Automated Malware Analysis IOC Report for

Details

Filetype:	PE32+ executable (GUI) x86-64, for MS Windows
Entropy:	7.998650670687196
Filename:	msupdate.exe
Filesize:	69484264
MD5:	a4a77855a747fd6c8a28cfa4e0e3b22f
SHA1:	a201051faf269ffa09dee1b3d0ea8db4958aba7c
SHA256:	3595fb2e596d3e1ab25f1671e4d0b541924fae29fd7ffbda09a929978707609a
SHA512:	a0901d51fbe291171a08b4da9f5ecc5835aff1716bf93d4be3dc0cecc123928428a0050603801c447e6c68683684244d8a0876cc30d1fc40bb36f9634e57b4a5
SSDEEP:	1572864:NAhPTY96FNSGrt+fjqVrUgmAsaW6v00v4V0xHD+:2hT+nGRhe6c0wexC
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......<...x...x...x...3...~...3.......3...r...m.x.y...m...P...m...h...m...q...3.......x.......NY..y...NY..y...Richx..................

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Drops PE files	Persistence and Installation Behavior
Installs a raw input device (often for capturing keystrokes)	Key, Mouse, Clipboard, Microphone and Screen Capturing	Input Capture
PE file contains sections with non-standard names	Data Obfuscation
Sample file is different than original file name gathered from version info	System Summary
Creates temporary files	System Summary
Disables application error messsages (SetErrorMode)	Hooking and other Techniques for Hiding and Protection
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion	Security Software Discovery
PE file has an executable .text section and no other executable section	System Summary
Reads software policies	System Summary
SQL strings found in memory and binary data	System Summary
Sample is known by Antivirus	System Summary
Sample reads its own file content	System Summary
Tries to load missing DLLs	System Summary	DLL Side-Loading
URLs found in memory or binary data	Networking
PE file contains a valid data directory to section mapping	System Summary
PE file contains a debug data directory	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a mix of data directories often seen in goodware	System Summary
PE file has a high image base, often used for DLLs	System Summary
Submission file is bigger than most known malware samples	System Summary

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\localtest.exe
Category:	dropped
Dump:	localtest.exe.0.dr
ID:	dr_0
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (GUI) x86-64, for MS Windows
Entropy:	6.619815726218458
Encrypted:	false
Ssdeep:	196608:Z4oymLruO4gZ/XJNP0E2lf9Xkvgo4fjSG1SVsL/JRuf3ELDtS4+5dzew8Lxh+ty:qrmPTJNP0E2lFXieV8C/JEss4+aw8L6
Size:	83897856
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Yara detected Python Keylogger	Key, Mouse, Clipboard, Microphone and Screen Capturing
Tries to steal Crypto Currency Wallets	Stealing of Sensitive Information	Data from Local System
Yara detected EXE embedded in BAT file	Data Obfuscation
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Drops PE files	Persistence and Installation Behavior
Enables debug privileges	Anti Debugging
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)	Malware Analysis System Evasion
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Sigma detected: CurrentVersion Autorun Keys Modification	System Summary
Yara detected Credential Stealer	Stealing of Sensitive Information
Creates an autostart registry key	Boot Survival	Registry Run Keys / Startup Folder
Creates files inside the user directory	System Summary	Masquerading
Disables application error messsages (SetErrorMode)	Hooking and other Techniques for Hiding and Protection
