003.1722996334.000002714B740000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1724072681.000002714B751000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720533373.000002714B73A000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722489125.000002714B73A000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://docs.python.org/3/library/importlib.html#importlib.abc.ExecutionLoader.get_filenamel4.exe, 00000002.00000002.1740446424.000002714AC40000.00000004.00001000.00020000.00000000.sdmpfalse
                                            		high
                                            https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxyl4.exe, 00000002.00000002.1747618383.000002714BAC0000.00000004.00001000.00020000.00000000.sdmpfalse
                                              		high
                                              https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688l4.exe, 00000002.00000002.1740446424.000002714AC40000.00000004.00001000.00020000.00000000.sdmpfalse
                                                		high
                                                https://httpbin.org/getl4.exe, 00000002.00000002.1747937233.000002714BD20000.00000004.00001000.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1726169906.000002714B1B5000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1723898598.000002714B7E6000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725712727.000002714B7E7000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1723680474.000002714B22D000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722996334.000002714B7A9000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.1745387891.000002714B24C000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1724432660.000002714B24C000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1723786781.000002714B24B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722864675.000002714B189000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725778302.000002714B203000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720070639.000002714B221000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720424515.000002714B826000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720533373.000002714B7A9000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722961650.000002714B228000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1723283461.000002714B203000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1724580221.000002714B7E7000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1724728259.000002714B203000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://h2.readthedocs.iol4.exe, 00000000.00000003.1673308329.000001A65B8B5000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drfalse
                                                    		high
                                                    https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_codel4.exe, 00000002.00000002.1740446424.000002714ACBC000.00000004.00001000.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://wwww.certigna.fr/autorites/0ml4.exe, 00000002.00000003.1733105029.000002714B99A000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722996334.000002714B740000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1724072681.000002714B751000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720919198.000002714B99A000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720533373.000002714B73A000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722489125.000002714B73A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/readerl4.exe, 00000002.00000003.1729030069.000002714948E000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1735747303.0000027149490000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1733602397.0000027149490000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722695078.000002714948D000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.1740276151.0000027149490000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1731215850.000002714948F000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1721865040.000002714946F000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1721693912.0000027149464000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://raw.github.com/python-hyper/documentation/master/source/logo/hyper-black-bg-white.pngl4.exe, 00000000.00000003.1673308329.000001A65B8B5000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drfalse
                                                            		high
                                                            https://github.com/python/cpython/issues/86361.l4.exe, 00000002.00000003.1721796025.000002714B1F4000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1723338356.000002714B1F6000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1721758644.000002714B1C6000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1690325153.000002714B1E4000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1690300366.000002714B22F000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1737073978.000002714B1F6000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.1745020737.000002714B1F6000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1690384326.000002714B236000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://httpbin.org/l4.exe, 00000002.00000003.1726783359.000002714B7A9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://www.apache.org/licenses/l4.exe, 00000000.00000003.1670336342.000001A65B8B2000.00000004.00000020.00020000.00000000.sdmp, LICENSE.APACHE.0.drfalse
                                                                  		high
                                                                  https://github.com/pyca/cryptography/workflows/CI/badge.svg?branch=mainl4.exe, 00000000.00000003.1669978459.000001A65B8B5000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                    		high
                                                                    https://wwww.certigna.fr/autorites/l4.exe, 00000002.00000003.1726045721.000002714B996000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725585524.000002714B98A000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1724858254.000002714B93B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725384469.000002714B948000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720919198.000002714B93B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725242111.000002714B947000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1719898604.000002714B93B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.exec_modulel4.exe, 00000002.00000002.1743830453.000002714AF80000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://docs.python.org/3/library/importlib.html#importlib.abc.MetaPathFinder.invalidate_cachesl4.exe, 00000002.00000002.1743830453.000002714AF80000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535l4.exe, 00000002.00000003.1722894366.000002714B360000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.1745479111.000002714B2D3000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722801710.000002714B360000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720786535.000002714B360000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720684406.000002714B2BA000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1691281716.000002714B2CC000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725082539.000002714B374000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1724228913.000002714B2BB000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725100760.000002714B2C9000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1691094855.000002714B360000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1727668730.000002714B2CC000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720070639.000002714B221000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1723607324.000002714B2BB000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1723770552.000002714B373000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://cryptography.io/en/latest/installation/l4.exe, 00000000.00000003.1669978459.000001A65B8B5000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                              		high
                                                                              https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_syl4.exe, 00000002.00000003.1729030069.000002714948E000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1735747303.0000027149490000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1733602397.0000027149490000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722695078.000002714948D000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.1740276151.0000027149490000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1731215850.000002714948F000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1721865040.000002714946F000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1721693912.0000027149464000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://python-hyper.org/en/latest/contributing.htmll4.exe, 00000000.00000003.1673308329.000001A65B8B5000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drfalse
                                                                                  		high
                                                                                  https://www.python.org/psf/license/l4.exe, 00000002.00000002.1750660866.00007FFDFB669000.00000008.00000001.01000000.00000005.sdmpfalse
                                                                                    		high
                                                                                    http://crl.securetrust.com/STCA.crll4.exe, 00000002.00000003.1725670603.000002714B91B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1719898604.000002714B910000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720919198.000002714B910000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://h2.readthedocs.io/en/latest/l4.exe, 00000000.00000003.1673308329.000001A65B8B5000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drfalse
                                                                                        		high
                                                                                        http://wwwsearch.sf.net/):l4.exe, 00000002.00000003.1727424361.000002714B760000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722996334.000002714B740000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1724072681.000002714B751000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1726783359.000002714B75D000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1736661708.000002714B760000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.1746182677.000002714B680000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720533373.000002714B73A000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722489125.000002714B73A000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.1746417560.000002714B762000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://github.com/python/importlib_metadata/wiki/Development-Methodologyl4.exe, 00000002.00000002.1747618383.000002714BAC0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0l4.exe, 00000002.00000003.1724858254.000002714B93B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725687556.000002714B957000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725384469.000002714B948000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720919198.000002714B93B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725242111.000002714B947000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1719898604.000002714B93B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://www.accv.es/legislacion_c.html4.exe, 00000002.00000002.1747257043.000002714B942000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1724858254.000002714B93B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725384469.000002714B93B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720919198.000002714B93B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1719898604.000002714B93B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://tools.ietf.org/html/rfc6125#section-6.4.3l4.exe, 00000002.00000002.1747746639.000002714BC04000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://cryptography.io/en/latest/security/l4.exe, 00000000.00000003.1669978459.000001A65B8B5000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                    		high
                                                                                                    https://github.com/pyca/bcrypt/__version_ex__4.2.0The_bcrypt.pyd.0.drfalse
                                                                                                      		high
                                                                                                      http://crl.xrampsecurity.com/XGCA.crl0l4.exe, 00000002.00000003.1720684406.000002714B2BA000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1726523386.000002714B33A000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1723845811.000002714B330000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720070639.000002714B221000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722801710.000002714B32F000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720786535.000002714B2EB000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722214200.000002714B2EC000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722894366.000002714B330000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1724681727.000002714B331000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://www.cert.fnmt.es/dpcs/l4.exe, 00000002.00000003.1726045721.000002714B97B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1721075648.000002714B708000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1724858254.000002714B93B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725687556.000002714B957000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725384469.000002714B948000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720919198.000002714B93B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1727352428.000002714B70A000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725242111.000002714B947000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1719898604.000002714B93B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725950348.000002714B979000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://raw.githubusercontent.com/TheSpeedX/SOCKS-List/master/socks5.txtl4.exe, 00000002.00000002.1747937233.000002714BDC8000.00000004.00001000.00020000.00000000.sdmp, l4.exe, 00000002.00000002.1744161768.000002714B080000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://google.com/maill4.exe, 00000002.00000003.1720684406.000002714B2BA000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1727070999.000002714B23D000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1723680474.000002714B22D000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725044874.000002714B22E000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1726887219.000002714B2ED000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720070639.000002714B221000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720786535.000002714B2EB000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722214200.000002714B2EC000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722961650.000002714B228000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://packaging.python.org/specifications/entry-points/l4.exe, 00000002.00000002.1745992482.000002714B480000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://www.accv.es00l4.exe, 00000002.00000002.1747257043.000002714B942000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1724858254.000002714B93B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725384469.000002714B93B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725687556.000002714B957000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725384469.000002714B948000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720919198.000002714B93B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725242111.000002714B947000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1719898604.000002714B93B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://www.python.org/psf/license/)l4.exe, 00000002.00000002.1750271218.00007FFDFB4F2000.00000002.00000001.01000000.00000005.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.pyl4.exe, 00000002.00000003.1721693912.0000027149464000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://github.com/pyca/cryptography/issuesMETADATA.0.drfalse
                                                                                                                        		high
                                                                                                                        https://readthedocs.org/projects/cryptography/badge/?version=latestl4.exe, 00000000.00000003.1669978459.000001A65B8B5000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                          		high
                                                                                                                          https://foss.heptapod.net/pypy/pypy/-/issues/3539l4.exe, 00000002.00000002.1745896869.000002714B380000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.l4.exe, 00000002.00000003.1727388468.000002714B2B1000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1723514911.000002714B2AE000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720070639.000002714B221000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722714007.000002714B279000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://google.com/l4.exe, 00000002.00000003.1722894366.000002714B360000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.1745702138.000002714B2F4000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725327239.000002714B2EE000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722801710.000002714B360000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720786535.000002714B360000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1726887219.000002714B2EF000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720684406.000002714B2BA000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725082539.000002714B374000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1727749915.000002714B379000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1728671213.000002714B2EF000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1734010974.000002714B2F4000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720070639.000002714B221000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720786535.000002714B2EB000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722214200.000002714B2EC000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1723770552.000002714B373000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://html4/loose.dtdl4.exe, 00000002.00000002.1749054059.00007FFDFAAA6000.00000002.00000001.01000000.0000000D.sdmp, _brotli.cp312-win_amd64.pyd.0.drfalse
                                                                                                                                  		high
                                                                                                                                  https://mahler:8092/site-updates.pyl4.exe, 00000002.00000003.1722489125.000002714B7A9000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725712727.000002714B7E0000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1723415697.000002714B7C5000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722996334.000002714B7A9000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720533373.000002714B7A9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://crl.securetrust.com/SGCA.crll4.exe, 00000002.00000003.1725670603.000002714B91B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1719898604.000002714B910000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720919198.000002714B910000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://.../back.jpegl4.exe, 00000002.00000002.1747746639.000002714BC58000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://tools.ietf.org/html/rfc7231#section-4.3.6)l4.exe, 00000002.00000003.1691281716.000002714B22F000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1732934331.000002714B1D3000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.1744836882.000002714B1D3000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1721758644.000002714B1C6000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1723481238.000002714B1D1000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1727316143.000002714B1D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://github.com/pyca/cryptographyl4.exe, 00000000.00000003.1669978459.000001A65B8B5000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                                            		high
                                                                                                                                            https://cryptography.io/METADATA.0.drfalse
                                                                                                                                              		high
                                                                                                                                              https://httpbin.org/postl4.exe, 00000002.00000003.1732934331.000002714B1D3000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1721758644.000002714B1C6000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1733674202.000002714B1D8000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1723481238.000002714B1D1000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1727316143.000002714B1D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warningsNl4.exe, 00000002.00000002.1745702138.000002714B2F4000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725327239.000002714B2EE000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1726887219.000002714B2EF000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720684406.000002714B2BA000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1728671213.000002714B2EF000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1734010974.000002714B2F4000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720070639.000002714B221000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720786535.000002714B2EB000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722214200.000002714B2EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_sourcel4.exe, 00000002.00000002.1740446424.000002714ACBC000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://docs.rs/getrandom#nodejs-es-module-support_bcrypt.pyd.0.drfalse
                                                                                                                                                      		high
                                                                                                                                                      https://github.com/pyca/cryptography/l4.exe, 00000000.00000003.1669978459.000001A65B8B5000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                                                        		high
                                                                                                                                                        https://github.com/Ousret/charset_normalizerl4.exe, 00000002.00000003.1727108554.000002714B75A000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722996334.000002714B740000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1724072681.000002714B751000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720533373.000002714B73A000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722489125.000002714B73A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          http://www.firmaprofesional.com/cps0l4.exe, 00000002.00000003.1724037004.000002714B31E000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.1747464275.000002714B9BB000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1719898604.000002714B9BA000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720684406.000002714B2BA000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725635542.000002714B9BB000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725566781.000002714B320000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1727607401.000002714B327000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1724195001.000002714B9BA000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720070639.000002714B221000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720786535.000002714B2EB000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722214200.000002714B2EC000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722894366.000002714B314000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            http://www.quovadisglobal.com/cpsVYl4.exe, 00000002.00000003.1735665684.000002714B232000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.1745322366.000002714B23B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1723680474.000002714B22D000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725044874.000002714B22E000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720070639.000002714B221000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1737351145.000002714B237000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1729659043.000002714B22E000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722961650.000002714B228000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://docs.python.org/3/library/importlib.html#importlib.abc.PathEntryFinder.find_specl4.exe, 00000002.00000002.1740446424.000002714ACBC000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://github.com/urllib3/urllib3/issues/2920l4.exe, 00000002.00000002.1747746639.000002714BC04000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  http://.cssl4.exe, 00000002.00000002.1749054059.00007FFDFAAA6000.00000002.00000001.01000000.0000000D.sdmp, _brotli.cp312-win_amd64.pyd.0.drfalse
                                                                                                                                                                    		high
                                                                                                                                                                    http://crl.securetrust.com/SGCA.crl0l4.exe, 00000002.00000003.1722489125.000002714B7A9000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1723415697.000002714B7C5000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1726765587.000002714B7E8000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1723898598.000002714B7E6000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725712727.000002714B7E7000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722996334.000002714B7A9000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720533373.000002714B7A9000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1724580221.000002714B7E7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://docs.python.org/3/library/importlib.html#importlib.abc.ResourceLoader.get_datal4.exe, 00000002.00000003.1729030069.000002714948E000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1735747303.0000027149490000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1733602397.0000027149490000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722695078.000002714948D000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.1740276151.0000027149490000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1731215850.000002714948F000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1721865040.000002714946F000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1721693912.0000027149464000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://yahoo.com/l4.exe, 00000002.00000003.1720684406.000002714B2BA000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1727070999.000002714B23D000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1723680474.000002714B22D000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725044874.000002714B22E000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1726887219.000002714B2ED000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720070639.000002714B221000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720786535.000002714B2EB000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722214200.000002714B2EC000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722961650.000002714B228000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          http://crl.securetrust.com/STCA.crl0l4.exe, 00000002.00000003.1722489125.000002714B7A9000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1723415697.000002714B7C5000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1726765587.000002714B7E8000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1723898598.000002714B7E6000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725712727.000002714B7E7000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722996334.000002714B7A9000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720533373.000002714B7A9000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1724580221.000002714B7E7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6l4.exe, 00000002.00000003.1722894366.000002714B360000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.1745874410.000002714B37D000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725175449.000002714B37C000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722801710.000002714B360000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720786535.000002714B360000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1727749915.000002714B37D000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1691094855.000002714B346000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720684406.000002714B2BA000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1733206918.000002714B349000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725082539.000002714B374000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1723436832.000002714B347000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1691094855.000002714B360000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1691094855.000002714B2FB000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720070639.000002714B221000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722801710.000002714B32F000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720786535.000002714B2EB000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1691480512.000002714B37C000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722214200.000002714B2EC000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722894366.000002714B330000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1723770552.000002714B373000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://github.com/python-hyper/h2l4.exe, 00000000.00000003.1673308329.000001A65B8B5000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://html.spec.whatwg.org/multipage/l4.exe, 00000002.00000003.1720684406.000002714B2BA000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.1745727269.000002714B30D000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1734512728.000002714B30C000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725026172.000002714B30A000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720070639.000002714B221000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720786535.000002714B2EB000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722214200.000002714B2EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  http://www.quovadisglobal.com/cps0l4.exe, 00000002.00000002.1747230152.000002714B924000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725670603.000002714B91B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1719898604.000002714B910000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720919198.000002714B910000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crll4.exe, 00000002.00000003.1735602908.000002714B912000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1719898604.000002714B910000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1727089726.000002714B911000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720919198.000002714B910000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warningsl4.exe, 00000002.00000002.1746087720.000002714B580000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0l4.exe, 00000002.00000003.1724858254.000002714B93B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725687556.000002714B957000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725384469.000002714B948000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720919198.000002714B93B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1725242111.000002714B947000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1719898604.000002714B93B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://cryptography.io/en/latest/changelog/l4.exe, 00000000.00000003.1669978459.000001A65B8B5000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl?vl4.exe, 00000002.00000003.1735602908.000002714B912000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1719898604.000002714B910000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1727089726.000002714B911000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720919198.000002714B910000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://www.rfc-editor.org/rfc/rfc8259#section-8.1l4.exe, 00000002.00000003.1724432660.000002714B247000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1723680474.000002714B22D000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1720070639.000002714B221000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000003.1722961650.000002714B228000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://mail.python.org/mailman/listinfo/cryptography-devl4.exe, 00000000.00000003.1669978459.000001A65B8B5000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://requests.readthedocs.iol4.exe, 00000002.00000002.1747937233.000002714BD3C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://gitter.im/python-hyper/communityl4.exe, 00000000.00000003.1673308329.000001A65B8B5000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      http://.jpgl4.exe, 00000002.00000002.1749054059.00007FFDFAAA6000.00000002.00000001.01000000.0000000D.sdmp, _brotli.cp312-win_amd64.pyd.0.drfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        https://raw.githubusercontent.com/TheSpeedX/SOCKS-List/master/socks5.txtpy0l4.exe, 00000002.00000002.1744161768.000002714B080000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high

                                                                                                                                                                                                          World Map of Contacted IPs

                                                                                                                                                                                                          • No. of IPs < 25%
                                                                                                                                                                                                          • 25% < No. of IPs < 50%
                                                                                                                                                                                                          • 50% < No. of IPs < 75%
                                                                                                                                                                                                          • 75% < No. of IPs

                                                                                                                                                                                                          Public IPs

                                                                                                                                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                          185.199.108.133
                                                                                                                                                                                                          		raw.githubusercontent.comNetherlands
                                                                                                                                                                                                          		54113FASTLYUSfalse

                                                                                                                                                                                                          General Information

                                                                                                                                                                                                          Joe Sandbox version:42.0.0 Malachite
                                                                                                                                                                                                          Analysis ID:1610196
                                                                                                                                                                                                          Start date and time:2025-02-08 18:40:19 +01:00
                                                                                                                                                                                                          Joe Sandbox product:CloudBasic
                                                                                                                                                                                                          Overall analysis duration:0h 6m 34s
                                                                                                                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                                                                                                                          Report type:full
                                                                                                                                                                                                          Cookbook file name:default.jbs
                                                                                                                                                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                          Number of analysed new started processes analysed:3
                                                                                                                                                                                                          Number of new started drivers analysed:0
                                                                                                                                                                                                          Number of existing processes analysed:0
                                                                                                                                                                                                          Number of existing drivers analysed:0
                                                                                                                                                                                                          Number of injected processes analysed:0
                                                                                                                                                                                                          Technologies:
                                                                                                                                                                                                          • HCA enabled
                                                                                                                                                                                                          • EGA enabled
                                                                                                                                                                                                          • AMSI enabled
                                                                                                                                                                                                          Analysis Mode:default
                                                                                                                                                                                                          Analysis stop reason:Timeout
                                                                                                                                                                                                          Sample name:l4.exe
                                                                                                                                                                                                          Detection:MAL
                                                                                                                                                                                                          Classification:mal52.winEXE@4/79@1/1
                                                                                                                                                                                                          EGA Information:
                                                                                                                                                                                                          • Successful, ratio: 100%
                                                                                                                                                                                                          HCA Information:Failed
                                                                                                                                                                                                          Cookbook Comments:
                                                                                                                                                                                                          • Found application associated with file extension: .exe
                                                                                                                                                                                                          • Stop behavior analysis, all processes terminated

                                                                                                                                                                                                          Warnings

                                                                                                                                                                                                          • Excluded IPs from analysis (whitelisted): 20.109.210.53, 2.17.190.73, 20.242.39.171
                                                                                                                                                                                                          • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, e3913.cd.akamaiedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com, cac-ocsp.digicert.com.edgekey.net, fe3.delivery.mp.microsoft.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
                                                                                                                                                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                          • Report size exceeded maximum capacity and may have missing disassembly code.

                                                                                                                                                                                                          Simulations

                                                                                                                                                                                                          Behavior and APIs

                                                                                                                                                                                                          No simulations

                                                                                                                                                                                                          Joe Sandbox View / Context

                                                                                                                                                                                                          IPs

                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                          185.199.108.133cr_asm.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                                                                                                                                                                          vF20HtY4a4.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                                                                                                                                                                          VvPrGsGGWH.exeGet hashmaliciousAsyncRAT, XWormBrowse
                                                                                                                                                                                                          • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                                                                                                                                                                          OSLdZanXNc.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                                                                                                                                                                          gaber.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                                                                                                                                                                          cr_asm.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt

                                                                                                                                                                                                          Domains

                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                          raw.githubusercontent.comfilw.exeGet hashmaliciousStealeriumBrowse
                                                                                                                                                                                                          • 185.199.108.133
                                                                                                                                                                                                          main.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 185.199.108.133
                                                                                                                                                                                                          europe.exeGet hashmaliciousLummaC, GO Backdoor, LummaC StealerBrowse
                                                                                                                                                                                                          • 185.199.108.133
                                                                                                                                                                                                          kjjA3Ebw2c.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 185.199.109.133
                                                                                                                                                                                                          kjjA3Ebw2c.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 185.199.108.133
                                                                                                                                                                                                          bypass.batGet hashmaliciousBraodo, XWormBrowse
                                                                                                                                                                                                          • 185.199.108.133
                                                                                                                                                                                                          X8do5kx7N9.exeGet hashmaliciousDiscord Token Stealer, XWormBrowse
                                                                                                                                                                                                          • 185.199.108.133
                                                                                                                                                                                                          Payment slip.vbsGet hashmaliciousDiscord Token StealerBrowse
                                                                                                                                                                                                          • 185.199.110.133
                                                                                                                                                                                                          http://dro.pm/axGet hashmaliciousQuasarBrowse
                                                                                                                                                                                                          • 185.199.109.133
                                                                                                                                                                                                          http://nanobotrock.comGet hashmaliciousAnonymous ProxyBrowse
                                                                                                                                                                                                          • 185.199.109.133
                                                                                                                                                                                                          bg.microsoft.map.fastly.netDocJets.exeGet hashmaliciousAsyncRAT, PureLog StealerBrowse
                                                                                                                                                                                                          • 199.232.210.172
                                                                                                                                                                                                          image_processor (2).exe.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 199.232.214.172
                                                                                                                                                                                                          RFQ_MIPCO .xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 199.232.210.172
                                                                                                                                                                                                          RFQ_MIPCO .xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 199.232.210.172
                                                                                                                                                                                                          RFQ_MIPCO .xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 199.232.214.172
                                                                                                                                                                                                          c.exeGet hashmaliciousMeshAgentBrowse
                                                                                                                                                                                                          • 199.232.214.172
                                                                                                                                                                                                          Ld3pkWLjgX.exeGet hashmaliciousAsyncRAT, GuLoaderBrowse
                                                                                                                                                                                                          • 199.232.214.172
                                                                                                                                                                                                          0irFoaxbQx.exeGet hashmaliciousDCRatBrowse
                                                                                                                                                                                                          • 199.232.210.172
                                                                                                                                                                                                          https://t.co/4HhUrxCmX4Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                          • 199.232.210.172
                                                                                                                                                                                                          f_0139eeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 199.232.210.172

                                                                                                                                                                                                          ASNs

                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                          FASTLYUSfilw.exeGet hashmaliciousStealeriumBrowse
                                                                                                                                                                                                          • 185.199.108.133
                                                                                                                                                                                                          main.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 185.199.108.133
                                                                                                                                                                                                          europe.exeGet hashmaliciousLummaC, GO Backdoor, LummaC StealerBrowse
                                                                                                                                                                                                          • 185.199.108.133
                                                                                                                                                                                                          https://docs.google.com/drawings/d/1jMxa3xnHDyQJ5_Ou8skqyuRslhdmGmULR5h7goJFaB0/previewGet hashmaliciousGRQ ScamBrowse
                                                                                                                                                                                                          • 151.101.194.208
                                                                                                                                                                                                          https://github.com/Berusol/Xeno-Executor/releases/download/Setup/Xeno.Roblox.rarGet hashmaliciousLummaC Stealer, PureLog Stealer, Xmrig, zgRATBrowse
                                                                                                                                                                                                          • 185.199.109.133
                                                                                                                                                                                                          https://hdtodaytv.picsGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                          • 151.101.1.229
                                                                                                                                                                                                          https://docs-trzor-cdn-suite.weebly.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 151.101.129.46
                                                                                                                                                                                                          https://trezzor-suiteapp.github.io/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                          • 185.199.108.153
                                                                                                                                                                                                          http://f9ffbe30-9ed1-4ee5-989b-efe75841acd7-00-3p9n3xujzx1f7.riker.replit.dev/english.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 151.101.66.137
                                                                                                                                                                                                          https://bafkreienx3cy3vi7dnypx3ewxbzblahkg3i7jujv2tr6re6yhvqftdki7i.ipfs.flk-ipfs.xyz/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 151.101.66.137

                                                                                                                                                                                                          JA3 Fingerprints

                                                                                                                                                                                                          No context

                                                                                                                                                                                                          Dropped Files

                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI73442\VCRUNTIME140.dllLLpXuQ2XPb.exeGet hashmaliciousPython Stealer, CStealerBrowse
                                                                                                                                                                                                            tP5086S.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              G8lVmiI.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                bypass.batGet hashmaliciousBraodo, XWormBrowse
                                                                                                                                                                                                                  path.exeGet hashmaliciousPython Stealer, BraodoBrowse
                                                                                                                                                                                                                    bot1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      FileArchive_v2.0.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        Timeless-MBN8nDw-G.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          Timeless-MBN8nDw-G.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            Trio_Agent.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI73442\VCRUNTIME140_1.dlltP5086S.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                G8lVmiI.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  bypass.batGet hashmaliciousBraodo, XWormBrowse
                                                                                                                                                                                                                                    path.exeGet hashmaliciousPython Stealer, BraodoBrowse
                                                                                                                                                                                                                                      bot1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                        Timeless-MBN8nDw-G.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                          Timeless-MBN8nDw-G.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            Trio_Agent.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              Trio_Agent.exeGet hashmaliciousAsyncRATBrowse
                                                                                                                                                                                                                                                emailproxy.exeGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                                                                  Created / dropped Files