Queries the cryptographic machine GUID	Language, Device and Operating System Detection	System Information Discovery
Spawns processes	System Summary	Process Injection
Tries to load missing DLLs	System Summary	DLL Side-Loading

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\localtest.exe
Category:	dropped
Dump:	localtest.exe.14.dr
ID:	dr_316
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (GUI) x86-64, for MS Windows
Entropy:	6.619815726218458
Encrypted:	false
Ssdeep:	196608:Z4oymLruO4gZ/XJNP0E2lf9Xkvgo4fjSG1SVsL/JRuf3ELDtS4+5dzew8Lxh+ty:qrmPTJNP0E2lFXieV8C/JEss4+aw8L6
Size:	83897856
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Yara detected Python Keylogger	Key, Mouse, Clipboard, Microphone and Screen Capturing
Tries to steal Crypto Currency Wallets	Stealing of Sensitive Information	Data from Local System
Yara detected EXE embedded in BAT file	Data Obfuscation
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Drops PE files	Persistence and Installation Behavior
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Yara detected Credential Stealer	Stealing of Sensitive Information
Disables application error messsages (SetErrorMode)	Hooking and other Techniques for Hiding and Protection
Spawns processes	System Summary	Process Injection
Tries to load missing DLLs	System Summary	DLL Side-Loading

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\localtest.exe
Category:	dropped
Dump:	localtest.exe.15.dr
ID:	dr_497
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (GUI) x86-64, for MS Windows
Entropy:	6.619815726218458
Encrypted:	false
Size:	83897856
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Yara detected Python Keylogger	Key, Mouse, Clipboard, Microphone and Screen Capturing
Tries to harvest and steal browser information (history, passwords, etc)	Stealing of Sensitive Information	Data from Local System OS Credential Dumping
Tries to steal Crypto Currency Wallets	Stealing of Sensitive Information	Data from Local System
Yara detected EXE embedded in BAT file	Data Obfuscation
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Drops PE files	Persistence and Installation Behavior
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Yara detected Credential Stealer	Stealing of Sensitive Information
Disables application error messsages (SetErrorMode)	Hooking and other Techniques for Hiding and Protection
Spawns processes	System Summary	Process Injection
Tries to load missing DLLs	System Summary	DLL Side-Loading

Details

File:	C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
Category:	dropped
Dump:	StartupProfileData-NonInteractive.8.dr
ID:	dr_173
Target ID:	8
Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Type:	data
Entropy:	1.1940658735648508
Encrypted:	false
Ssdeep:	3:Nlllulbnolz:NllUc
Size:	64
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_101zxqon.hsd.ps1
Category:	dropped
Dump:	__PSScriptPolicyTest_101zxqon.hsd.ps1.8.dr
ID:	dr_171
Target ID:	8
Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Type:	ASCII text, with no line terminators
Entropy:	4.038920595031593
Encrypted:	false
Ssdeep:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
Size:	60
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_d32txty0.s15.psm1
Category:	dropped
Dump:	__PSScriptPolicyTest_d32txty0.s15.psm1.8.dr
ID:	dr_172
Target ID:	8
Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Type:	ASCII text, with no line terminators
Entropy:	4.038920595031593