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI73442\VCRUNTIME140.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\l4.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):119192
                                                                                                                                                                                                                                                  Entropy (8bit):6.6016214745004635
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:1536:+qvQ1Dj2DkX7OcujarvmdlYNABCmgrP4ddbkZIecbWcFML/UXzlghzdMFw84hzk:+qvQ1D2CreiABCmgYecbWVLUD6h+b4ho
                                                                                                                                                                                                                                                  MD5:BE8DBE2DC77EBE7F88F910C61AEC691A
                                                                                                                                                                                                                                                  SHA1:A19F08BB2B1C1DE5BB61DAF9F2304531321E0E40
                                                                                                                                                                                                                                                  SHA-256:4D292623516F65C80482081E62D5DADB759DC16E851DE5DB24C3CBB57B87DB83
                                                                                                                                                                                                                                                  SHA-512:0DA644472B374F1DA449A06623983D0477405B5229E386ACCADB154B43B8B083EE89F07C3F04D2C0C7501EAD99AD95AECAA5873FF34C5EEB833285B598D5A655
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Joe Sandbox View:
                                                                                                                                                                                                                                                  • Filename: LLpXuQ2XPb.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: tP5086S.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: G8lVmiI.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: bypass.bat, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: path.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: bot1.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: FileArchive_v2.0.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: Timeless-MBN8nDw-G.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: Timeless-MBN8nDw-G.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: Trio_Agent.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  Reputation:moderate, very likely benign file
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........N.../c../c../c._]b./c..W.../c../b./c../c../c...`./c...g./c...f./c...c./c....../c...a./c.Rich./c.........................PE..d.....cW.........." ...&. ...d......................................................-.....`A.........................................e..4...4m...........................O...........N..p............................L..@............0...............................text...&........................... ..`fothk........ ...................... ..`.rdata..\C...0...D...$..............@..@.data...p............h..............@....pdata...............l..............@..@_RDATA...............x..............@..@.rsrc................z..............@..@.reloc...............~..............@..B................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI73442\VCRUNTIME140_1.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\l4.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):49528
                                                                                                                                                                                                                                                  Entropy (8bit):6.662491747506177
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:768:wPIyGVrxmKqOnA4j3z6Su77A+i0QLxi9z9Rtii9zn+:fBr87uW1nA8QLx+zrti+zn+
                                                                                                                                                                                                                                                  MD5:F8DFA78045620CF8A732E67D1B1EB53D
                                                                                                                                                                                                                                                  SHA1:FF9A604D8C99405BFDBBF4295825D3FCBC792704
                                                                                                                                                                                                                                                  SHA-256:A113F192195F245F17389E6ECBED8005990BCB2476DDAD33F7C4C6C86327AFE5
                                                                                                                                                                                                                                                  SHA-512:BA7F8B7AB0DEB7A7113124C28092B543E216CA08D1CF158D9F40A326FB69F4A2511A41A59EA8482A10C9EC4EC8AC69B70DFE9CA65E525097D93B819D498DA371
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Joe Sandbox View:
                                                                                                                                                                                                                                                  • Filename: tP5086S.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: G8lVmiI.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: bypass.bat, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: path.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: bot1.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: Timeless-MBN8nDw-G.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: Timeless-MBN8nDw-G.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: Trio_Agent.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: Trio_Agent.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: emailproxy.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  Reputation:moderate, very likely benign file
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......9@.W}!..}!..}!...S...!..{....!..tYJ.v!..}!..N!..{...x!..{...z!..{...f!..{...|!..{.&.|!..{...|!..Rich}!..................PE..d.....v..........." ...&.<...8.......B...................................................`A........................................Pm.......m..x....................r..xO......D....c..p...........................`b..@............P..`............................text...p:.......<.................. ..`.rdata...#...P...$...@..............@..@.data................d..............@....pdata...............f..............@..@.rsrc................l..............@..@.reloc..D............p..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI73442\_brotli.cp312-win_amd64.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\l4.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):821248
                                                                                                                                                                                                                                                  Entropy (8bit):6.053537214093426
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12288:wA0uu7wLKRemz/MfQuZ3ekAHhly782XTw05nmZfRJ:wfTdkAFtAmZfRJ
                                                                                                                                                                                                                                                  MD5:9AD5BB6F92EE2CFD29DDE8DD4DA99EB7
                                                                                                                                                                                                                                                  SHA1:30A8309938C501B336FD3947DE46C03F1BB19DC8
                                                                                                                                                                                                                                                  SHA-256:788ACBFD0EDD6CA3EF3E97A9487EEAEA86515642C71CB11BBCF25721E6573EC8
                                                                                                                                                                                                                                                  SHA-512:A166ABCB834D6C9D6B25807ADDDD25775D81E2951E1BC3E9849D8AE868DEDF2E1EE1B6B4B288DDFBD88A63A6FA624E2D6090AA71DED9B90C2D8CBF2D9524FDBF
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Reputation:moderate, very likely benign file
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......]ws..............n......j......Rn......j......j......j.......k..........$....k..9....k.......k.......k......Rich....................PE..d...7..d.........." ...#.B...H......\F....................................................`......................................... s..`....s.......................................I..............................PH..@............`...............................text....@.......B.................. ..`.rdata.......`.......F..............@..@.data................b..............@....pdata...............j..............@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI73442\_bz2.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\l4.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):85272
                                                                                                                                                                                                                                                  Entropy (8bit):6.591841805043941
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:1536:Iyhz79151BVo1vXfzIFnaR4bO1As0n8qsjk+VIMCVl7SyVx7:/hzx15evXkuxAP8qMk+VIMCVlJ
                                                                                                                                                                                                                                                  MD5:30F396F8411274F15AC85B14B7B3CD3D
                                                                                                                                                                                                                                                  SHA1:D3921F39E193D89AA93C2677CBFB47BC1EDE949C
                                                                                                                                                                                                                                                  SHA-256:CB15D6CC7268D3A0BD17D9D9CEC330A7C1768B1C911553045C73BC6920DE987F
                                                                                                                                                                                                                                                  SHA-512:7D997EF18E2CBC5BCA20A4730129F69A6D19ABDDA0261B06AD28AD8A2BDDCDECB12E126DF9969539216F4F51467C0FE954E4776D842E7B373FE93A8246A5CA3F
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................b....(......(......(......(......(.....................................................Rich...........PE..d....b.f.........." ...(.....^...............................................`............`.........................................p...H............@.......0..D......../...P..........T...........................p...@............................................text...#........................... ..`.rdata..P>.......@..................@..@.data........ ......................@....pdata..D....0......................@..@.rsrc........@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI73442\_cffi_backend.cp312-win_amd64.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\l4.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):179712
                                                                                                                                                                                                                                                  Entropy (8bit):6.180800197956408
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:IULjhBCx8qImKrUltSfGzdMcbb9CF8OS7jkSTLkKWlgeml:IgCeqImzSfIMcNCvOkSTLLWWem
                                                                                                                                                                                                                                                  MD5:FCB71CE882F99EC085D5875E1228BDC1
                                                                                                                                                                                                                                                  SHA1:763D9AFA909C15FEA8E016D321F32856EC722094
                                                                                                                                                                                                                                                  SHA-256:86F136553BA301C70E7BADA8416B77EB4A07F76CCB02F7D73C2999A38FA5FA5B
                                                                                                                                                                                                                                                  SHA-512:4A0E98AB450453FD930EDC04F0F30976ABB9214B693DB4B6742D784247FB062C57FAFAFB51EB04B7B4230039AB3B07D2FFD3454D6E261811F34749F2E35F04D6
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......a..#%p.p%p.p%p.p,..p)p.p5.q'p.p5.zp!p.p5.q!p.p5.q-p.p5.q)p.pn..q!p.p6.q&p.p%p.p.p.pm..q!p.p,..p$p.pm..q$p.pm.xp$p.pm..q$p.pRich%p.p........................PE..d...W..f.........." ...).....B......`........................................0............`..........................................h..l....i..................T............ .......O...............................M..@............................................text............................... ..`.rdata..............................@..@.data....].......0...p..............@....pdata..T...........................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI73442\_decimal.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\l4.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):257304
                                                                                                                                                                                                                                                  Entropy (8bit):6.565831509727426
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6144:/CxJS14bteS9B+ApcG0Qos0KR29py9qWM53pLW1AZHVHMhhhKoDStGwL0zsWD:/aeS9B+HQosbY9FfHVHXfEsWD
                                                                                                                                                                                                                                                  MD5:7AE94F5A66986CBC1A2B3C65A8D617F3
                                                                                                                                                                                                                                                  SHA1:28ABEFB1DF38514B9FFE562F82F8C77129CA3F7D
                                                                                                                                                                                                                                                  SHA-256:DA8BB3D54BBBA20D8FA6C2FD0A4389AEC80AB6BD490B0ABEF5BD65097CBC0DA4
                                                                                                                                                                                                                                                  SHA-512:FBB599270066C43B5D3A4E965FB2203B085686479AF157CD0BB0D29ED73248B6F6371C5158799F6D58B1F1199B82C01ABE418E609EA98C71C37BB40F3226D8C5
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........V..............'.....g&......g&......g&......g&.......!.................9....!.......!.......!.......!K......!......Rich............PE..d...[b.f.........." ...(.....<.......................................................4....`..........................................c..P....c...................&......./......T.......T...............................@............................................text...v........................... ..`.rdata..............................@..@.data...X*.......$...b..............@....pdata...&.......(..................@..@.rsrc...............................@..@.reloc..T...........................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI73442\_hashlib.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\l4.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):66328
                                                                                                                                                                                                                                                  Entropy (8bit):6.227186392528159
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:1536:9PgLpgE4Z27jHZWZnEmoANIMOIi7SyAx2:9EtHZeEmoANIMOIit
                                                                                                                                                                                                                                                  MD5:A25BC2B21B555293554D7F611EAA75EA
                                                                                                                                                                                                                                                  SHA1:A0DFD4FCFAE5B94D4471357F60569B0C18B30C17
                                                                                                                                                                                                                                                  SHA-256:43ACECDC00DD5F9A19B48FF251106C63C975C732B9A2A7B91714642F76BE074D
                                                                                                                                                                                                                                                  SHA-512:B39767C2757C65500FC4F4289CB3825333D43CB659E3B95AF4347BD2A277A7F25D18359CEDBDDE9A020C7AB57B736548C739909867CE9DE1DBD3F638F4737DC5
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........8QtZY?'ZY?'ZY?'S!.'^Y?'..>&XY?'..<&YY?'..;&RY?'..:&VY?'.!>&XY?'O.>&_Y?'ZY>'.Y?'O.2&[Y?'O.?&[Y?'O..'[Y?'O.=&[Y?'RichZY?'........PE..d....b.f.........." ...(.V.......... @....................................................`.........................................p...P................................/......X...@}..T............................|..@............p..(............................text....T.......V.................. ..`.rdata...O...p...P...Z..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..X...........................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI73442\_lzma.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\l4.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):160024
                                                                                                                                                                                                                                                  Entropy (8bit):6.85410280956396
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:ssvkxujgo7e2uONOG+hi+CTznfF9mNoDXnmbuVIMZ10L:snu0o7JUCNYOD2Kg
                                                                                                                                                                                                                                                  MD5:9E94FAC072A14CA9ED3F20292169E5B2
                                                                                                                                                                                                                                                  SHA1:1EEAC19715EA32A65641D82A380B9FA624E3CF0D
                                                                                                                                                                                                                                                  SHA-256:A46189C5BD0302029847FED934F481835CB8D06470EA3D6B97ADA7D325218A9F
                                                                                                                                                                                                                                                  SHA-512:B7B3D0F737DD3B88794F75A8A6614C6FB6B1A64398C6330A52A2680CAF7E558038470F6F3FC024CE691F6F51A852C05F7F431AC2687F4525683FF09132A0DECB
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........D.3H%.`H%.`H%.`A]7`L%.`...aJ%.`...aK%.`...a@%.`...aD%.`]..aK%.`.].aJ%.`H%.`-%.`]..ar%.`]..aI%.`].[`I%.`]..aI%.`RichH%.`........................PE..d....b.f.........." ...(.f..........`8..............................................C.....`......................................... %..L...l%..x....p.......P.......B.../......4.......T...............................@............................................text...be.......f.................. ..`.rdata..............j..............@..@.data...p....@......................@....pdata.......P......."..............@..@.rsrc........p.......6..............@..@.reloc..4............@..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI73442\_queue.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\l4.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):32536
                                                                                                                                                                                                                                                  Entropy (8bit):6.553382348933807
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:768:WlzRmezj6rGqMoW45IMQUHR5YiSyvMcAMxkEm2j:yRm0mGpoW45IMQUHf7SyVxb
                                                                                                                                                                                                                                                  MD5:E1C6FF3C48D1CA755FB8A2BA700243B2
                                                                                                                                                                                                                                                  SHA1:2F2D4C0F429B8A7144D65B179BEAB2D760396BFB
                                                                                                                                                                                                                                                  SHA-256:0A6ACFD24DFBAA777460C6D003F71AF473D5415607807973A382512F77D075FA
                                                                                                                                                                                                                                                  SHA-512:55BFD1A848F2A70A7A55626FB84086689F867A79F09726C825522D8530F4E83708EB7CAA7F7869155D3AE48F3B6AA583B556F3971A2F3412626AE76680E83CA1
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........7.\.V...V...V...."..V..5...V..5...V..5...V..5...V......V.......V...V...V......V......V....N..V......V..Rich.V..........................PE..d...`b.f.........." ...(.....8............................................................`..........................................C..L...<D..d....p.......`.......P.../...........4..T...........................@3..@............0..8............................text............................... ..`.rdata.......0......................@..@.data........P.......<..............@....pdata.......`.......@..............@..@.rsrc........p.......D..............@..@.reloc...............N..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI73442\_socket.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\l4.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):83736
                                                                                                                                                                                                                                                  Entropy (8bit):6.3186936632343205
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:1536:mOYhekrkJqlerLSyypHf9/s+S+pzMii/n1IsJqKN5IMLwoR7SygCxkWN:vwkJqHyypHf9/sT+pzMiE1IwdN5IMLw0
                                                                                                                                                                                                                                                  MD5:69801D1A0809C52DB984602CA2653541
                                                                                                                                                                                                                                                  SHA1:0F6E77086F049A7C12880829DE051DCBE3D66764
                                                                                                                                                                                                                                                  SHA-256:67ACA001D36F2FCE6D88DBF46863F60C0B291395B6777C22B642198F98184BA3
                                                                                                                                                                                                                                                  SHA-512:5FCE77DD567C046FEB5A13BAF55FDD8112798818D852DFECC752DAC87680CE0B89EDFBFBDAB32404CF471B70453A33F33488D3104CD82F4E0B94290E83EAE7BB
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......../...Nb}.Nb}.Nb}.6.}.Nb}g.c|.Nb}g.a|.Nb}g.f|.Nb}g.g|.Nb}..c|.Nb}.Nc}.Nb}.6c|.Nb}..o|.Nb}..b|.Nb}..}.Nb}..`|.Nb}Rich.Nb}................PE..d....b.f.........." ...(.x..........0-.......................................`............`.........................................@...P............@.......0.........../...P......P...T...............................@............................................text....v.......x.................. ..`.rdata...x.......z...|..............@..@.data...............................@....pdata.......0......................@..@.rsrc........@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI73442\_ssl.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\l4.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):178456
                                                                                                                                                                                                                                                  Entropy (8bit):5.975111032322451
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:9EkiCZfBmvD1ZLnM2YfW6XSvWJLX2GvMf1ba+VRJNI7IM/H9o/PCrXuI3JVIMC7g:riC5QD1dwW6XSOMfjTwJH
                                                                                                                                                                                                                                                  MD5:90F080C53A2B7E23A5EFD5FD3806F352
                                                                                                                                                                                                                                                  SHA1:E3B339533BC906688B4D885BDC29626FBB9DF2FE
                                                                                                                                                                                                                                                  SHA-256:FA5E6FE9545F83704F78316E27446A0026FBEBB9C0C3C63FAED73A12D89784D4
                                                                                                                                                                                                                                                  SHA-512:4B9B8899052C1E34675985088D39FE7C95BFD1BBCE6FD5CBAC8B1E61EDA2FBB253EEF21F8A5362EA624E8B1696F1E46C366835025AABCB7AA66C1E6709AAB58A
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......|..j8.98.98.91.09>.9._.8:.9._.8;.9._.80.9._.85.9-X.8>.98.9..9s..8?.9-X.8:.9-X.89.9-X\99.9-X.89.9Rich8.9........................PE..d....b.f.........." ...(.............,....................................................`.............................................d...D...................P......../......x.......T...........................@...@............................................text............................... ..`.rdata...#.......$..................@..@.data...p...........................@....pdata..P............b..............@..@.rsrc................n..............@..@.reloc..x............x..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI73442\_wmi.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\l4.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):37656
                                                                                                                                                                                                                                                  Entropy (8bit):6.340152202881265
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:768:rUmqQhTcYr6NxO0VIMCit5YiSyv4YmAJAMxkEn:Im7GBNxO0VIMCiz7SyQYmQxz
                                                                                                                                                                                                                                                  MD5:827615EEE937880862E2F26548B91E83
                                                                                                                                                                                                                                                  SHA1:186346B816A9DE1BA69E51042FAF36F47D768B6C
                                                                                                                                                                                                                                                  SHA-256:73B7EE3156EF63D6EB7DF9900EF3D200A276DF61A70D08BD96F5906C39A3AC32
                                                                                                                                                                                                                                                  SHA-512:45114CAF2B4A7678E6B1E64D84B118FB3437232B4C0ADD345DDB6FBDA87CEBD7B5ADAD11899BDCD95DDFE83FDC3944A93674CA3D1B5F643A2963FBE709E44FB8
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........k.L...L...L...E..J.......H.......H.......D...Y...N.......Q.......K...L...........M...Y...M...Y...M...Y...M...Y...M...RichL...........PE..d...db.f.........." ...(.*...<.......(...................................................`..........................................V..H...HV..................x....d.../......t...dG..T............................C..@............@.......S..@....................text...n(.......*.................. ..`.rdata..4 ...@..."..................@..@.data........p.......P..............@....pdata..x............T..............@..@.rsrc................X..............@..@.reloc..t............b..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-core-console-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\l4.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):22128
                                                                                                                                                                                                                                                  Entropy (8bit):4.746916379473427
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:HFOhEWhhW9DWGxVA6VWQ4iW7rd9ZnAOVX01k9z3AAcodV:HFdWhhWhxdm31AqR9z7BV
                                                                                                                                                                                                                                                  MD5:40BA4A99BF4911A3BCA41F5E3412291F
                                                                                                                                                                                                                                                  SHA1:C9A0E81EB698A419169D462BCD04D96EAA21D278
                                                                                                                                                                                                                                                  SHA-256:AF0E561BB3B2A13AA5CA9DFC9BC53C852BAD85075261AF6EF6825E19E71483A6
                                                                                                                                                                                                                                                  SHA-512:F11B98FF588C2E8A88FDD61D267AA46DC5240D8E6E2BFEEA174231EDA3AFFC90B991FF9AAE80F7CEA412AFC54092DE5857159569496D47026F8833757C455C23
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d....dZ..........." .........0...............................................@............`A........................................p...,............0...............0..p&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-core-datetime-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\l4.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):22120
                                                                                                                                                                                                                                                  Entropy (8bit):4.597173095457187
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:LWhhW8R9WvkJ0f5AbVWQ4mWC7ZNKd2kQX01k9z3Ad4+BhNKD:LWhhWgaab/NNPR9zw4fD
                                                                                                                                                                                                                                                  MD5:C5E3E5DF803C9A6D906F3859355298E1
                                                                                                                                                                                                                                                  SHA1:0ECD85619EE5CE0A47FF840652A7C7EF33E73CF4
                                                                                                                                                                                                                                                  SHA-256:956773A969A6213F4685C21702B9ED5BD984E063CF8188ACBB6D55B1D6CCBD4E
                                                                                                                                                                                                                                                  SHA-512:DEEDEF8EAAC9089F0004B6814862371B276FBCC8DF45BA7F87324B2354710050D22382C601EF8B4E2C5A26C8318203E589AA4CAF05EB2E80E9E8C87FD863DFC9
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d.....N7.........." .........0...............................................@............`A........................................p................0...............0..h&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-core-debug-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\l4.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):22128
                                                                                                                                                                                                                                                  Entropy (8bit):4.609345057720842
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:9WhhW1WGxVA6VWQ4cRWAAuENQlO8X01k9z3AenFbvrJ:9WhhWhxdleuEKlO8R9zhFHJ
                                                                                                                                                                                                                                                  MD5:71F1D24C7659171EAFEF4774E5623113
                                                                                                                                                                                                                                                  SHA1:8712556B19ED9F80B9D4B6687DECFEB671AD3BFE
                                                                                                                                                                                                                                                  SHA-256:C45034620A5BB4A16E7DD0AFF235CC695A5516A4194F4FEC608B89EABD63EEEF
                                                                                                                                                                                                                                                  SHA-512:0A14C03365ADB96A0AD539F8E8D8333C042668046CEA63C0D11C75BE0A228646EA5B3FBD6719C29580B8BAAEB7A28DC027AF3DE10082C07E089CDDA43D5C467A
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d....IL..........." .........0...............................................@............`A........................................p................0...............0..p&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-core-errorhandling-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\l4.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):22112
                                                                                                                                                                                                                                                  Entropy (8bit):4.640577240680024
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:IzmxD3T4qbWhhWNc5WvkJ0f5AbVWQ4OWXIH52mvp13s5yX01k9z3A3MNL3:IzQNWhhWNchaabdHMmfcYR9zEMNr
                                                                                                                                                                                                                                                  MD5:F1534C43C775D2CCEB86F03DF4A5657D
                                                                                                                                                                                                                                                  SHA1:9ED81E2AD243965E1090523B0C915E1D1D34B9E1
                                                                                                                                                                                                                                                  SHA-256:6E6BFDC656F0CF22FABBA1A25A42B46120B1833D846F2008952FE39FE4E57AB2
                                                                                                                                                                                                                                                  SHA-512:62919D33C7225B7B7F97FAF4A59791F417037704EB970CB1CB8C50610E6B2E86052480CDBA771E4FAD9D06454C955F83DDB4AEA2A057725385460617B48F86A7
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d................." .........0...............................................@............`A........................................p................0...............0..`&..............p............................................................................rdata..H...........................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-core-file-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\l4.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):26224
                                                                                                                                                                                                                                                  Entropy (8bit):4.864482970861573
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:xaNYPvVX8rFTsiWhhWWnWGxVA6VWQ4cRWtlAd9ZnAOVX01k9z3AAcosm6:nPvVXkWhhWQxdlP31AqR9z76
                                                                                                                                                                                                                                                  MD5:EA00855213F278D9804105E5045E2882
                                                                                                                                                                                                                                                  SHA1:07C6141E993B21C4AA27A6C2048BA0CFF4A75793
                                                                                                                                                                                                                                                  SHA-256:F2F74A801F05AB014D514F0F1D0B3DA50396E6506196D8BECCC484CD969621A6
                                                                                                                                                                                                                                                  SHA-512:B23B78B7BD4138BB213B9A33120854249308BB2CF0D136676174C3D61852A0AC362271A24955939F04813CC228CD75B3E62210382A33444165C6E20B5E0A7F24
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d....(............" .........@...............................................P............`A........................................p................@...............@..p&..............p............................................................................rdata..|........ ..................@..@.data........0......................@....rsrc........@.......0..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-core-file-l1-2-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\l4.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):22120
                                                                                                                                                                                                                                                  Entropy (8bit):4.615608208407289
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:4TGaWhhWMWvkJ0f5AbVWQ4cRWhW9qUd9ZnAOVX01k9z3AAcoXXcX:4qaWhhWIaablbR31AqR9z77MX
                                                                                                                                                                                                                                                  MD5:BCB8B9F6606D4094270B6D9B2ED92139
                                                                                                                                                                                                                                                  SHA1:BD55E985DB649EADCB444857BEED397362A2BA7B
                                                                                                                                                                                                                                                  SHA-256:FA18D63A117153E2ACE5400ED89B0806E96F0627D9DB935906BE9294A3038118
                                                                                                                                                                                                                                                  SHA-512:869B2B38FD528B033B3EC17A4144D818E42242B83D7BE48E2E6DA6992111758B302F48F52E0DD76BECB526A90A2B040CE143C6D4F0E009A513017F06B9A8F2B9
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d.....RS.........." .........0...............................................@............`A........................................p...L............0...............0..h&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-core-file-l2-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\l4.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):18696
                                                                                                                                                                                                                                                  Entropy (8bit):7.054510010549814
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:eVrW1hWbvm0GftpBjzH4m3S9gTlUK3dsl:eVuAViaB/6sl
                                                                                                                                                                                                                                                  MD5:BFFFA7117FD9B1622C66D949BAC3F1D7
                                                                                                                                                                                                                                                  SHA1:402B7B8F8DCFD321B1D12FC85A1EE5137A5569B2
                                                                                                                                                                                                                                                  SHA-256:1EA267A2E6284F17DD548C6F2285E19F7EDB15D6E737A55391140CE5CB95225E
                                                                                                                                                                                                                                                  SHA-512:B319CC7B436B1BE165CDF6FFCAB8A87FE29DE78F7E0B14C8F562BE160481FB5483289BD5956FDC1D8660DA7A3F86D8EEDE35C6CC2B7C3D4C852DECF4B2DCDB7F
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.........PE..d...4.F>.........." .........................................................0............`.........................................`................ ...................=..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-core-handle-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\l4.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):22128
                                                                                                                                                                                                                                                  Entropy (8bit):4.625038284904601
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:9jWhhWmWGxVA6VWQ4cRWMj656CqRqNX01k9z3A8oXblIHNQ:9jWhhWSxdlE5DNR9zrG6Ha
                                                                                                                                                                                                                                                  MD5:D584C1E0F0A0B568FCE0EFD728255515
                                                                                                                                                                                                                                                  SHA1:2E5CE6D4655C391F2B2F24FC207FDF0E6CD0CC2A
                                                                                                                                                                                                                                                  SHA-256:3DE40A35254E3E0E0C6DB162155D5E79768A6664B33466BF603516F3743EFB18
                                                                                                                                                                                                                                                  SHA-512:C7D1489BF81E552C022493BB5A3CD95CCC81DBEDAAA8FDC0048CACBD087913F90B366EEB4BF72BF4A56923541D978B80D7691D96DBBC845625F102C271072C42
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d....Hb..........." .........0...............................................@............`A........................................p...`............0...............0..p&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-core-heap-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\l4.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):22120
                                                                                                                                                                                                                                                  Entropy (8bit):4.723757189784349
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:bdxlxWhhWWWvkJ0f5AbVWQ4cRWKmX56CqRqNX01k9z3A8oXjl:bdxlxWhhW2aablm5DNR9zrG
                                                                                                                                                                                                                                                  MD5:6168023BDB7A9DDC69042BEECADBE811
                                                                                                                                                                                                                                                  SHA1:54EE35ABAE5173F7DC6DAFC143AE329E79EC4B70
                                                                                                                                                                                                                                                  SHA-256:4EA8399DEBE9D3AE00559D82BC99E4E26F310934D3FD1D1F61177342CF526062
                                                                                                                                                                                                                                                  SHA-512:F1016797F42403BB204D4B15D75D25091C5A0AB8389061420E1E126D2214190A08F02E2862A2AE564770397E677B5BCDD2779AB948E6A3E639AA77B94D0B3F6C
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d....B.l.........." .........0...............................................@......).....`A........................................p................0...............0..h&..............p............................................................................rdata..|...........................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-core-interlocked-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\l4.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):22120
                                                                                                                                                                                                                                                  Entropy (8bit):4.654830959351148
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:r4WhhWWsWvkJ0f5AbVWQ4cRWsQOZD2X01k9z3AG2hqvz:0WhhWRaablKZR9zVQM
                                                                                                                                                                                                                                                  MD5:4F631924E3F102301DAC36B514BE7666
                                                                                                                                                                                                                                                  SHA1:B3740A0ACDAF3FBA60505A135B903E88ACB48279
                                                                                                                                                                                                                                                  SHA-256:E2406077621DCE39984DA779F4D436C534A31C5E863DB1F65DE5939D962157AF
                                                                                                                                                                                                                                                  SHA-512:56F9FB629675525CBE84A29D44105B9587A9359663085B62F3FBE3EEA66451DA829B1B6F888606BC79754B6B814CA4A1B215F04F301EFE4DB0D969187D6F76F1
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...}.o..........." .........0...............................................@......x.....`A........................................p................0...............0..h&..............p............................................................................rdata..L...........................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-core-libraryloader-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\l4.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):22120
                                                                                                                                                                                                                                                  Entropy (8bit):4.868673796157719
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:oTvuBL3BBLIWhhW5WvkJ0f5AbVWQ4cRWsmIngqtVVwX01k9z3Acqk3:oTvuBL3BaWhhWhaablkqVwR9zHR
                                                                                                                                                                                                                                                  MD5:8DFC224C610DD47C6EC95E80068B40C5
                                                                                                                                                                                                                                                  SHA1:178356B790759DC9908835E567EDFB67420FBAAC
                                                                                                                                                                                                                                                  SHA-256:7B8C7E09030DF8CDC899B9162452105F8BAEB03CA847E552A57F7C81197762F2
                                                                                                                                                                                                                                                  SHA-512:FE5BE81BFCE4A0442DD1901721F36B1E2EFCDCEE1FDD31D7612AD5676E6C5AE5E23E9A96B2789CB42B7B26E813347F0C02614937C561016F1563F0887E69BBEE
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d.....g..........." .........0...............................................@......fK....`A........................................p................0...............0..h&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-core-localization-l1-2-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\l4.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):22128
                                                                                                                                                                                                                                                  Entropy (8bit):5.357912030694384
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:jnaOMw3zdp3bwjGzue9/0jCRrndbnWhhWRxdlF5DNR9zrGDLC:mOMwBprwjGzue9/0jCRrndbemr9zay
                                                                                                                                                                                                                                                  MD5:20DDF543A1ABE7AEE845DE1EC1D3AA8E
                                                                                                                                                                                                                                                  SHA1:0EAF5DE57369E1DB7F275A2FFFD2D2C9E5AF65BF
                                                                                                                                                                                                                                                  SHA-256:D045A72C3E4D21165E9372F76B44FF116446C1E0C221D9CEA3AB0A1134A310E8
                                                                                                                                                                                                                                                  SHA-512:96DD48DF315A7EEA280CA3DA0965A937A649EE77A82A1049E3D09B234439F7D927D7FB749073D7AF1B23DADB643978B70DCDADC6C503FE850B512B0C9C1C78DD
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...0.&3.........." .........0...............................................@............`A........................................p................0...............0..p&..............p............................................................................rdata..D...........................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-core-memory-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\l4.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):22120
                                                                                                                                                                                                                                                  Entropy (8bit):4.755674101565431
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:q8WhhWUWvkJ0f5AbVWQ4cRW9RvBwUoX01k9z3AuJGzx:q8WhhWgaablSUR9zxk
                                                                                                                                                                                                                                                  MD5:C4098D0E952519161F4FD4846EC2B7FC
                                                                                                                                                                                                                                                  SHA1:8138CA7EB3015FC617620F05530E4D939CAFBD77
                                                                                                                                                                                                                                                  SHA-256:51B2103E0576B790D5F5FDACB42AF5DAC357F1FD37AFBAAF4C462241C90694B4
                                                                                                                                                                                                                                                  SHA-512:95AA4C7071BC3E3FA4DB80742F587A0B80A452415C816003E894D2582832CF6EAC645A26408145245D4DEABE71F00ECCF6ADB38867206BEDD5AA0A6413D241F5
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...`.@f.........." .........0...............................................@......E.....`A........................................p...l............0...............0..h&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-core-namedpipe-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\l4.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):22128
                                                                                                                                                                                                                                                  Entropy (8bit):4.706939855964842
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:vyWhhWQWGxVA6VWQ4cRWzco456CqRqNX01k9z3A8oXdlxG:KWhhWoxdlvo45DNR9zrGhG
                                                                                                                                                                                                                                                  MD5:EAF36A1EAD954DE087C5AA7AC4B4ADAD
                                                                                                                                                                                                                                                  SHA1:9DD6BC47E60EF90794A57C3A84967B3062F73C3C
                                                                                                                                                                                                                                                  SHA-256:CDBA9DC9AF63EBD38301A2E7E52391343EFEB54349FC2D9B4EE7B6BF4F9CF6EB
                                                                                                                                                                                                                                                  SHA-512:1AF9E60BF5C186CED5877A7FA690D9690B854FAA7E6B87B0365521EAFB7497FB7370AC023DB344A6A92DB2544B5BDC6E2744C03B10C286EBBF4F57C6CA3722CF
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...j............" .........0...............................................@.......Y....`A........................................p................0...............0..p&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-core-processenvironment-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\l4.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):22120
                                                                                                                                                                                                                                                  Entropy (8bit):4.879924502333097
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:nEFPmWhhWiWvkJ0f5AbVWQ4cRWdEnZBwUoX01k9z3AuJGzCM:EFuWhhW6aablNZUR9zx
                                                                                                                                                                                                                                                  MD5:8711E4075FA47880A2CB2BB3013B801A
                                                                                                                                                                                                                                                  SHA1:B7CEEC13E3D943F26DEF4C8A93935315C8BB1AC3
                                                                                                                                                                                                                                                  SHA-256:5BCC3A2D7D651BB1ECC41AA8CD171B5F2B634745E58A8503B702E43AEE7CD8C6
                                                                                                                                                                                                                                                  SHA-512:7370E4ACB298B2E690CCD234BD6C95E81A5B870AE225BC0AD8FA80F4473A85E44ACC6159502085FE664075AFA940CFF3DE8363304B66A193AC970CED1BA60AAE
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...L.Y..........." .........0...............................................@...........`A........................................p...H............0...............0..h&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-core-processthreads-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\l4.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):22120
                                                                                                                                                                                                                                                  Entropy (8bit):5.227317911828185
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:Lck1JzNcKSI8WhhWCaabl5ujezWSR9zchTL:TcKS+Hznwq9zS
                                                                                                                                                                                                                                                  MD5:8E6EB11588FA9625B68960A46A9B1391
                                                                                                                                                                                                                                                  SHA1:FF81F0B3562E846194D330FADF2AB12872BE8245
                                                                                                                                                                                                                                                  SHA-256:AE56E19DA96204E7A9CDC0000F96A7EF15086A9FE1F686687CB2D6FBCB037CD6
                                                                                                                                                                                                                                                  SHA-512:FDB97D1367852403245FC82CB1467942105E4D9DB0DE7CF13A73658905139BB9AE961044BEB0A0870429A1E26FE00FC922FBD823BD43F30F825863CAD2C22CEA
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d....O.j.........." .........0...............................................@......=M....`A........................................p................0...............0..h&..............p............................................................................rdata..d...........................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-core-processthreads-l1-1-1.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\l4.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):22120
                                                                                                                                                                                                                                                  Entropy (8bit):4.788678681522991
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:fkDfIecWhhW/WvkJ0f5AbVWQ4cRWSXgp13s5yX01k9z3A3MLGO:fkDfIecWhhWLaabl4cYR9zEM3
                                                                                                                                                                                                                                                  MD5:4380D56A3B83CA19EA269747C9B8302B
                                                                                                                                                                                                                                                  SHA1:0C4427F6F0F367D180D37FC10ECBE6534EF6469C
                                                                                                                                                                                                                                                  SHA-256:A79C7F86462D8AB8A7B73A3F9E469514F57F9FE456326BE3727352B092B6B14A
                                                                                                                                                                                                                                                  SHA-512:1C29C335C55F5F896526C8EE0F7160211FD457C1F1B98915BCC141112F8A730E1A92391AB96688CBB7287E81E6814CC86E3B057E0A6129CBB02892108BFAFAF4
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d.....#..........." .........0...............................................@............`A........................................p................0...............0..h&..............p............................................................................rdata..\...........................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-core-profile-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\l4.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):22120
                                                                                                                                                                                                                                                  Entropy (8bit):4.583429497884519
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:SWhhWpWvkJ0f5AbVWQ4cRWlwbx56CqRqNX01k9z3A8oXnlSP:SWhhWRaablbN5DNR9zrGQ
                                                                                                                                                                                                                                                  MD5:9082D23943B0AA48D6AF804A2F3609A2
                                                                                                                                                                                                                                                  SHA1:C11B4E12B743E260E8B3C22C9FACE83653D02EFE
                                                                                                                                                                                                                                                  SHA-256:7ECC2E3FE61F9166FF53C28D7CB172A243D94C148D3EF13545BC077748F39267
                                                                                                                                                                                                                                                  SHA-512:88434A2B996ED156D5EFFBB7960B10401831E9B2C9421A0029D2D8FA651B9411F973E988565221894633E9FFCD6512F687AFBB302EFE2273D4D1282335EE361D
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d......e.........." .........0...............................................@............`A........................................p................0...............0..h&..............p............................................................................rdata..P...........................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-core-rtlsupport-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\l4.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):22112
                                                                                                                                                                                                                                                  Entropy (8bit):4.750751888281197
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:xGeVvWhhWN6WvkJ0f5AbVWQ4OW7bplZD2X01k9z3AG2LzS4:xGeVvWhhWNCaab2pyR9zV2zS4
                                                                                                                                                                                                                                                  MD5:772F1B596A7338F8EA9DDFF9ABA9447D
                                                                                                                                                                                                                                                  SHA1:CDA9F4B9808E9CEF2AEAC2AC6E7CDF0E8687C4C5
                                                                                                                                                                                                                                                  SHA-256:CC1BFCE8FE6F9973CCA15D7DFCF339918538C629E6524F10F1931AE8E1CD63B4
                                                                                                                                                                                                                                                  SHA-512:8C94890C8F0E0A8E716C777431022C2F77B69EBFAA495D541E2D3312AE1DA307361D172EFCE94590963D17FE3FCAC8599DCABE32AB56E01B4D9CF9B4F0478277
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d......Z.........." .........0...............................................@......7.....`A........................................p...<............0...............0..`&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-core-string-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\l4.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):22128
                                                                                                                                                                                                                                                  Entropy (8bit):4.664471809242636
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:7ZyMvrRWhhW8WGxVA6VWQ4cRWquEg56CqRqNX01k9z3A8oXW98laI:7ZyMvdWhhW8xdlq5DNR9zrG2o
                                                                                                                                                                                                                                                  MD5:84B1347E681E7C8883C3DC0069D6D6FA
                                                                                                                                                                                                                                                  SHA1:9E62148A2368724CA68DFA5D146A7B95C710C2F2
                                                                                                                                                                                                                                                  SHA-256:1CB48031891B967E2F93FDD416B0324D481ABDE3838198E76BC2D0CA99C4FD09
                                                                                                                                                                                                                                                  SHA-512:093097A49080AEC187500E2A9E9C8CCD01F134A3D8DC8AB982E9981B9DE400DAE657222C20FB250368ECDDC73B764B2F4453AB84756B908FCB16DF690D3F4479
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d.....I..........." .........0...............................................@.......t....`A........................................p................0...............0..p&..............p............................................................................rdata..l...........................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-core-synch-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\l4.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):22120
                                                                                                                                                                                                                                                  Entropy (8bit):5.1446624716472735
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:xEwidv3V0dfpkXc0vVaCUWhhWHaablKR9zVR:aHdv3VqpkXc0vVa4qzE9z
                                                                                                                                                                                                                                                  MD5:6EA31229D13A2A4B723D446F4242425B
                                                                                                                                                                                                                                                  SHA1:036E888B35281E73B89DA1B0807EA8E89B139791
                                                                                                                                                                                                                                                  SHA-256:8ECCABA9321DF69182EE3FDB8FC7D0E7615AE9AD3B8CA53806ED47F4867395AE
                                                                                                                                                                                                                                                  SHA-512:FA834E0E54F65D9A42AD1F4FB1086D26EDFA182C069B81CFF514FEB13CFCB7CB5876508F1289EFBC2D413B1047D20BAB93CED3E5830BF4A6BB85468DECD87CB6
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d.....x.........." .........0...............................................@......zM....`A........................................p...X............0...............0..h&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-core-synch-l1-2-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\l4.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):22120
                                                                                                                                                                                                                                                  Entropy (8bit):4.827260305412209
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:ptZ3pWhhWpaWvkJ0f5AbVWQ4cRWTjPtngqtVVwX01k9z3AcVj:ptZ3pWhhWEaablmrVwR9zHp
                                                                                                                                                                                                                                                  MD5:DD6F223B4F9B84C6E9B2A7CF49B84FC7
                                                                                                                                                                                                                                                  SHA1:2EE75D635D21D628E8083346246709A71B085710
                                                                                                                                                                                                                                                  SHA-256:8356F71C5526808AF2896B2D296CE14E812E4585F4D0C50D7648BC851B598BEF
                                                                                                                                                                                                                                                  SHA-512:9C12912DAEA5549A3477BAA2CD05180702CF24DD185BE9F1FCA636DB6FBD25950C8C2B83F18D093845D9283C982C0255D6402E3CDEA0907590838E0ACB8CC8C1
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d................." .........0...............................................@.......c....`A........................................p...x............0...............0..h&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-core-sysinfo-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\l4.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):22128
                                                                                                                                                                                                                                                  Entropy (8bit):4.913093601910681
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:yaIMFSgWhhW5JWGxVA6VWQ4cRWpRTJz56CqRqNX01k9z3A8oX/ld:ydgWhhW/xdlATh5DNR9zrGP
                                                                                                                                                                                                                                                  MD5:9CA65D4FE9B76374B08C4A0A12DB8D2F
                                                                                                                                                                                                                                                  SHA1:A8550D6D04DA33BAA7D88AF0B4472BA28E14E0AF
                                                                                                                                                                                                                                                  SHA-256:8A1E56BD740806777BC467579BDC070BCB4D1798DF6A2460B9FE36F1592189B8
                                                                                                                                                                                                                                                  SHA-512:19E0D2065F1CA0142B26B1F5EFDD55F874F7DDE7B5712DD9DFD4988A24E2FCD20D4934BDDA1C2D04B95E253AA1BEE7F1E7809672D7825CD741D0F6480787F3B3
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...~.l-.........." .........0...............................................@............`A........................................p................0...............0..p&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-core-timezone-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\l4.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):22120
                                                                                                                                                                                                                                                  Entropy (8bit):4.818883643812602
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:MNBWhhWXWvkJ0f5AbVWQ4cRWysu56CqRqNX01k9z3A8oXPl1D:MXWhhWzaablb5DNR9zrGnD
                                                                                                                                                                                                                                                  MD5:2554060F26E548A089CAB427990AACDF
                                                                                                                                                                                                                                                  SHA1:8CC7A44A16D6B0A6B7ED444E68990FF296D712FE
                                                                                                                                                                                                                                                  SHA-256:5AB003E899270B04ABC7F67BE953EACCF980D5BBE80904C47F9AAF5D401BB044
                                                                                                                                                                                                                                                  SHA-512:FD4D5A7FE4DA77B0222B040DC38E53F48F7A3379F69E2199639B9F330B2E55939D89CE8361D2135182B607AD75E58EE8E34B90225143927B15DCC116B994C506
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...>.os.........." .........0...............................................@......JH....`A........................................p...H............0...............0..h&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-core-util-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\l4.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):22120
                                                                                                                                                                                                                                                  Entropy (8bit):4.599642754410154
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:5WhhWqMWvkJ0f5AbVWQ4cRWHLlDrwLobDX01k9z3AU93mldvQ:5WhhWqIaablklDMyDR9z/93mldvQ
                                                                                                                                                                                                                                                  MD5:427F0E19148D98012968564E4B7E622A
                                                                                                                                                                                                                                                  SHA1:488873EB98133E20ACD106B39F99E3EBDFACA386
                                                                                                                                                                                                                                                  SHA-256:0CBACACCEDAF9B6921E6C1346DE4C0B80B4607DACB0F7E306A94C2F15FA6D63D
                                                                                                                                                                                                                                                  SHA-512:03FA49BDADB65B65EFED5C58107912E8D1FCCFA13E9ADC9DF4441E482D4B0EDD6FA1BD8C8739CE09654B9D6A176E749A400418F01D83E7AE50FA6114D6AEAD2B
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d.....+..........." .........0...............................................@............`A........................................p...<............0...............0..h&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-crt-conio-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\l4.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):22120
                                                                                                                                                                                                                                                  Entropy (8bit):4.9059107418499295
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:Xv0WhhW4WvkJ0f5AbVWQ4cRWG142Jp13s5yX01k9z3A3MIMttG5+:sWhhW8aabllxcYR9zEMIM3
                                                                                                                                                                                                                                                  MD5:42EE890E5E916935A0D3B7CDEE7147E0
                                                                                                                                                                                                                                                  SHA1:D354DB0AAC3A997B107EC151437EF17589D20CA5
                                                                                                                                                                                                                                                  SHA-256:91D7A4C39BAAC78C595FC6CF9FD971AA0A780C297DA9A8B20B37B0693BDCD42C
                                                                                                                                                                                                                                                  SHA-512:4FAE6D90D762ED77615D0F87833152D16B2C122964754B486EA90963930E90E83F3467253B7ED90D291A52637374952570BD9036C6B8C9EAEBE8B05663EBB08E
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...Aj............" .........0...............................................@......[.....`A.........................................................0...............0..h&..............p............................................................................rdata..p...........................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-crt-convert-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\l4.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):26224
                                                                                                                                                                                                                                                  Entropy (8bit):4.884873448198051
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:p9cyRWhhWnWGxVA6VWQ4cRWstTmil56CqRqNX01k9z3A8oXMQlE5V:YyRWhhWfxdlv3l5DNR9zrGMH
                                                                                                                                                                                                                                                  MD5:33B85A64C4AF3A65C4B72C0826668500
                                                                                                                                                                                                                                                  SHA1:315DDB7A49283EFE7FCAE1B51EBD6DB77267D8DF
                                                                                                                                                                                                                                                  SHA-256:8B24823407924688ECAFC771EDD9C58C6DBCC7DE252E7EBD20751A5B9DD7ABEF
                                                                                                                                                                                                                                                  SHA-512:B3A62CB67C7FE44CA57AC16505A9E9C3712C470130DF315B591A9D39B81934209C8B48B66E1E18DA4A5323785120AF2D9E236F39C9B98448F88ADAB097BC6651
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...U.gJ.........." .........@...............................................P...........`A.........................................................@...............@..p&..............p............................................................................rdata..n........ ..................@..@.data........0......................@....rsrc........@.......0..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-crt-environment-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\l4.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):22128
                                                                                                                                                                                                                                                  Entropy (8bit):4.744678517210711
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:QWhhW8WGxVA6VWQ4cRWpuWQd9ZnAOVX01k9z3AAcoBVt/p:QWhhW8xdl331AqR9z75x
                                                                                                                                                                                                                                                  MD5:F983F25BF0AD58BCFA9F1E8FD8F94FCB
                                                                                                                                                                                                                                                  SHA1:27EDE57C1A59B64DB8B8C3C1B7F758DEB07942E8
                                                                                                                                                                                                                                                  SHA-256:A5C8C787C59D0700B5605925C8C255E5EF7902716C675EC40960640B15FF5ACA
                                                                                                                                                                                                                                                  SHA-512:AC797FF4F49BE77803A3FE5097C006BB4806A3F69E234BF8D1440543F945360B19694C8ECF132CCFBD17B788AFCE816E5866154C357C27DFEB0E97C0A594C166
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...9.4o.........." .........0...............................................@......j.....`A............................................"............0...............0..p&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-crt-filesystem-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\l4.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):22120
                                                                                                                                                                                                                                                  Entropy (8bit):5.19435562954873
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:LpUEpnWlC0i5C5WhhWQWvkJ0f5AbVWQ4cRWFVE7weX01k9z3AUSxi:LptnWm5C5WhhWkaabl4EnR9zVS
                                                                                                                                                                                                                                                  MD5:931246F429565170BB80A1144B42A8C4
                                                                                                                                                                                                                                                  SHA1:E544FAD20174CF794B51D1194FD780808F105D38
                                                                                                                                                                                                                                                  SHA-256:A3BA0EE6A4ABC082B730C00484D4462D16BC13EE970EE3EEE96C34FC9B6EF8ED
                                                                                                                                                                                                                                                  SHA-512:4D1D811A1E61A8F1798A617200F0A5FFBDE9939A0C57B6B3901BE9CA8445B2E50FC736F1DCE410210965116249D77801940EF65D9440700A6489E1B9A8DC0A39
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...2............." .........0...............................................@......eM....`A.........................................................0...............0..h&..............p............................................................................rdata..0...........................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-crt-heap-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\l4.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):22128
                                                                                                                                                                                                                                                  Entropy (8bit):4.866130836410174
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:mvh8Y17aFBRUWhhW1WGxVA6VWQ4cRWKk4NQlO8X01k9z3AenyHTs5:ALRWhhWhxdl3KlO8R9zhyH2
                                                                                                                                                                                                                                                  MD5:546DA2B69F039DA9DA801EB7455F7AB7
                                                                                                                                                                                                                                                  SHA1:B8FF34C21862EE79D94841C40538A90953A7413B
                                                                                                                                                                                                                                                  SHA-256:A93C8AF790C37A9B6BAC54003040C283BEF560266AEEC3D2DE624730A161C7DC
                                                                                                                                                                                                                                                  SHA-512:4A3C8055AB832EB84DD2D435F49B5B748B075BBB484248188787009012EE29DC4E04D8FD70110E546CE08D0C4457E96F4368802CAEE5405CFF7746569039A555
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...."]..........." .........0...............................................@............`A.........................................................0...............0..p&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-crt-locale-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\l4.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):22128
                                                                                                                                                                                                                                                  Entropy (8bit):4.83017471722019
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:eUnWhhWGWGxVA6VWQ4cRW4Ugd9ZnAOVX01k9z3AAcos:XWhhWyxdlCg31AqR9z7Q
                                                                                                                                                                                                                                                  MD5:D8302FC8FAC16F2AFEBF571A5AE08A71
                                                                                                                                                                                                                                                  SHA1:0C1AEE698E2B282C4D19011454DA90BB5AB86252
                                                                                                                                                                                                                                                  SHA-256:B9AE70E8F74615EA2DC6FC74EC8371616E57C8EFF8555547E7167BB2DB3424F2
                                                                                                                                                                                                                                                  SHA-512:CD2F4D502CD37152C4B864347FB34BC77509CC9E0E7FE0E0A77624D78CDA21F244AF683EA8B47453AA0FA6EAD2A0B2AF4816040D8EA7CDAD505F470113322009
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...6..q.........." .........0...............................................@......=.....`A............................................e............0...............0..p&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-crt-math-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\l4.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):30312
                                                                                                                                                                                                                                                  Entropy (8bit):5.1326972903419925
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:+7yaFM4Oe59Ckb1hgmLNWhhWLmaabsFNY+R9zITl:MFMq59Bb1jg3zgNYi9zIh
                                                                                                                                                                                                                                                  MD5:E9036FD8B4D476807A22CB2EB4485B8A
                                                                                                                                                                                                                                                  SHA1:0E49D745643F6B0A7D15EA12B6A1FE053C829B30
                                                                                                                                                                                                                                                  SHA-256:BFC8AD242BF673BF9024B5BBE4158CA6A4B7BDB45760AE9D56B52965440501BD
                                                                                                                                                                                                                                                  SHA-512:F1AF074CCE2A9C3A92E3A211223E05596506E7874EDE5A06C8C580E002439D102397F2446CE12CC69C38D5143091443833820B902BB07D990654CE9D14E0A7F0
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d................" .........P...............................................`.......,....`A.............................................%...........P...............P..h&..............p............................................................................rdata...'.......0..................@..@.data........@......................@....rsrc........P.......@..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-crt-process-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\l4.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):22024
                                                                                                                                                                                                                                                  Entropy (8bit):4.856891868078439
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:PeXrqjd7xWhhWYWGxVA6VWQ42WnsxgV8FGecX01k9z3Ax+eXVG6:P4roWhhWAxdeHR9zi9r
                                                                                                                                                                                                                                                  MD5:AD586EA6AC80AC6309421DEEEA701D2F
                                                                                                                                                                                                                                                  SHA1:BC2419DFF19A9AB3C555BC00832C7074EC2D9186
                                                                                                                                                                                                                                                  SHA-256:39E363C47D4D45BEDA156CB363C5241083B38C395E4BE237F3CFEDA55176453C
                                                                                                                                                                                                                                                  SHA-512:15C17CBA6E73E2E2ADB0E85AF8ED3C0B71D37D4613D561CE0E818BDB2CA16862253B3CB291E0CF2475CEDCB7CE9F7B4D66752817F61CF11C512869EF8DABC92A
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...<SdT.........." .........0...............................................@............`A............................................x............0...............0...&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-crt-runtime-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\l4.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):26216
                                                                                                                                                                                                                                                  Entropy (8bit):5.016983259688826
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:RmGqX8mPrpJhhf4AN5/Ki9WhhWalWvkJ0f5AbVWQ4cRWpfd9ZnAOVX01k9z3AAco:Rysyr7LWhhWgaablu31AqR9z7
                                                                                                                                                                                                                                                  MD5:3AE4741DB3DDBCB205C6ACBBAE234036
                                                                                                                                                                                                                                                  SHA1:5026C734DCEE219F73D291732722691A02C414F2
                                                                                                                                                                                                                                                  SHA-256:C26540E3099FA91356EE69F5058CF7B8AEE63E23D6B58385476D1883E99033C3
                                                                                                                                                                                                                                                  SHA-512:9DD5E12265DA0F40E3C1432FB25FD19BE594684283E961A2EAFFD87048D4F892D075DCD049AB08AEEE582542E795A0D124B490D321D7BEB7963FD778EF209929
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d.....TR.........." .........@...............................................P............`A............................................4............@...............@..h&..............p............................................................................rdata........... ..................@..@.data........0......................@....rsrc........@.......0..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-crt-stdio-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\l4.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):26216
                                                                                                                                                                                                                                                  Entropy (8bit):5.289373435146636
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:mV2oFVh/WhhWqaablTUmEjezWSR9zchT1:mZcXzemiq9zW
                                                                                                                                                                                                                                                  MD5:9A7E2A550C64DABFF61DAD8D1574C79A
                                                                                                                                                                                                                                                  SHA1:8908DE9D45F76764140687389BFAED7711855A2D
                                                                                                                                                                                                                                                  SHA-256:DB059947ACE80D2C801F684A38D90FD0292BDAA1C124CD76467DA7C4329A8A32
                                                                                                                                                                                                                                                  SHA-512:70A6EB10A3C3BAD45BA99803117E589BDA741ECBB8BBDD2420A5AE981003AEBE21E28CB437C177A3B23F057F299F85AF7577FEC9693D59A1359E5FFC1E8EAABD
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...k. U.........." .........@...............................................P......="....`A............................................a............@...............@..h&..............p............................................................................rdata........... ..................@..@.data........0......................@....rsrc........@.......0..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-crt-string-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\l4.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):26224
                                                                                                                                                                                                                                                  Entropy (8bit):5.286281713611342
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:768:ECV5yguNvZ5VQgx3SbwA71IkFltor9zLszv:35yguNvZ5VQgx3SbwA71IutoBzLU
                                                                                                                                                                                                                                                  MD5:CF115DB7DCF92A69CB4FD6E2AE42FED5
                                                                                                                                                                                                                                                  SHA1:B39AA5ECA6BE3F90B71DC37A5ECF286E3DDCA09A
                                                                                                                                                                                                                                                  SHA-256:EB8FE2778C54213AA2CC14AB8CEC89EBD062E18B3E24968ACA57E1F344588E74
                                                                                                                                                                                                                                                  SHA-512:8ABD2754171C90BBD37CA8DFC3DB6EDAF57CCDD9BC4CE82AEF702A5CE8BC9E36B593DC863D9A2ABD3B713A2F0693B04E52867B51CD578977A4A9FDE175DBA97A
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d.... .h.........." .........@...............................................P.......p....`A.........................................................@...............@..p&..............p............................................................................rdata.._........ ..................@..@.data........0......................@....rsrc........@.......0..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-crt-time-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\l4.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):22120
                                                                                                                                                                                                                                                  Entropy (8bit):5.246244940293721
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:ms3hwD2WhhWLjWvkJ0f5AbVWQ4cRWcBweNQlO8X01k9z3AenDqzq:dWhhWTaabl3weKlO8R9zhDgq
                                                                                                                                                                                                                                                  MD5:82E6D4FF7887B58206199E6E4BE0FEAF
                                                                                                                                                                                                                                                  SHA1:943E42C95562682C99A7ED3058EA734E118B0C44
                                                                                                                                                                                                                                                  SHA-256:FB425BF6D7EB8202ACD10F3FBD5D878AB045502B6C928EBF39E691E2B1961454
                                                                                                                                                                                                                                                  SHA-512:FF774295C68BFA6B3C00A1E05251396406DEE1927C16D4E99F4514C15AE674FD7AC5CADFE9BFFFEF764209C94048B107E70AC7614F6A8DB453A9CE03A3DB12E0
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...G............" .........0...............................................@......1&....`A.........................................................0...............0..h&..............p............................................................................rdata..=...........................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI73442\api-ms-win-crt-utility-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\l4.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):22120
                                                                                                                                                                                                                                                  Entropy (8bit):4.804443409916024
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:gj/fHQduzWhhWxWvkJ0f5AbVWQ4cRWIknb7jepVWnSX01k9z3AThTVtXKX7:gj/fFWhhWJaablMb7jezWSR9zchT2X
                                                                                                                                                                                                                                                  MD5:9A3B4E5B18A946D6954F61673576FA11
                                                                                                                                                                                                                                                  SHA1:74206258CFD864F08E26EA3081D66297221B1D52
                                                                                                                                                                                                                                                  SHA-256:CE74A264803D3E5761ED2C364E2196AC1B391CB24029AF24AEE8EF537EC68738
                                                                                                                                                                                                                                                  SHA-512:DA21178F2E7F4B15C28AE7CB0CC5891EAA3BDD0192042965861C729839983C7DCBA9CFB96930B52DBE8A592B4713AA40762E54D846B8135456A09AE5BACBB727
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...2............." .........0...............................................@......W.....`A............................................^............0...............0..h&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI73442\base_library.zip