Encrypted:	false
Ssdeep:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
Size:	60
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\Users\user\AppData\Local\Temp\crcook.txt
Category:	dropped
Dump:	crcook.txt.2.dr
ID:	dr_170
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\localtest.exe
Type:	ASCII text, with CRLF line terminators
Entropy:	5.869800062732686
Encrypted:	false
Ssdeep:	6:fWo1g2D1Qv3rocHDyzxbiEv3rocHDKJLmIrBNuYraqWTfqgqlB1Hwsv7OjPy:u+gC1Qv79EkEv79cBNuMWfqnym7O7y
Size:	306
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\crpassw.txt
Category:	dropped
Dump:	crpassw.txt.2.dr
ID:	dr_169
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\localtest.exe
Type:	ASCII text, with CRLF line terminators
Entropy:	3.8488846166291197
Encrypted:	false
Ssdeep:	3:vuErFWo1ng2DIIbr:fWo1g2D1v
Size:	31
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\Crypto\Cipher\_Salsa20.pyd
Category:	dropped
Dump:	_Salsa20.pyd.0.dr
ID:	dr_116
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.043023051517476
Encrypted:	false
Ssdeep:	192:SF/1nb2eqCQtkluknuz4ceS4QDuBA7cqgYvEP:o2P6luLtn4QDKmgYvEP
Size:	13824
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\Crypto\Cipher\_raw_aes.pyd
Category:	dropped
Dump:	_raw_aes.pyd.0.dr
ID:	dr_117
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.5538426720189396
Encrypted:	false
Ssdeep:	384:3f+7nYpPMedFDlDchrVX1mEVmT9ZgkoD/PKDkGuF0U390QOo8VdbKBWmuvLg4HPy:PqWB7YJlmLJ3oD/S4j990th9VvsC
Size:	36352
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\Crypto\Cipher\_raw_aesni.pyd
Category:	dropped
Dump:	_raw_aesni.pyd.0.dr
ID:	dr_118
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.285321423775064
Encrypted:	false
Ssdeep:	192:wJBjJPqZkEPYinXKccxrEWx4xLquhS3WQ67EIfD4d1ccqgwYUMvEW:iURwin7mrEYCLEGd7/fDawgwYUMvE
Size:	15872
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\Crypto\Cipher\_raw_cbc.pyd
Category:	dropped
Dump:	_raw_cbc.pyd.0.dr
ID:	dr_119
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	4.737934511632203
Encrypted:	false
Ssdeep:	192:8F/1nb2eqCQtkrKnlPI12D00acqgYvEn:W2P6KlPe2DIgYvEn
Size:	12288
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\Crypto\Cipher\_raw_cfb.pyd
Category:	dropped
Dump:	_raw_cfb.pyd.0.dr
ID:	dr_122
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	4.896113420654944
Encrypted:	false
Ssdeep:	192:kzRgPfqLlvIOP3bdS2hkPUDkjoCM/vPXcqgzQkvEmO:kUYgAdDkUDlCWpgzQkvE
Size:	13824
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\Crypto\Cipher\_raw_ctr.pyd
Category:	dropped
Dump:	_raw_ctr.pyd.0.dr
ID:	dr_123
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.296941042514949
Encrypted:	false
Ssdeep:	192:dJ1gSPqgKkwv0i8NSixSK57NEEE/qexcEtDrnDjRcqgUF6+6vEX:dE1si8NSixS0CqebtDfrgUUjvE
Size:	14848
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\Crypto\Cipher\_raw_ecb.pyd
Category:	dropped
Dump:	_raw_ecb.pyd.0.dr
ID:	dr_124
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	4.58491776551014
Encrypted:	false
Ssdeep:	96:zK0KVVdJvbrqTuy/Th/Y0IluLfcC75JiCKs89EpmFWLOXDwoPPj16XkcX6gbW6z:z2VddiTHThQTctEEI4qXD/1CkcqgbW6
Size:	10752
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\Crypto\Cipher\_raw_eksblowfish.pyd
Category:	dropped
Dump:	_raw_eksblowfish.pyd.0.dr
ID:	dr_125
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.13818726721959
Encrypted:	false
Ssdeep:	384:IU/5cRUtPMbNv37t6KjjNrDF6pJgLa0Mp8Qk0gYP2lcCM:hKR8EbxwKflDFQgLa1kzP
Size:	22016
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\Crypto\Cipher\_raw_ocb.pyd