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\l4.exe
                                                                                                                                                                                                                                                  File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1332808
                                                                                                                                                                                                                                                  Entropy (8bit):5.586918495080147
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12288:rclJGUq/0LGn9vc+fYNXPh26UZWAzPX7jA/yqOrxG+5dm8PsH8VdOO/RO2/HKI:rclJGUh69zP/AXeJ5dm8P22lg2/HKI
                                                                                                                                                                                                                                                  MD5:BA70E3430140AF317D70230D944D4D48
                                                                                                                                                                                                                                                  SHA1:8175354CC699DF9E1365A77D85EFC6B3DC59E68A
                                                                                                                                                                                                                                                  SHA-256:B67D872BA02C30D57D9774ED180E0F917BD5C308FA1271584021F1A38372D781
                                                                                                                                                                                                                                                  SHA-512:1D8BEE9E9C087B06835D36B539C5DE4FF8941A95DDFF2E1D7F8BEC481E6C9ADDCD0A1DCC4579610C7D4E3B8E4DBCFD54F398F7CA6D4A6F2D47CBFB5320D381BE
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:PK..........!.LX. S...S......._collections_abc.pyc......................................Z.....d.Z.d.d.l.m.Z.m.Z...d.d.l.Z...e.e.e.............Z...e.d.........Z.d...Z...e.e.........Z.[.g.d...Z.d.Z...e...e.d.................Z...e...e...e.........................Z...e...e.i.j%..........................................Z...e...e.i.j)..........................................Z...e...e.i.j-..........................................Z...e...e.g.................Z...e...e...e.g.........................Z...e...e...e.d.........................Z...e...e...e.d.d.z...........................Z...e...e...e.........................Z...e...e.d.................Z ..e...e.d.................Z!..e...e...e"........................Z#..e.i.j%..................................Z$..e.i.j)..................................Z%..e.i.j-..................................Z&..e.e.jN..........................Z(..e...d...................Z)d...Z*..e*........Z*..e.e*........Z+e*jY............................[*d...Z-..e-........