Category:	dropped
Dump:	_raw_ocb.pyd.0.dr
ID:	dr_126
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.344975505079875
Encrypted:	false
Ssdeep:	384:UzPHdP3Mj7Be/yB/MsB3yRcb+IqcOYoQViCBD81g6Vf4A:UPcnB8KEsB3ocb+pcOYLMCBDx
Size:	17920
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\Crypto\Cipher\_raw_ofb.pyd
Category:	dropped
Dump:	_raw_ofb.pyd.0.dr
ID:	dr_127
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	4.732524211136862
Encrypted:	false
Ssdeep:	192:sF/1nb2eqCQtkgU7L9D0V70fcqgYvEJPb:m2P6L9DAAxgYvEJj
Size:	12288
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\Crypto\Hash\_BLAKE2s.pyd
Category:	dropped
Dump:	_BLAKE2s.pyd.0.dr
ID:	dr_128
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.17157470367637
Encrypted:	false
Ssdeep:	192:pF/1nb2eqCQt7fSxp/CJPvADQRntxSOvbcqgEvcM+:12PNKxZWPIDmxVlgEvL
Size:	14336
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\Crypto\Hash\_MD5.pyd
Category:	dropped
Dump:	_MD5.pyd.0.dr
ID:	dr_129
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.463458228413267
Encrypted:	false
Ssdeep:	192:UIyZ9WfqP7M93g8UdsoS1hhiBvzcuiDSjeoGmDZfRBP0rcqgjPrvE:UqA0gHdzS1MwuiDSyoGmDxr89gjPrvE
Size:	15360
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\Crypto\Hash\_SHA1.pyd
Category:	dropped
Dump:	_SHA1.pyd.0.dr
ID:	dr_130
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.681553876702266
Encrypted:	false
Ssdeep:	384:UzPHdP3MjeQTh+QAZUUw8lMF6DW1tgj+kf4:EPcKQT3iw8lfDsej+
Size:	17920
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\Crypto\Hash\_SHA256.pyd
Category:	dropped
Dump:	_SHA256.pyd.0.dr
ID:	dr_131
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.90271944005012
Encrypted:	false
Ssdeep:	384:U1ljwG2JaQaqvYHp5RYcARQOj4MSTjqgPm4DwxregjxojS:AjwLJbZYtswvbDwxr7jUS
Size:	21504
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\Crypto\Hash\_ghash_clmul.pyd
Category:	dropped
Dump:	_ghash_clmul.pyd.0.dr
ID:	dr_132
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.019867964622382
Encrypted:	false
Ssdeep:	192:HRF/1nb2eqCQtkbsAT2fixSrdYDtHymjcqgQvEW:Hd2P6bsK4H+D4wgQvEW
Size:	12800
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\Crypto\Hash\_ghash_portable.pyd
Category:	dropped
Dump:	_ghash_portable.pyd.0.dr
ID:	dr_133
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.015378888018285
Encrypted:	false
Ssdeep:	192:IF/1nb2eqCQtks0iiNqdF4mtPjD0wA5LPYcqgYvEL2x:i2P6fFA/4GjD4cgYvEL2x
Size:	13312
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\Crypto\Protocol\_scrypt.pyd
Category:	dropped
Dump:	_scrypt.pyd.0.dr
ID:	dr_134
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	4.795317235666895
Encrypted:	false
Ssdeep:	192:kJkCffqPSTMeAk4OeR64ADp5i6RcqgO5vE:kXZMcPeR64ADu63gO5vE
Size:	12288
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\Crypto\Util\_cpuid_c.pyd
Category:	dropped
Dump:	_cpuid_c.pyd.0.dr
ID:	dr_135
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	4.7372077697895945
Encrypted:	false
Ssdeep:	192:zWVddiTHThQTctEEaEDKDvMRWJcqgbW6:SMdsc+EaEDKDvCWvgbW
Size:	10240
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\Crypto\Util\_strxor.pyd
Category:	dropped
Dump:	_strxor.pyd.0.dr
ID:	dr_136
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	4.693475725745118
Encrypted:	false
Ssdeep:	96:zuZVVdJvbrqTuy/Th/Y0IluLfcC75JiCKs89EMz3DVWMot4BcX6gbW6O:zUVddiTHThQTctEEO3DloKcqgbW6
Size:	10240
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\PIL\_imaging.pyd
Category:	dropped
Dump:	_imaging.pyd.0.dr
ID:	dr_137
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.459337580131227
Encrypted:	false
Ssdeep:	49152:koa4DDDK7v1T+bKpf6/ulLrLrLrLKg+JYWjHBF7:1K7v1TWX2q
Size:	2428928
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\PIL\_imagingcms.pyd
Category:	dropped
Dump:	_imagingcms.pyd.0.dr
ID:	dr_138
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.280201200423917
Encrypted:	false
Ssdeep:	6144:kFuq195UQ/b/8yRI7O4T9HFLg9uP1+74/LgHmPr9qvZqhLanLTLzLfqeqwL1Je0s:kFuqL5UfT9HFLg9uP1+74/LgHmPr9qvK
Size:	257536
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\PIL\_imagingft.pyd
Category:	dropped
Dump:	_imagingft.pyd.0.dr
ID:	dr_139
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.766846496259483
Encrypted:	false
Ssdeep:	24576:RGxm3UN0DyIeCzhYTUrU55IUYcEe7/t8fV7MZgyzcO0PEXbZ5Ap4Xfo45:ox4SfC2TUO5HCI/et+gytfo4
Size:	1652736
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\PIL\_imagingtk.pyd
Category:	dropped
Dump:	_imagingtk.pyd.0.dr
ID:	dr_140
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.016426536954842
Encrypted:	false
Ssdeep:	192:dLWyIXW4r4fhDBg3hB2tCIpg7or9edH58IPpElVysUA4ckgT1G:dL7IXr45DBg3hB2V9eswpsVyZA2gTQ
Size:	15872
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\PIL\_webp.pyd
Category:	dropped
Dump:	_webp.pyd.0.dr
ID:	dr_141
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.580984741686164
Encrypted:	false
Ssdeep:	12288:wyN9n89fa3Z6utaazqLrLrLrLaCCKVtNaIKJQIJzK:wV9ypLqLrLrLrLaCCKEIyQIJzK
Size:	531456
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\PyQt5\QtCore.pyd
Category:	dropped
Dump:	QtCore.pyd.0.dr
ID:	dr_142
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.240133820704683
Encrypted:	false
Ssdeep:	49152:aWYt+wPbTcSKSCcHFpXEqzhDarD9HDXTk5am3QSQK4ZAzYI+1ZdAEDGmtV/U3bwN:jSKSCcHFpXEqzhDarD9HDXTk5am3QSQO
Size:	2467840
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\PyQt5\QtGui.pyd
Category:	dropped
Dump:	QtGui.pyd.0.dr
ID:	dr_143
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.233473435581707
Encrypted:	false
Ssdeep:	49152:eq1Bdy8kK+zqwXSkaGV0COyxNkFAEfYoyWbP:dLdiznbTjO
Size:	2482688
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\PyQt5\QtWidgets.pyd
Category:	dropped
Dump:	QtWidgets.pyd.0.dr
ID:	dr_144
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.251608446485404
Encrypted:	false
Ssdeep:	49152:I6qnQByIoLSo7MMVjv7pekxL3UNmN61ZA+gca6xSdJzqNQ9SbBanj1Mxf5uJa:WxI/kMaz7YsgNDG90+VimCOa
Size:	5092864
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\PyQt5\qt-plugins\iconengines\qsvgicon.dll
Category:	dropped
Dump:	qsvgicon.dll.0.dr
ID:	dr_146
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.0993566622860635
Encrypted:	false
Ssdeep:	768:VPs5g31JfDgej5JZmA0ZsEEC6lmn+4FdDGimUf2hr:VkC31ee7ZmA+sEEC6lmn+4FOUfc
Size:	41968
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\PyQt5\qt-plugins\imageformats\qgif.dll
Category:	dropped
Dump:	qgif.dll.0.dr
ID:	dr_147
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.0316011626259405
Encrypted:	false
Ssdeep:	768:ygk2hM0GskFtvPCjEIxh8eDzFyPddeeGvnhotdDGPUf2he:yN2a05kfPOEMaeDzFkddeFnhotOUfh
Size:	39408
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\PyQt5\qt-plugins\imageformats\qicns.dll
Category:	dropped
Dump:	qicns.dll.0.dr
ID:	dr_148
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.016125225197622
Encrypted:	false
Ssdeep:	768:vEip0IlhxTDxut3dnm8IyAmQQ3ydJouEAkNypTAO0tfC3apmsdDG9Uf2hU:vxvXxgVIyA23ydJlEATpTAO0tfCKpms/
Size:	45040