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI73442\bcrypt\_bcrypt.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\l4.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):304128
                                                                                                                                                                                                                                                  Entropy (8bit):6.435912222206497
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6144:dGZdT4vpmI+uyOkjC/g6XMX/cXt2/mW/UcuvJOlRncKNek487Qa858nD8yCKLAvO:M7T4ppVkjC5rCr
                                                                                                                                                                                                                                                  MD5:829AC778D5A82A72FD5F83312D929A93
                                                                                                                                                                                                                                                  SHA1:B42FC4B15C7F9AD2BB84A0CC07040701EA462A0F
                                                                                                                                                                                                                                                  SHA-256:3D26EFEEDD40E9CB67D66803B235F56D38A5932D1D82B86CAE4EDACE5385D27A
                                                                                                                                                                                                                                                  SHA-512:D76F474EBC9BB9E84AAA989B40CF9783469757B535424DB3913FB4BB1C39014E4B17F0067232DCEFD9A5429DD0D4AE9EC15DBCE99CB2FBF285F745739F32D22B
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........?..Q..Q..Q......Q.''P..Q.''R..Q.''U..Q.''T..Q.%P..Q..P..Q..P.d.Q..Q.Q.. Q..Q.. S..Q.Rich.Q.................PE..d.....f.........." ...(.$...~............................................................`..........................................w..T....w...................'..............4.......T.......................(...P...@............@...............................text....#.......$.................. ..`.rdata...F...@...H...(..............@..@.data...0............p..............@....pdata...'.......(...t..............@..@.reloc..4...........................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI73442\certifi\cacert.pem