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\PyQt5\qt-plugins\imageformats\qico.dll
Category:	dropped
Dump:	qico.dll.0.dr
ID:	dr_149
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.957072398645384
Encrypted:	false
Ssdeep:	768:zBXBEfQiAzC9Oh5AS7a3Z5OGrTDeV9mp7nnsWdDGgYUf2hi/:8JAzuOhy3zOGrTDeV9mp7nnsWjYUfz
Size:	38384
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\PyQt5\qt-plugins\imageformats\qjpeg.dll
Category:	dropped
Dump:	qjpeg.dll.0.dr
ID:	dr_150
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.7491063936821405
Encrypted:	false
Ssdeep:	6144:USgOWz1eW38u9tyh6fpGUasBKTrsXWwMmH1l3JM5hn0uEfB4:USPQTnastBRB4
Size:	421360
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\PyQt5\qt-plugins\imageformats\qsvg.dll
Category:	dropped
Dump:	qsvg.dll.0.dr
ID:	dr_151
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.978149408776758
Encrypted:	false
Ssdeep:	768:uOVKDlJJVlTuLiMtsKVG7TSdDG9Uf2h4e:hVgJVlTuL/tsKVG7TSQUfre
Size:	32240
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\PyQt5\qt-plugins\imageformats\qtga.dll
Category:	dropped
Dump:	qtga.dll.0.dr
ID:	dr_152
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.865766652452823
Encrypted:	false
Ssdeep:	768:1lGALluUEAQATWQ79Z2Y8Ar+dDG2vUf2hF:TZl/EH8WQ794Y8Ar+hvUfm
Size:	31728
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\PyQt5\qt-plugins\imageformats\qtiff.dll
Category:	dropped
Dump:	qtiff.dll.0.dr
ID:	dr_153
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.724665470266677
Encrypted:	false
Ssdeep:	6144:V0jqHiFBaRe0GPAKwP15e7xrEEEEEEN024Rx/3tkYiHUASQbs/l7OanYoOgyV:0qqwP15bx/q7/yyV
Size:	390128
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\PyQt5\qt-plugins\imageformats\qwbmp.dll
Category:	dropped
Dump:	qwbmp.dll.0.dr
ID:	dr_154
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.938644231596902
Encrypted:	false
Ssdeep:	768:EfEM3S46JE2X/xBZ76pC5J6GdDGZUf2h4:63S3JE2PHZ76pC5J6GEUfn
Size:	30192
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\PyQt5\qt-plugins\imageformats\qwebp.dll
Category:	dropped
Dump:	qwebp.dll.0.dr
ID:	dr_155
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.605517748735854
Encrypted:	false
Ssdeep:	12288:bPTjgdqdsvh+LrLrLrL5/y4DVHAsqx3hXS+oPZQqRaYG:jT5sMLrLrLrL5q4dAsaOFo
Size:	510448
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\PyQt5\qt-plugins\mediaservice\dsengine.dll
Category:	dropped
Dump:	dsengine.dll.0.dr
ID:	dr_156
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.15513142093455
Encrypted:	false
Ssdeep:	6144:+t6LjqQ5qwlL5536MDPlk1B9/f9EQlK13EsOyo+FRrzu:+sLWQwwT53dJA+FRrzu
Size:	301040
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\PyQt5\qt-plugins\mediaservice\qtmedia_audioengine.dll
Category:	dropped
Dump:	qtmedia_audioengine.dll.0.dr
ID:	dr_157
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.915530709928927
Encrypted:	false
Ssdeep:	1536:CX+k4JfQEzxmtbtXd8UxpzFV03X8GhCMIZm4XUfo:CyJBxm3XKUHzGhCMIZf/
Size:	68080
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\PyQt5\qt-plugins\mediaservice\wmfengine.dll
Category:	dropped
Dump:	wmfengine.dll.0.dr
ID:	dr_158
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.0609445635731305
Encrypted:	false
Ssdeep:	3072:W4vMUHhXLy+Duac3hiMGY3XQtjNjFiUipnrNg9KoHosdi:2eySuaQxejN4UipnrNg9XHoei
Size:	208368
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\PyQt5\qt-plugins\platforms\qminimal.dll
Category:	dropped
Dump:	qminimal.dll.0.dr
ID:	dr_159
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.625808732261156