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\l4.exe
                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):299427
                                                                                                                                                                                                                                                  Entropy (8bit):6.047872935262006
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6144:QW1x/M8fRR1jplkXURrVADwYCuCigT/QRSRqNb7d8iu5Nahx:QWb/TRJLWURrI5RWavdF08/
                                                                                                                                                                                                                                                  MD5:50EA156B773E8803F6C1FE712F746CBA
                                                                                                                                                                                                                                                  SHA1:2C68212E96605210EDDF740291862BDF59398AEF
                                                                                                                                                                                                                                                  SHA-256:94EDEB66E91774FCAE93A05650914E29096259A5C7E871A1F65D461AB5201B47
                                                                                                                                                                                                                                                  SHA-512:01ED2E7177A99E6CB3FBEF815321B6FA036AD14A3F93499F2CB5B0DAE5B713FD2E6955AA05F6BDA11D80E9E0275040005E5B7D616959B28EFC62ABB43A3238F0
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:.# Issuer: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Subject: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Label: "GlobalSign Root CA".# Serial: 4835703278459707669005204.# MD5 Fingerprint: 3e:45:52:15:09:51:92:e1:b7:5d:37:9f:b1:87:29:8a.# SHA1 Fingerprint: b1:bc:96:8b:d4:f4:9d:62:2a:a8:9a:81:f2:15:01:52:a4:1d:82:9c.# SHA256 Fingerprint: eb:d4:10:40:e4:bb:3e:c7:42:c9:e3:81:d3:1e:f2:a4:1a:48:b6:68:5c:96:e7:ce:f3:c1:df:6c:d4:33:1c:99.-----BEGIN CERTIFICATE-----.MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG.A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv.b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw.MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i.YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT.aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ.jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp.xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI73442\charset_normalizer\md.cp312-win_amd64.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\l4.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):10752
                                                                                                                                                                                                                                                  Entropy (8bit):4.674392865869017
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:KGUmje72HzA5iJGhU2Y0hQMsQJCUCLsZEA4elh3XQMtCFXiHBpv9cX6gTim1qeSC:rjQ2HzzU2bRYoe1HH9cqgTimoe
                                                                                                                                                                                                                                                  MD5:D9E0217A89D9B9D1D778F7E197E0C191
                                                                                                                                                                                                                                                  SHA1:EC692661FCC0B89E0C3BDE1773A6168D285B4F0D
                                                                                                                                                                                                                                                  SHA-256:ECF12E2C0A00C0ED4E2343EA956D78EED55E5A36BA49773633B2DFE7B04335C0
                                                                                                                                                                                                                                                  SHA-512:3B788AC88C1F2D682C1721C61D223A529697C7E43280686B914467B3B39E7D6DEBAFF4C0E2F42E9DDDB28B522F37CB5A3011E91C66D911609C63509F9228133D
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B..............................M....................................... ...?.......?.......?.a.....?.......Rich............................PE..d....jAe.........." ...%.....................................................p............`..........................................'..p...`(..d....P.......@...............`..,...`#.............................. "..@............ ...............................text............................... ..`.rdata....... ......................@..@.data...8....0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......&..............@..@.reloc..,....`.......(..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI73442\charset_normalizer\md__mypyc.cp312-win_amd64.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\l4.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):122880
                                                                                                                                                                                                                                                  Entropy (8bit):5.917175475547778
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:bA3W6Fck6/g5DzNa4cMy/dzpd1dhdMdJGFEr6/vD:MW6NzcMy/d13FErgvD
                                                                                                                                                                                                                                                  MD5:BF9A9DA1CF3C98346002648C3EAE6DCF
                                                                                                                                                                                                                                                  SHA1:DB16C09FDC1722631A7A9C465BFE173D94EB5D8B
                                                                                                                                                                                                                                                  SHA-256:4107B1D6F11D842074A9F21323290BBE97E8EED4AA778FBC348EE09CC4FA4637
                                                                                                                                                                                                                                                  SHA-512:7371407D12E632FC8FB031393838D36E6A1FE1E978CED36FF750D84E183CDE6DD20F75074F4597742C9F8D6F87AF12794C589D596A81B920C6C62EE2BA2E5654
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........C..r...r...r......r...s...r...s...r...w...r...v..r...q...r.#.s...r...s...r..8z...r..8r...r..8....r..8p...r.Rich..r.........................PE..d....jAe.........." ...%.:...........<.......................................0............`.........................................@...d.......................(............ ......P...................................@............P...............................text....8.......:.................. ..`.rdata...W...P...X...>..............@..@.data...8=.......0..................@....pdata..(...........................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI73442\cryptography-43.0.1.dist-info\INSTALLER

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\l4.exe
                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):4
                                                                                                                                                                                                                                                  Entropy (8bit):1.5
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:Mn:M
                                                                                                                                                                                                                                                  MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                                                                  SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                                                                  SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                                                                  SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:pip.

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI73442\cryptography-43.0.1.dist-info\METADATA

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\l4.exe
                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):5440
                                                                                                                                                                                                                                                  Entropy (8bit):5.074342830021076
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:DlaQIUQIhQIKQILbQIRIaMPktjaVxsxA2TtLDmplH7dwnqTIvrUmA0JQTQCQx5KN:LcPuP1srTtLDmplH7JTIvYX0JQTQ9x54
                                                                                                                                                                                                                                                  MD5:554DC6138FDBF98B7F1EDFE207AF3D67
                                                                                                                                                                                                                                                  SHA1:B6C806E2AFF9A0F560916A90F793348DBF0514BA
                                                                                                                                                                                                                                                  SHA-256:0064A9B5FD2AC18605E512EF7127318AD9CF259E9445488C169F237A590602E1
                                                                                                                                                                                                                                                  SHA-512:3A71B533874F4D0F94F15192791D2FA4DF9E8EBF184C711F1D4FA97230C04764C1C9A93258355B08107E5B72053C6901E883E3DB577E8A204D5B9EB3F8BC7BFC
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:Metadata-Version: 2.3.Name: cryptography.Version: 43.0.1.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: Apache Software License.Classifier: License :: OSI Approved :: BSD License.Classifier: Natural Language :: English.Classifier: Operating System :: MacOS :: MacOS X.Classifier: Operating System :: POSIX.Classifier: Operating System :: POSIX :: BSD.Classifier: Operating System :: POSIX :: Linux.Classifier: Operating System :: Microsoft :: Windows.Classifier: Programming Language :: Python.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3 :: Only.Classifier: Programming Language :: Python :: 3.7.Classifier: Programming Language :: Python :: 3.8.Classifier: Programming Language :: Python :: 3.9.Classifier: Programming Language :: Python :: 3.10.Classifier: Programming Language :: Python :: 3.11.Classifier: Programming Language :: Python :: 3.12.Classif

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI73442\cryptography-43.0.1.dist-info\RECORD

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\l4.exe
                                                                                                                                                                                                                                                  File Type:CSV text
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):15579
                                                                                                                                                                                                                                                  Entropy (8bit):5.567434003079107
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:bX1ToLbz5jF4E9VqhXJZ4WPB6s7B0Ppz+NX6in5Lqw/I+B:bXeLbhCEsJrPB6s7B0Ppz+96innVB
                                                                                                                                                                                                                                                  MD5:E8478B758300439BF58613F2A3A2676C
                                                                                                                                                                                                                                                  SHA1:39ED064E67212A54E4B8D1C909E6AD2ACF48025D
                                                                                                                                                                                                                                                  SHA-256:5ADEAA62D3045659DDF79324823AA3BCB1CA78F264442D6F6F6B9C8A8470A634
                                                                                                                                                                                                                                                  SHA-512:D7029823DC5585FBE885DDB52EED2D02D1584EB945EF23916391201FCBD17DF0B14F338BDFC6E81318297F831CA99796423206F781373857317E068F0C0B321C
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:cryptography-43.0.1.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..cryptography-43.0.1.dist-info/METADATA,sha256=AGSptf0qwYYF5RLvcScxitnPJZ6URUiMFp8jelkGAuE,5440..cryptography-43.0.1.dist-info/RECORD,,..cryptography-43.0.1.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..cryptography-43.0.1.dist-info/WHEEL,sha256=8_4EnrLvbhzH224YH8WypoB7HFn-vpbwr_zHlr3XUBI,94..cryptography-43.0.1.dist-info/license_files/LICENSE,sha256=Pgx8CRqUi4JTO6mP18u0BDLW8amsv4X1ki0vmak65rs,197..cryptography-43.0.1.dist-info/license_files/LICENSE.APACHE,sha256=qsc7MUj20dcRHbyjIJn2jSbGRMaBOuHk8F9leaomY_4,11360..cryptography-43.0.1.dist-info/license_files/LICENSE.BSD,sha256=YCxMdILeZHndLpeTzaJ15eY9dz2s0eymiSMqtwCPtPs,1532..cryptography/__about__.py,sha256=pY_pmYXjJTK-LjfCu7ot0NMj0QC2dkD1dCPyV8QjISM,445..cryptography/__init__.py,sha256=mthuUrTd4FROCpUYrTIqhjz6s6T9djAZrV7nZ1oMm2o,364..cryptography/__pycache__/__about__.cpython-312.pyc,,..cryptography/__pycache__/__ini

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI73442\cryptography-43.0.1.dist-info\WHEEL

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\l4.exe
                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):94
                                                                                                                                                                                                                                                  Entropy (8bit):5.016084900984752
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:RtEeX5pGogP+tkKciH/KQb:RtvoTWKTQb
                                                                                                                                                                                                                                                  MD5:C869D30012A100ADEB75860F3810C8C9
                                                                                                                                                                                                                                                  SHA1:42FD5CFA75566E8A9525E087A2018E8666ED22CB
                                                                                                                                                                                                                                                  SHA-256:F3FE049EB2EF6E1CC7DB6E181FC5B2A6807B1C59FEBE96F0AFFCC796BDD75012
                                                                                                                                                                                                                                                  SHA-512:B29FEAF6587601BBE0EDAD3DF9A87BFC82BB2C13E91103699BABD7E039F05558C0AC1EF7D904BCFAF85D791B96BC26FA9E39988DD83A1CE8ECCA85029C5109F0
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:Wheel-Version: 1.0.Generator: maturin (1.7.0).Root-Is-Purelib: false.Tag: cp39-abi3-win_amd64.

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI73442\cryptography-43.0.1.dist-info\license_files\LICENSE

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\l4.exe
                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):197
                                                                                                                                                                                                                                                  Entropy (8bit):4.61968998873571
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:hWDncJhByZmJgXPForADu1QjygQuaAJygT2d5GeWreLRuOFEXAYeBKmJozlMHuO:h9Co8FyQjkDYc5tWreLBF/pn2mH1
                                                                                                                                                                                                                                                  MD5:8C3617DB4FB6FAE01F1D253AB91511E4
                                                                                                                                                                                                                                                  SHA1:E442040C26CD76D1B946822CAF29011A51F75D6D
                                                                                                                                                                                                                                                  SHA-256:3E0C7C091A948B82533BA98FD7CBB40432D6F1A9ACBF85F5922D2F99A93AE6BB
                                                                                                                                                                                                                                                  SHA-512:77A1919E380730BCCE5B55D76FBFFBA2F95874254FAD955BD2FE1DE7FC0E4E25B5FDAAB0FEFFD6F230FA5DC895F593CF8BFEDF8FDC113EFBD8E22FADAB0B8998
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:This software is made available under the terms of *either* of the licenses.found in LICENSE.APACHE or LICENSE.BSD. Contributions to cryptography are made.under the terms of *both* these licenses..

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI73442\cryptography-43.0.1.dist-info\license_files\LICENSE.APACHE

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\l4.exe
                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):11360
                                                                                                                                                                                                                                                  Entropy (8bit):4.426756947907149
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:nUDG5KXSD9VYUKhu1JVF9hFGvV/QiGkS594drFjuHYx5dvTrLh3kTSEnQHbHR:UIvlKM1zJlFvmNz5VrlkTS0QHt
                                                                                                                                                                                                                                                  MD5:4E168CCE331E5C827D4C2B68A6200E1B
                                                                                                                                                                                                                                                  SHA1:DE33EAD2BEE64352544CE0AA9E410C0C44FDF7D9
                                                                                                                                                                                                                                                  SHA-256:AAC73B3148F6D1D7111DBCA32099F68D26C644C6813AE1E4F05F6579AA2663FE
                                                                                                                                                                                                                                                  SHA-512:F451048E81A49FBFA11B49DE16FF46C52A8E3042D1BCC3A50AAF7712B097BED9AE9AED9149C21476C2A1E12F1583D4810A6D36569E993FE1AD3879942E5B0D52
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:. Apache License. Version 2.0, January 2004. https://www.apache.org/licenses/.. TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION.. 1. Definitions... "License" shall mean the terms and conditions for use, reproduction,. and distribution as defined by Sections 1 through 9 of this document... "Licensor" shall mean the copyright owner or entity authorized by. the copyright owner that is granting the License... "Legal Entity" shall mean the union of the acting entity and all. other entities that control, are controlled by, or are under common. control with that entity. For the purposes of this definition,. "control" means (i) the power, direct or indirect, to cause the. direction or management of such entity, whether by contract or. otherwise, or (ii) ownership of fifty percent (50%) or more of the. outstanding shares, or (iii) beneficial ow

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI73442\cryptography-43.0.1.dist-info\license_files\LICENSE.BSD

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\l4.exe
                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1532
                                                                                                                                                                                                                                                  Entropy (8bit):5.058591167088024
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:MjUnoorbOFFTJJyRrYFTjzMbmqEvBTP4m96432s4EOkUTKQROJ32s3yxsITf+3tY:MkOFJSrYJsaN5P406432svv32s3EsIqm
                                                                                                                                                                                                                                                  MD5:5AE30BA4123BC4F2FA49AA0B0DCE887B
                                                                                                                                                                                                                                                  SHA1:EA5B412C09F3B29BA1D81A61B878C5C16FFE69D8
                                                                                                                                                                                                                                                  SHA-256:602C4C7482DE6479DD2E9793CDA275E5E63D773DACD1ECA689232AB7008FB4FB
                                                                                                                                                                                                                                                  SHA-512:DDBB20C80ADBC8F4118C10D3E116A5CD6536F72077C5916D87258E155BE561B89EB45C6341A1E856EC308B49A4CB4DBA1408EABD6A781FBE18D6C71C32B72C41
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:Copyright (c) Individual contributors..All rights reserved...Redistribution and use in source and binary forms, with or without.modification, are permitted provided that the following conditions are met:.. 1. Redistributions of source code must retain the above copyright notice,. this list of conditions and the following disclaimer... 2. Redistributions in binary form must reproduce the above copyright. notice, this list of conditions and the following disclaimer in the. documentation and/or other materials provided with the distribution... 3. Neither the name of PyCA Cryptography nor the names of its contributors. may be used to endorse or promote products derived from this software. without specific prior written permission...THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND.ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED.WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOS

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI73442\cryptography\hazmat\bindings\_rust.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\l4.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):7900672
                                                                                                                                                                                                                                                  Entropy (8bit):6.519460416205842
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:49152:Hvisa2OcIo0UYN1YA2sBCT7I0XIU6iOGtlqNVwASO0AIjoI+b0vjemXSKSDhxlT3:Pi/2PTYDBCT7NY+gTNxY7GbdJ295x
                                                                                                                                                                                                                                                  MD5:81AD4F91BB10900E3E2E8EAF917F42C9
                                                                                                                                                                                                                                                  SHA1:840F7AEF02CDA6672F0E3FC7A8D57F213DDD1DC6
                                                                                                                                                                                                                                                  SHA-256:5F20D6CEC04685075781996A9F54A78DC44AB8E39EB5A2BCF3234E36BEF4B190
                                                                                                                                                                                                                                                  SHA-512:11CD299D6812CDF6F0A74BA86EB44E9904CE4106167EBD6E0B81F60A5FCD04236CEF5CFF81E51ED391F5156430663056393DC07353C4A70A88024194768FFE9D
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......l..(...(...(...!...:...8...*...8...,...8... ...8...9...c..&...G...*...(...+...`...V...(.....`...)...`...)...Rich(...........................PE..d....j.f.........." ...).`Z..V........X.......................................x...........`.........................................p.r.......r...............t...............x......Cj.T....................Cj.(....Aj.@............pZ..............................text...._Z......`Z................. ..`.rdata..ZR...pZ..T...dZ.............@..@.data....+....r.......r.............@....pdata........t.......s.............@..@.reloc........x.......w.............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI73442\h2-4.1.0.dist-info\INSTALLER

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\l4.exe
                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):4
                                                                                                                                                                                                                                                  Entropy (8bit):1.5
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:Mn:M
                                                                                                                                                                                                                                                  MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                                                                  SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                                                                  SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                                                                  SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:pip.

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI73442\h2-4.1.0.dist-info\LICENSE

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\l4.exe
                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1102
                                                                                                                                                                                                                                                  Entropy (8bit):5.120351253767657
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:bOLRrmJHHH0yN3gtsHw1hj9QHOsUv4eOk4/+/m3oqLF5n:bOLRaJHlxE35QHOs5exm3ogF5n
                                                                                                                                                                                                                                                  MD5:AA3B9B4395563DD427BE5F022EC321C1
                                                                                                                                                                                                                                                  SHA1:80129BCE9030CF215FC93006DCE98B0BA8C778F8
                                                                                                                                                                                                                                                  SHA-256:7A65A5AF0CBABF1C16251C7C6B2B7CB46D16A7222E79975B9B61FCD66A2E3F28
                                                                                                                                                                                                                                                  SHA-512:62337AD684E4AA1192DBA00503EED316F28F6480ACEA90442774BE544C970C3F9012933B451C036DB3AC388C495153D6C9FA04E1844E0A483E8E767218B90690
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:The MIT License (MIT)..Copyright (c) 2015-2020 Cory Benfield and contributors..Permission is hereby granted, free of charge, to any person obtaining a copy.of this software and associated documentation files (the "Software"), to deal.in the Software without restriction, including without limitation the rights.to use, copy, modify, merge, publish, distribute, sublicense, and/or sell.copies of the Software, and to permit persons to whom the Software is.furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in.all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI73442\h2-4.1.0.dist-info\METADATA

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\l4.exe
                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3583
                                                                                                                                                                                                                                                  Entropy (8bit):4.978673419311688
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:D7evWamPktjxsxMMrgfHcxfS+UvWQH46o1WvUXCR:+RsMCgfGfS+UvW63MyR
                                                                                                                                                                                                                                                  MD5:566784A778E8B69F205F14DAC1D57817
                                                                                                                                                                                                                                                  SHA1:B1B850F3D43CC453086BED7034675426F81C9BDE
                                                                                                                                                                                                                                                  SHA-256:C504EAA29585F6BDD95644FEC420C7016599401DE0FF3CAA80AC429748A847A4
                                                                                                                                                                                                                                                  SHA-512:CFD127A2868E94E5F4FAFAB78A3153094D45F6538AE77642ADE9FABC5580D47DA2EC40A2EB7BF11FD6F5A21553A4489F5278B76AC017D738B64C4C9579B38D55
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:Metadata-Version: 2.1.Name: h2.Version: 4.1.0.Summary: HTTP/2 State-Machine based protocol implementation.Home-page: https://github.com/python-hyper/h2.Author: Cory Benfield.Author-email: cory@lukasa.co.uk.License: MIT License.Platform: UNKNOWN.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: MIT License.Classifier: Programming Language :: Python.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3.6.Classifier: Programming Language :: Python :: 3.7.Classifier: Programming Language :: Python :: 3.8.Classifier: Programming Language :: Python :: 3.9.Classifier: Programming Language :: Python :: 3.10.Classifier: Programming Language :: Python :: Implementation :: CPython.Classifier: Programming Language :: Python :: Implementation :: PyPy.Requires-Python: >=3.6.1.Description-Content-Type: text/x-rst.License-File: LICENSE.Requires-Dist: hyperframe (<7,>=6.0).