Encrypted:	false
Ssdeep:	12288:y6MhioHKQ1ra8HT+bkMY8zKI4kwU7dFOTTYfEWmTxbwTlWc:BMhioHKQp+bkjAjwGdFSZtbwBd
Size:	844784
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\PyQt5\qt-plugins\platforms\qoffscreen.dll
Category:	dropped
Dump:	qoffscreen.dll.0.dr
ID:	dr_160
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.6323155845799695
Encrypted:	false
Ssdeep:	12288:/HpBmyVIRZ3Tck83vEgex5aebusGMIlhLfEWmpCJkl:/HpB63TckUcLaHMITAZmW
Size:	754672
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\PyQt5\qt-plugins\platforms\qwebgl.dll
Category:	dropped
Dump:	qwebgl.dll.0.dr
ID:	dr_161
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.152380961313931
Encrypted:	false
Ssdeep:	6144:WO/vyK+DtyaHlIMDhg5WEOvAwKB2VaaHeqRw/yVfYu4UnCA6DEjeYchcD+1Zy2:bKtHOWg5OvAwK0NYu4AShcD+1U2
Size:	482288
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\PyQt5\qt-plugins\platforms\qwindows.dll
Category:	dropped
Dump:	qwindows.dll.0.dr
ID:	dr_10
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.575113537540671
Encrypted:	false
Ssdeep:	24576:4mCSPJrAbXEEuV9Hw2SoYFo3HdxjEgqJkLdLu5qpmZuhg/A2b:nPlIEEuV9Hw2SFFWHdWZsdmqja/A2b
Size:	1477104
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\PyQt5\qt-plugins\platformthemes\qxdgdesktopportal.dll
Category:	dropped
Dump:	qxdgdesktopportal.dll.0.dr
ID:	dr_11
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.125954940500008
Encrypted:	false
Ssdeep:	1536:Nt4B1RLj3S6TtH2sweUH+Hz6/4+D6VFsfvUfO:AB1RHFdoeUs6/4O6VFSZ
Size:	68592
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\PyQt5\qt-plugins\printsupport\windowsprintersupport.dll
Category:	dropped
Dump:	windowsprintersupport.dll.0.dr
ID:	dr_12
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.083938612859037
Encrypted:	false
Ssdeep:	768:PY5ff1eZ5yUgg+mpYPyU6bZAnhdbfLLAARljIFuzdDG9Uf2hFc:PY5X1ez9DYaUQZAnhJz8ARljmuzAUf1
Size:	55280
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\PyQt5\qt-plugins\styles\qwindowsvistastyle.dll
Category:	dropped
Dump:	qwindowsvistastyle.dll.0.dr
ID:	dr_13
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.294675868932723
Encrypted:	false
Ssdeep:	3072:rrjwZ43rCOtrBk7wcR0l7wBlaL6BtIEt51T0Nhkqg8FoQY:7hZu9R0l7wFBtIEt51T0Nuqg8JY
Size:	144368
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\PyQt5\sip.pyd
Category:	dropped
Dump:	sip.pyd.0.dr
ID:	dr_145
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.013239668983001
Encrypted:	false
Ssdeep:	3072:ffo4ygrnRYa5v7Wbj8F4HwSvQxoodR89X1f:44yQOa5jWnW4wSoPR2f
Size:	121344
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\_asyncio.pyd
Category:	dropped
Dump:	_asyncio.pyd.0.dr
ID:	dr_1
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.899692891859365
Encrypted:	false
Ssdeep:	1536:P/NHFMdDgugn5BHr/1Rq6mMxnBGpI8snaqy27:X/485x1Rq6mgncpI8snaw7
Size:	73744
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\_brotli.pyd
Category:	dropped
Dump:	_brotli.pyd.0.dr
ID:	dr_2
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.094087296276298
Encrypted:	false
Ssdeep:	12288:0+xM/y+Sd0o1zYbCUAHhlyE8ZXTw05nmZfRr+Tw:0+ylSTzYtAIiAmZfRrw
Size:	857600
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\_bz2.pyd
Category:	dropped
Dump:	_bz2.pyd.0.dr
ID:	dr_3
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.337586298062742
Encrypted:	false
Ssdeep:	1536:DGb6DBCvurMRnQhVx8/Nlv+SSm9YmFN87Xgq4ToV+dypRI84VAyE:abfXyg7pp9TC7Xgq4ToV+kRI84VY
Size:	94736
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\_cffi_backend.pyd