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI73442\h2-4.1.0.dist-info\RECORD

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\l4.exe
                                                                                                                                                                                                                                                  File Type:CSV text
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1716
                                                                                                                                                                                                                                                  Entropy (8bit):5.815823960091913
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:pnuXipSpe7lLCDHSkQZKT429PTW/2B7V0Wh85dGlLt4qYt29tw:sXEFgHSKT42VTW/2tV0MmdGlLtnY89m
                                                                                                                                                                                                                                                  MD5:657DE5CB6CEADBD15FDFA5A57CD2682E
                                                                                                                                                                                                                                                  SHA1:62148622A3BD1605CB409087C949269F0F828B8D
                                                                                                                                                                                                                                                  SHA-256:0B2F00133E6A66714E5F112A73A0CF6F6786F7C7C7D580B3BE600419510C9CE8
                                                                                                                                                                                                                                                  SHA-512:4317FC3F12364B6734CD97B8F5447D4483BA17FF7D3593B834B566642187CA750869A46341845E4B566456B734D4F969963DC73852D4F6908DFF465C9FE4D45D
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:h2-4.1.0.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..h2-4.1.0.dist-info/LICENSE,sha256=emWlrwy6vxwWJRx8ayt8tG0WpyIueZdbm2H81mouPyg,1102..h2-4.1.0.dist-info/METADATA,sha256=xQTqopWF9r3ZVkT-xCDHAWWZQB3g_zyqgKxCl0ioR6Q,3583..h2-4.1.0.dist-info/RECORD,,..h2-4.1.0.dist-info/WHEEL,sha256=OqRkF0eY5GHssMorFjlbTIq072vpHpF60fIQA6lS9xA,92..h2-4.1.0.dist-info/top_level.txt,sha256=Hiulx8KxI2jFUM1dG7-CZeRkO3j50MBwCLG36Vrq-kI,3..h2/__init__.py,sha256=inV-bCAUhD_QGjQe5Mk8gl7F85v26UW9W3BHov9vBAA,86..h2/__pycache__/__init__.cpython-312.pyc,,..h2/__pycache__/config.cpython-312.pyc,,..h2/__pycache__/connection.cpython-312.pyc,,..h2/__pycache__/errors.cpython-312.pyc,,..h2/__pycache__/events.cpython-312.pyc,,..h2/__pycache__/exceptions.cpython-312.pyc,,..h2/__pycache__/frame_buffer.cpython-312.pyc,,..h2/__pycache__/settings.cpython-312.pyc,,..h2/__pycache__/stream.cpython-312.pyc,,..h2/__pycache__/utilities.cpython-312.pyc,,..h2/__pycache__/windows.cpython-312.pyc,,..h2/config

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI73442\h2-4.1.0.dist-info\WHEEL

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\l4.exe
                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):92
                                                                                                                                                                                                                                                  Entropy (8bit):4.842566724466667
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:RtEeX7MWcSlViHoKKjP+tPCCfA5S:RtBMwlViQWBBf
                                                                                                                                                                                                                                                  MD5:11AA48DBE7E7CC631B11DD66DC493AEB
                                                                                                                                                                                                                                                  SHA1:249FDB01AD3E3F71356E33E1897D06F23CFB20C2
                                                                                                                                                                                                                                                  SHA-256:3AA464174798E461ECB0CA2B16395B4C8AB4EF6BE91E917AD1F21003A952F710
                                                                                                                                                                                                                                                  SHA-512:EDD5892C9B2FE1F2439C53D2CD05F4478EC360885054BD06AFCF7936F6D066377FEE07796DAE9ECDF810E3D6100E039CAD48F00AD0E3145693D53E844CC5319D
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:Wheel-Version: 1.0.Generator: bdist_wheel (0.36.2).Root-Is-Purelib: true.Tag: py3-none-any..

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI73442\h2-4.1.0.dist-info\top_level.txt

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\l4.exe
                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3
                                                                                                                                                                                                                                                  Entropy (8bit):1.584962500721156
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:Vn:V
                                                                                                                                                                                                                                                  MD5:4217C1CE78C1E6BAE73FE12CE19C51D3
                                                                                                                                                                                                                                                  SHA1:8BA0141FFAA18F4355DB911606B6B283D9BEF1B1
                                                                                                                                                                                                                                                  SHA-256:1E2BA5C7C2B12368C550CD5D1BBF8265E4643B78F9D0C07008B1B7E95AEAFA42
                                                                                                                                                                                                                                                  SHA-512:E735248AA6CC62335983C38AC04631F512B1444D3FACD5FE00064F6649D9382CC8A1661BFEF4978156B2BBD93C27FCDFD581416B05EBC91B59FEFD3C51207067
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:h2.

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI73442\libcrypto-3.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\l4.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):5232408
                                                                                                                                                                                                                                                  Entropy (8bit):5.940072183736028
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:98304:/V+Qs2NuR5YV0L8PQ1CPwDvt3uFlDC4SC9c:9rs2NuDYV0L841CPwDvt3uFlDC4SCa
                                                                                                                                                                                                                                                  MD5:123AD0908C76CCBA4789C084F7A6B8D0
                                                                                                                                                                                                                                                  SHA1:86DE58289C8200ED8C1FC51D5F00E38E32C1AAD5
                                                                                                                                                                                                                                                  SHA-256:4E5D5D20D6D31E72AB341C81E97B89E514326C4C861B48638243BDF0918CFA43
                                                                                                                                                                                                                                                  SHA-512:80FAE0533BA9A2F5FA7806E86F0DB8B6AAB32620DDE33B70A3596938B529F3822856DE75BDDB1B06721F8556EC139D784BC0BB9C8DA0D391DF2C20A80D33CB04
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........._~.._~.._~..V.S.M~.....]~.....[~.....W~.....S~.._~...~......T~..J....~..J...7}..J...^~..J.?.^~..J...^~..Rich_~..........................PE..d......f.........." ...(..7..<......v........................................0P.......O...`...........................................H.0.....O.@....@O.|.... L. .....O../...PO.$...`{D.8............................yD.@.............O..............................text.....7.......7................. ..`.rdata........7.......7.............@..@.data...Ao....K..<....K.............@....pdata....... L.......K.............@..@.idata...%....O..&....N.............@..@.00cfg..u....0O.......N.............@..@.rsrc...|....@O.......N.............@..@.reloc..~....PO.......N.............@..B................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI73442\libssl-3.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\l4.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):792856
                                                                                                                                                                                                                                                  Entropy (8bit):5.57949182561317
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12288:7LN1sdyIzHHZp5c3nlUa6lxzAG11rbmFe9Xbv:7LgfzH5I3nlUa2AU2Fe9Xbv
                                                                                                                                                                                                                                                  MD5:4FF168AAA6A1D68E7957175C8513F3A2
                                                                                                                                                                                                                                                  SHA1:782F886709FEBC8C7CEBCEC4D92C66C4D5DBCF57
                                                                                                                                                                                                                                                  SHA-256:2E4D35B681A172D3298CAF7DC670451BE7A8BA27C26446EFC67470742497A950
                                                                                                                                                                                                                                                  SHA-512:C372B759B8C7817F2CBB78ECCC5A42FA80BDD8D549965BD925A97C3EEBDCE0335FBFEC3995430064DEAD0F4DB68EBB0134EB686A0BE195630C49F84B468113E3
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l.>..|m..|m..|m.u.m..|m+.}l..|m.u}l..|m+..l..|m+.xl..|m+.yl..|m..}l..|m..}m..|m..xl..|m..|l..|m...m..|m..~l..|mRich..|m................PE..d......f.........." ...(.>..........K........................................0......!+....`..........................................x...Q..............s.... ...M......./......d...p...8...............................@............................................text....<.......>.................. ..`.rdata..hz...P...|...B..............@..@.data...qN.......H..................@....pdata..pV... ...X..................@..@.idata...c.......d...^..............@..@.00cfg..u...........................@..@.rsrc...s...........................@..@.reloc..C...........................@..B........................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI73442\python3.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\l4.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):68376
                                                                                                                                                                                                                                                  Entropy (8bit):6.147701397143669
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:768:OV1EbYGVXq6KC/prVHBN0cW18itCQDFPnOMFn+gikF/nFX14uewjBcCCC0yamM/d:ODmF61JFn+/Ob5IML0l7SySxUx
                                                                                                                                                                                                                                                  MD5:5EACE36402143B0205635818363D8E57
                                                                                                                                                                                                                                                  SHA1:AE7B03251A0BAC083DEC3B1802B5CA9C10132B4C
                                                                                                                                                                                                                                                  SHA-256:25A39E721C26E53BEC292395D093211BBA70465280ACFA2059FA52957EC975B2
                                                                                                                                                                                                                                                  SHA-512:7CB3619EA46FBAAF45ABFA3D6F29E7A5522777980E0A9D2DA021D6C68BCC380ABE38E8004E1F31D817371FB3CDD5425D4BB115CB2DC0D40D59D111A2D98B21D4
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........5...Te..Te..Te...m..Te...e..Te.....Te...g..Te.Rich.Te.................PE..d...Ab.f.........." ...(.............................................................F....`.........................................`...H................................/..............T............................................................................rdata..............................@..@.rsrc...............................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI73442\python312.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\l4.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):6927640
                                                                                                                                                                                                                                                  Entropy (8bit):5.765552513907485
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:49152:mRSn173WIgXqQYRn0I+gaYFD0iRpIrCMEGXgeieBwHTuJTA8LbLH7ft4OCLj8j4V:mIn8hYEgw8Ij887GlSvBHDMiEruuln
                                                                                                                                                                                                                                                  MD5:166CC2F997CBA5FC011820E6B46E8EA7
                                                                                                                                                                                                                                                  SHA1:D6179213AFEA084F02566EA190202C752286CA1F
                                                                                                                                                                                                                                                  SHA-256:C045B57348C21F5F810BAE60654AE39490846B487378E917595F1F95438F9546
                                                                                                                                                                                                                                                  SHA-512:49D9D4DF3D7EF5737E947A56E48505A2212E05FDBCD7B83D689639728639B7FD3BE39506D7CFCB7563576EBEE879FD305370FDB203909ED9B522B894DD87AACB
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........D..Z%..Z%..Z%......X%....e.T%......^%......R%......W%..S]..@%...]..Q%..Z%..*$..O....%..O...[%..O.g.[%..O...[%..RichZ%..........PE..d...=b.f.........." ...(..(..4B..... .........................................j......[j...`..........................................cN.d...$1O.......i......._.xI....i../... i.([....2.T.....................H.(...p.2.@............ (..............................text.....(.......(................. ..`.rdata...6'.. (..8'...(.............@..@.data....I...`O......HO.............@....pdata..xI...._..J....^.............@..@PyRuntim0.....b.......a.............@....rsrc.........i...... h.............@..@.reloc..([... i..\...*h.............@..B........................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI73442\select.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\l4.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):31000
                                                                                                                                                                                                                                                  Entropy (8bit):6.556986708902353
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:IyRVBC9t6Lhz64CHf2slDT90Y5IMQGCHQIYiSy1pCQFm/AM+o/8E9VF0Ny/r5n+/:LGyKHfx1H5IMQGY5YiSyv4AMxkEFNnq
                                                                                                                                                                                                                                                  MD5:7C14C7BC02E47D5C8158383CB7E14124
                                                                                                                                                                                                                                                  SHA1:5EE9E5968E7B5CE9E4C53A303DAC9FC8FAF98DF3
                                                                                                                                                                                                                                                  SHA-256:00BD8BB6DEC8C291EC14C8DDFB2209D85F96DB02C7A3C39903803384FF3A65E5
                                                                                                                                                                                                                                                  SHA-512:AF70CBDD882B923013CB47545633B1147CE45C547B8202D7555043CFA77C1DEEE8A51A2BC5F93DB4E3B9CBF7818F625CA8E3B367BFFC534E26D35F475351A77C
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........t..'..'..'..g'..'-..&..'-..&..'-..&..'-..&..'...&..'..'...'...&..'...&..'...&..'...'..'...&..'Rich..'................PE..d...`b.f.........." ...(.....2.......................................................o....`..........................................@..L...<A..x....p.......`.......J.../......L....3..T............................2..@............0...............................text............................... ..`.rdata.......0......................@..@.data...`....P.......8..............@....pdata.......`.......:..............@..@.rsrc........p.......>..............@..@.reloc..L............H..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI73442\ucrtbase.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\l4.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1016584
                                                                                                                                                                                                                                                  Entropy (8bit):6.669319438805479
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24576:VkmZDEMHhp9v1Ikbn3ND0TNVOsIut8P4zmxvSZX0yplkA:mmZFHhp9v1Io3h0TN3pvkA
                                                                                                                                                                                                                                                  MD5:0E0BAC3D1DCC1833EAE4E3E4CF83C4EF
                                                                                                                                                                                                                                                  SHA1:4189F4459C54E69C6D3155A82524BDA7549A75A6
                                                                                                                                                                                                                                                  SHA-256:8A91052EF261B5FBF3223AE9CE789AF73DFE1E9B0BA5BDBC4D564870A24F2BAE
                                                                                                                                                                                                                                                  SHA-512:A45946E3971816F66DD7EA3788AACC384A9E95011500B458212DC104741315B85659E0D56A41570731D338BDF182141C093D3CED222C007038583CEB808E26FD
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........W..l9F.l9F.l9F...F.l9F.l8F.l9F...F.l9F..9G.l9F..:G.l9F..<G.l9F..7G.n9F..=G.l9F...F.l9F..;G.l9FRich.l9F........PE..d.....}X.........." .........`............................................................`A................................................p......................F...=......p...PX..T............................'...............O...............................text............................... ..`.rdata..<u.......v..................@..@.data....$...........r..............@....pdata.............................@..@.rsrc................4..............@..@.reloc..p............:..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI73442\unicodedata.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\l4.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1138456
                                                                                                                                                                                                                                                  Entropy (8bit):5.4620027688967845
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12288:arEHdcM6hbuCjJ43w9hIpCQvb0QN8MdIEQ+U2BNNmD+99FfcAIU:arEXDCjfk7bPNfv42BN6yzUAIU
                                                                                                                                                                                                                                                  MD5:A8ED52A66731E78B89D3C6C6889C485D
                                                                                                                                                                                                                                                  SHA1:781E5275695ACE4A5C3AD4F2874B5E375B521638
                                                                                                                                                                                                                                                  SHA-256:BF669344D1B1C607D10304BE47D2A2FB572E043109181E2C5C1038485AF0C3D7
                                                                                                                                                                                                                                                  SHA-512:1C131911F120A4287EBF596C52DE047309E3BE6D99BC18555BD309A27E057CC895A018376AA134DF1DC13569F47C97C1A6E8872ACEDFA06930BBF2B175AF9017
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......g...#.}.#.}.#.}.*..%.}..*|.!.}..*~. .}..*y.+.}..*x...}.6-|. .}.h.|.!.}.#.|.s.}.6-p.".}.6-}.".}.6-..".}.6-..".}.Rich#.}.........PE..d...`b.f.........." ...(.@..........0*.......................................p.......)....`.........................................p...X............P.......@.......0.../...`......P^..T............................]..@............P..p............................text...!>.......@.................. ..`.rdata..\....P.......D..............@..@.data........ ......................@....pdata.......@......................@..@.rsrc........P.......$..............@..@.reloc.......`......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI73442\zstandard\_cffi.cp312-win_amd64.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\l4.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):650752
                                                                                                                                                                                                                                                  Entropy (8bit):6.4079170700952455
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6144:sz5QLUL4lK9bQkMZ/jZMaBHX7vu3XSAU128zkpWCucchvkf8HpbUPAKjgCX3GRx:szb4lK9ckWBHXKSA584ENcyv6sUPAKg
                                                                                                                                                                                                                                                  MD5:AFA2B9E9C7153750794ACFDF4BD0E416
                                                                                                                                                                                                                                                  SHA1:19C521D35DCF6BC1546E11ECE12904043BE16FDB
                                                                                                                                                                                                                                                  SHA-256:14DB1D573F7BA8F41563BBC7CDA6F1A46E5F86C1B7096D298593971A0B1C6C60
                                                                                                                                                                                                                                                  SHA-512:38E2EC7F45C6AC7CBC0D5AB7CA94DDF47FC72067507D699FA32F42AA8A4187579724645E45042929140C832C83457011EF83914E397D6F8713A6E018B2823C6B
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F...........1....r....I......r.....r.....r.....u......J..u.....u.....u]....u....Rich..........PE..d...j'.f.........." ...(.....\......P........................................0............`.........................................0...\........................3........... .......d..............................Pc..@...............@............................text...x........................... ..`.rdata..b...........................@..@.data...............................@....pdata...3.......4..................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI73442\zstandard\backend_c.cp312-win_amd64.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\l4.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):520192
                                                                                                                                                                                                                                                  Entropy (8bit):6.408474728658084
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12288:sL1TGmvt0Vwyow0k1rErgw25rXLzydh8K35sWGu:s5lvt0Vw9fk1rErV25rPY8K
                                                                                                                                                                                                                                                  MD5:0FC69D380FADBD787403E03A1539A24A
                                                                                                                                                                                                                                                  SHA1:77F067F6D50F1EC97DFED6FAE31A9B801632EF17
                                                                                                                                                                                                                                                  SHA-256:641E0B0FA75764812FFF544C174F7C4838B57F6272EAAE246EB7C483A0A35AFC
                                                                                                                                                                                                                                                  SHA-512:E63E200BAF817717BDCDE53AD664296A448123FFD055D477050B8C7EFCAB8E4403D525EA3C8181A609C00313F7B390EDBB754F0A9278232ADE7CFB685270AAF0
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................k...........k.....k.....k.....l......T..l.....l.....ln....l....Rich..................PE..d...d'.f.........." ...(............ ........................................0............`......................................... ...d........................)........... ..d...0\...............................Z..@...............(............................text...H........................... ..`.rdata.............................@..@.data....-.......(..................@....pdata...).......*..................@..@.rsrc...............................@..@.reloc..d.... ......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  \Device\ConDrv

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\l4.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):76
                                                                                                                                                                                                                                                  Entropy (8bit):4.692952967328777
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:sflBFReNmI4+3vAuF5QEyn:+hMmI4+43
                                                                                                                                                                                                                                                  MD5:4CAD745ED3FFE0C13A08C4B1027D3D3E
                                                                                                                                                                                                                                                  SHA1:77C9C68F7914BEC88A128CD2E6B4F562BF48EB55
                                                                                                                                                                                                                                                  SHA-256:D27442B5BC533B4C32EED52097A5D76258DEB3DCF51A76CD98858F0955D9B28B
                                                                                                                                                                                                                                                  SHA-512:BC285E1BECC908F9852DEFD3CDD6E74BCC26B0F7DA7A3FDD927464E94DA9F8F78A0181F87D2CEC86B76502372B351E3ABD17A0F55C8E69EB67C1A7A82F4D33AB
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:[PYI-7440:ERROR] Failed to execute script 'l4' due to unhandled exception!..

                                                                                                                                                                                                                                                  Static File Info

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  File type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Entropy (8bit):7.994648461599204
                                                                                                                                                                                                                                                  TrID:
                                                                                                                                                                                                                                                  • Win64 Executable (PyInstaller) (227505/4) 46.56%
                                                                                                                                                                                                                                                  • Win64 Executable Console (202006/5) 41.35%
                                                                                                                                                                                                                                                  • InstallShield setup (43055/19) 8.81%
                                                                                                                                                                                                                                                  • Win64 Executable (generic) (12005/4) 2.46%
                                                                                                                                                                                                                                                  • Generic Win/DOS Executable (2004/3) 0.41%
                                                                                                                                                                                                                                                  File name:l4.exe
                                                                                                                                                                                                                                                  File size:13'758'678 bytes
                                                                                                                                                                                                                                                  MD5:fdd35023de9f8049afc50e19742c3cb6
                                                                                                                                                                                                                                                  SHA1:2c5f8c05d79bcccf57f0a7c1180c06fc8d0a0ac3
                                                                                                                                                                                                                                                  SHA256:d7c96cabb5c6e07f7d037cc838a36f53ccfd20fca346d5d4bbac6f25884718f3
                                                                                                                                                                                                                                                  SHA512:05424f7bafe2da504ba6abf4bf6a079b6817e6b1f7dfd16ebbdba5f7168c88a2c4a1408d8971167cc75256dee870c4257ad05328388c6324fa236bf43e2149dd
                                                                                                                                                                                                                                                  SSDEEP:393216:DC+KQhZ2YsHFUK2J7XMCHWUj5jx5WsqWxTz0Y3nSYzxLj:DCXQZ2YwUlJ7XMb8ksqAzDv
                                                                                                                                                                                                                                                  TLSH:E2D6335022F169E5DDBB843D69E7E599E632F85617B4C28B97CC23930E231D46F38322
                                                                                                                                                                                                                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........a..............f.......f..)....f......Y.......Y.......Y.......Y........f..............................Rich...................

                                                                                                                                                                                                                                                  File Icon

                                                                                                                                                                                                                                                  Icon Hash:2e1e7c4c4c61e979

                                                                                                                                                                                                                                                  Static PE Info

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Entrypoint:0x14000c320
                                                                                                                                                                                                                                                  Entrypoint Section:.text
                                                                                                                                                                                                                                                  Digitally signed:false
                                                                                                                                                                                                                                                  Imagebase:0x140000000
                                                                                                                                                                                                                                                  Subsystem:windows cui
                                                                                                                                                                                                                                                  Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                                                                                                                                                                  DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                  Time Stamp:0x677FEA64 [Thu Jan 9 15:25:24 2025 UTC]
                                                                                                                                                                                                                                                  TLS Callbacks:
                                                                                                                                                                                                                                                  CLR (.Net) Version:
                                                                                                                                                                                                                                                  OS Version Major:6
                                                                                                                                                                                                                                                  OS Version Minor:0
                                                                                                                                                                                                                                                  File Version Major:6
                                                                                                                                                                                                                                                  File Version Minor:0
                                                                                                                                                                                                                                                  Subsystem Version Major:6
                                                                                                                                                                                                                                                  Subsystem Version Minor:0
                                                                                                                                                                                                                                                  Import Hash:a06f302f71edd380da3d5bf4a6d94ebd

                                                                                                                                                                                                                                                  Entrypoint Preview

                                                                                                                                                                                                                                                  Instruction
                                                                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                                                                  sub esp, 28h
                                                                                                                                                                                                                                                  call 00007FD6A8B7A05Ch
                                                                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                                                                  add esp, 28h
                                                                                                                                                                                                                                                  jmp 00007FD6A8B79C6Fh
                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                                                                  sub esp, 28h
                                                                                                                                                                                                                                                  call 00007FD6A8B7A3E8h
                                                                                                                                                                                                                                                  test eax, eax
                                                                                                                                                                                                                                                  je 00007FD6A8B79E23h
                                                                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                                                                  mov eax, dword ptr [00000030h]
                                                                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                                                                  mov ecx, dword ptr [eax+08h]
                                                                                                                                                                                                                                                  jmp 00007FD6A8B79E07h
                                                                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                                                                  cmp ecx, eax
                                                                                                                                                                                                                                                  je 00007FD6A8B79E16h
                                                                                                                                                                                                                                                  xor eax, eax
                                                                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                                                                  cmpxchg dword ptr [0003820Ch], ecx
                                                                                                                                                                                                                                                  jne 00007FD6A8B79DF0h
                                                                                                                                                                                                                                                  xor al, al
                                                                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                                                                  add esp, 28h
                                                                                                                                                                                                                                                  ret
                                                                                                                                                                                                                                                  mov al, 01h
                                                                                                                                                                                                                                                  jmp 00007FD6A8B79DF9h
                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                                                                  sub esp, 28h
                                                                                                                                                                                                                                                  test ecx, ecx
                                                                                                                                                                                                                                                  jne 00007FD6A8B79E09h
                                                                                                                                                                                                                                                  mov byte ptr [000381F5h], 00000001h
                                                                                                                                                                                                                                                  call 00007FD6A8B79545h
                                                                                                                                                                                                                                                  call 00007FD6A8B7A800h
                                                                                                                                                                                                                                                  test al, al
                                                                                                                                                                                                                                                  jne 00007FD6A8B79E06h
                                                                                                                                                                                                                                                  xor al, al
                                                                                                                                                                                                                                                  jmp 00007FD6A8B79E16h
                                                                                                                                                                                                                                                  call 00007FD6A8B88D0Fh
                                                                                                                                                                                                                                                  test al, al
                                                                                                                                                                                                                                                  jne 00007FD6A8B79E0Bh
                                                                                                                                                                                                                                                  xor ecx, ecx
                                                                                                                                                                                                                                                  call 00007FD6A8B7A810h
                                                                                                                                                                                                                                                  jmp 00007FD6A8B79DECh
                                                                                                                                                                                                                                                  mov al, 01h
                                                                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                                                                  add esp, 28h
                                                                                                                                                                                                                                                  ret
                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                  inc eax
                                                                                                                                                                                                                                                  push ebx
                                                                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                                                                  sub esp, 20h
                                                                                                                                                                                                                                                  cmp byte ptr [000381BCh], 00000000h
                                                                                                                                                                                                                                                  mov ebx, ecx
                                                                                                                                                                                                                                                  jne 00007FD6A8B79E69h
                                                                                                                                                                                                                                                  cmp ecx, 01h
                                                                                                                                                                                                                                                  jnbe 00007FD6A8B79E6Ch
                                                                                                                                                                                                                                                  call 00007FD6A8B7A35Eh
                                                                                                                                                                                                                                                  test eax, eax
                                                                                                                                                                                                                                                  je 00007FD6A8B79E2Ah
                                                                                                                                                                                                                                                  test ebx, ebx
                                                                                                                                                                                                                                                  jne 00007FD6A8B79E26h
                                                                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                                                                  lea ecx, dword ptr [000381A6h]
                                                                                                                                                                                                                                                  call 00007FD6A8B88B02h

                                                                                                                                                                                                                                                  Data Directories

                                                                                                                                                                                                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x3ea2c0x50.rdata
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x490000xef8c.rsrc
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x460000x22f8.pdata
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x580000x768.reloc
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x3bfb00x1c.rdata
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x3be700x140.rdata
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x2d0000x400.rdata
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                  Sections

                                                                                                                                                                                                                                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                  .text0x10000x2b1100x2b20055ff5ed922edfe0b0c10734c674f4ee4False0.5453521286231884data6.496893972670116IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                  .rdata0x2d0000x128420x12a00f271e38c789ced3774cfb2ef656a9bfaFalse0.5235816904362416data5.767543090603831IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                  .data0x400000x54080xe00aff56347f897785154c53727472c548dFalse0.13504464285714285data1.8315705466577277IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                  .pdata0x460000x22f80x240057f77a295f3be6e2a8e90035dde19ce2False0.4784071180555556data5.3594808562266065IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                  .rsrc0x490000xef8c0xf0005d72e0338b034862f777c781ab7d2219False0.8010091145833333data7.3501462320035476IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                  .reloc0x580000x7680x80042d6242177dbae8e11ed5d64b87d0d48False0.5576171875data5.268722219019965IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                  Resources

                                                                                                                                                                                                                                                  NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                  RT_ICON0x492080xea8Device independent bitmap graphic, 48 x 96 x 8, image size 00.56636460554371
                                                                                                                                                                                                                                                  RT_ICON0x4a0b00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 00.7287906137184116
                                                                                                                                                                                                                                                  RT_ICON0x4a9580x568Device independent bitmap graphic, 16 x 32 x 8, image size 00.7471098265895953
                                                                                                                                                                                                                                                  RT_ICON0x4aec00x909bPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9971636186822983
                                                                                                                                                                                                                                                  RT_ICON0x53f5c0x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 00.38309128630705397
                                                                                                                                                                                                                                                  RT_ICON0x565040x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 00.4826454033771107
                                                                                                                                                                                                                                                  RT_ICON0x575ac0x468Device independent bitmap graphic, 16 x 32 x 32, image size 00.699468085106383
                                                                                                                                                                                                                                                  RT_GROUP_ICON0x57a140x68data0.7019230769230769
                                                                                                                                                                                                                                                  RT_MANIFEST0x57a7c0x50dXML 1.0 document, ASCII text0.4694508894044857

                                                                                                                                                                                                                                                  Imports

                                                                                                                                                                                                                                                  DLLImport
                                                                                                                                                                                                                                                  USER32.dllTranslateMessage, ShutdownBlockReasonCreate, GetWindowThreadProcessId, SetWindowLongPtrW, GetWindowLongPtrW, MsgWaitForMultipleObjects, ShowWindow, DestroyWindow, CreateWindowExW, RegisterClassW, DefWindowProcW, PeekMessageW, DispatchMessageW, GetMessageW
                                                                                                                                                                                                                                                  KERNEL32.dllGetTimeZoneInformation, GetProcessHeap, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCPInfo, GetOEMCP, GetACP, IsValidCodePage, GetStringTypeW, FormatMessageW, GetLastError, GetModuleFileNameW, LoadLibraryExW, SetDllDirectoryW, CreateSymbolicLinkW, GetProcAddress, CreateDirectoryW, GetCommandLineW, GetEnvironmentVariableW, ExpandEnvironmentStringsW, DeleteFileW, FindClose, FindFirstFileW, FindNextFileW, HeapSize, RemoveDirectoryW, GetTempPathW, CloseHandle, QueryPerformanceCounter, QueryPerformanceFrequency, WaitForSingleObject, Sleep, GetCurrentProcess, GetCurrentProcessId, TerminateProcess, GetExitCodeProcess, CreateProcessW, GetStartupInfoW, FreeLibrary, LocalFree, SetConsoleCtrlHandler, GetConsoleWindow, K32EnumProcessModules, K32GetModuleFileNameExW, CreateFileW, FindFirstFileExW, GetFinalPathNameByHandleW, MultiByteToWideChar, WideCharToMultiByte, GetFileAttributesExW, HeapReAlloc, WriteConsoleW, SetEndOfFile, GetDriveTypeW, IsDebuggerPresent, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsProcessorFeaturePresent, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, GetModuleHandleW, RtlUnwindEx, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, RaiseException, RtlPcToFileHeader, GetFileInformationByHandle, GetFileType, PeekNamedPipe, SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime, ReadFile, GetFullPathNameW, SetStdHandle, GetStdHandle, WriteFile, ExitProcess, GetModuleHandleExW, GetCommandLineA, HeapFree, GetConsoleMode, ReadConsoleW, SetFilePointerEx, GetConsoleOutputCP, GetFileSizeEx, HeapAlloc, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, CompareStringW, LCMapStringW, GetCurrentDirectoryW, FlushFileBuffers, SetEnvironmentVariableW
                                                                                                                                                                                                                                                  ADVAPI32.dllConvertSidToStringSidW, GetTokenInformation, OpenProcessToken, ConvertStringSecurityDescriptorToSecurityDescriptorW

                                                                                                                                                                                                                                                  Network Behavior

                                                                                                                                                                                                                                                  Network Port Distribution

                                                                                                                                                                                                                                                  TCP Packets

                                                                                                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                  Feb 8, 2025 18:41:14.823237896 CET49732443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Feb 8, 2025 18:41:14.823292971 CET44349732185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Feb 8, 2025 18:41:14.823365927 CET49732443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Feb 8, 2025 18:41:14.831132889 CET49732443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Feb 8, 2025 18:41:14.831149101 CET44349732185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Feb 8, 2025 18:41:15.315149069 CET44349732185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Feb 8, 2025 18:41:15.316063881 CET49732443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Feb 8, 2025 18:41:15.316088915 CET44349732185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Feb 8, 2025 18:41:15.317301989 CET44349732185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Feb 8, 2025 18:41:15.317380905 CET49732443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Feb 8, 2025 18:41:15.318723917 CET49732443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Feb 8, 2025 18:41:15.318856001 CET44349732185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Feb 8, 2025 18:41:15.318891048 CET49732443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Feb 8, 2025 18:41:15.318903923 CET49732443192.168.2.4185.199.108.133

                                                                                                                                                                                                                                                  UDP Packets

                                                                                                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                  Feb 8, 2025 18:41:14.764048100 CET6346653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                  Feb 8, 2025 18:41:14.772610903 CET53634661.1.1.1192.168.2.4

                                                                                                                                                                                                                                                  DNS Queries

                                                                                                                                                                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                  Feb 8, 2025 18:41:14.764048100 CET192.168.2.41.1.1.10x735dStandard query (0)raw.githubusercontent.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                  DNS Answers

                                                                                                                                                                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                  Feb 8, 2025 18:41:14.772610903 CET1.1.1.1192.168.2.40x735dNo error (0)raw.githubusercontent.com185.199.108.133A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Feb 8, 2025 18:41:14.772610903 CET1.1.1.1192.168.2.40x735dNo error (0)raw.githubusercontent.com185.199.111.133A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Feb 8, 2025 18:41:14.772610903 CET1.1.1.1192.168.2.40x735dNo error (0)raw.githubusercontent.com185.199.109.133A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Feb 8, 2025 18:41:14.772610903 CET1.1.1.1192.168.2.40x735dNo error (0)raw.githubusercontent.com185.199.110.133A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Feb 8, 2025 18:41:26.405000925 CET1.1.1.1192.168.2.40x145aNo error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Feb 8, 2025 18:41:26.405000925 CET1.1.1.1192.168.2.40x145aNo error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                  Statistics

                                                                                                                                                                                                                                                  CPU Usage

                                                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                                                  Memory Usage

                                                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                                                  High Level Behavior Distribution

                                                                                                                                                                                                                                                  Click to dive into process behavior distribution

                                                                                                                                                                                                                                                  Behavior

                                                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                                                  System Behavior

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:0
                                                                                                                                                                                                                                                  Start time:12:41:08
                                                                                                                                                                                                                                                  Start date:08/02/2025
                                                                                                                                                                                                                                                  Path:C:\Users\user\Desktop\l4.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                  Commandline:"C:\Users\user\Desktop\l4.exe"
                                                                                                                                                                                                                                                  Imagebase:0x7ff7c2850000
                                                                                                                                                                                                                                                  File size:13'758'678 bytes
                                                                                                                                                                                                                                                  MD5 hash:FDD35023DE9F8049AFC50E19742C3CB6
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:1
                                                                                                                                                                                                                                                  Start time:12:41:08
                                                                                                                                                                                                                                                  Start date:08/02/2025
                                                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:2
                                                                                                                                                                                                                                                  Start time:12:41:10
                                                                                                                                                                                                                                                  Start date:08/02/2025
                                                                                                                                                                                                                                                  Path:C:\Users\user\Desktop\l4.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                  Commandline:"C:\Users\user\Desktop\l4.exe"
                                                                                                                                                                                                                                                  Imagebase:0x7ff7c2850000
                                                                                                                                                                                                                                                  File size:13'758'678 bytes
                                                                                                                                                                                                                                                  MD5 hash:FDD35023DE9F8049AFC50E19742C3CB6
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  Disassembly

                                                                                                                                                                                                                                                  Reset < >