Category:	dropped
Dump:	_cffi_backend.pyd.0.dr
ID:	dr_4
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.199103831906969
Encrypted:	false
Ssdeep:	3072:fuDhqvb8EFiB2SAxCapLigdLnqH1nWShafSmnS791/9d9CdhjkhneKGg:fuDcz8EFfSAxzigdWnW1fSWWmhjkhneU
Size:	181760
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\_ctypes.pyd
Category:	dropped
Dump:	_ctypes.pyd.0.dr
ID:	dr_5
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.962671714439977
Encrypted:	false
Ssdeep:	1536:bRyGuR/8oD9tR2yHBIjxBaVGTODsAR04D0RfUGpd0/b8aMgiadI8VPEye:bcDd8oM+kBVQ/8f5pdObL7dI8VPG
Size:	132624
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\_decimal.pyd
Category:	dropped
Dump:	_decimal.pyd.0.dr
ID:	dr_6
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.490803702039132
Encrypted:	false
Ssdeep:	6144:16wN+Xkv3Pt2R4ihr6iboTfWebtedJ/gqWya38LWuAxR:U4ExW4oTdoC3R
Size:	267280
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\_elementtree.pyd
Category:	dropped
Dump:	_elementtree.pyd.0.dr
ID:	dr_7
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.299632329784148
Encrypted:	false
Ssdeep:	3072:eA5zdNfn+gUP4DoqYjDn0sYwtk9/h337lm2Fad8u2JyoMMMMMMF4S1jzhI8AfC:eAxL/+gUPJjD0sYw6nBmRQye1jz3
Size:	207888
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\_hashlib.pyd
Category:	dropped
Dump:	_hashlib.pyd.0.dr
ID:	dr_8
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.959951673192366
Encrypted:	false
Ssdeep:	768:AyvaHXGH0o9MBl7nqHQ03dpI8sIZhWDG4yfkO:UKnyBlmHQadpI8sIZcyMO
Size:	38928
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\_lzma.pyd
Category:	dropped
Dump:	_lzma.pyd.0.dr
ID:	dr_9
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.6945247495968045
Encrypted:	false
Ssdeep:	3072:KCvUDHEIzx6yBexOV3fNDjGTtDlQxueKd03DV8tv9XIGIPExZJV9mNoA2v1kqnfE:tvUtdBexOlNDk+xTKg8tlJKyXYOAC1Lc
Size:	176144
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\_multiprocessing.pyd
Category:	dropped
Dump:	_multiprocessing.pyd.0.dr
ID:	dr_30
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.960619050057232
Encrypted:	false
Ssdeep:	384:iPzxbi1duybZ93GDXIV0Y5FoTewHJ4nhB/5I8kBLheX1nYPLxDG4y8SNu7:imeIxo6wuH/5I8kthelWDG4ya7
Size:	29712
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\_overlapped.pyd
Category:	dropped
Dump:	_overlapped.pyd.0.dr
ID:	dr_31
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.925988445470974
Encrypted:	false
Ssdeep:	768:U4ljYOwns/tk8iin8alqEahsMJrrnoYIJVI8JtAWDG4yCO:TjtKPsMJrUVI8JtNyp
Size:	46096
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\_portaudio.pyd
Category:	dropped
Dump:	_portaudio.pyd.0.dr
ID:	dr_32
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.338498984880818
Encrypted:	false
Ssdeep:	6144:qEjjWdIr9nzXLiM2elPMQ8EsPvoD+24sqRA:qEjtcM7gvr3F
Size:	301056
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\_queue.pyd
Category:	dropped
Dump:	_queue.pyd.0.dr
ID:	dr_33
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.982244926544283
Encrypted:	false
Ssdeep:	384:lDZ54qTq9Qe//7vWXhTR/cEI6rgdI8qU8nYPLxDG4y8HmsuEyo:p4qwQ0WRtS6rgdI8qU8WDG4y6XuEyo
Size:	28176
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\_socket.pyd
Category:	dropped
Dump:	_socket.pyd.0.dr
ID:	dr_34
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.0942584309558985
Encrypted:	false
Ssdeep:	1536:vG/A9Fu5OEPenRXk5d2jw/hEdFcvY+RgOmkcH7dI8VwYyo:e/Anu5OEPenRXRjw/h0FcvYcgOmkcbdV
Size:	76816
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\_sqlite3.pyd
Category:	dropped
Dump:	_sqlite3.pyd.0.dr
ID:	dr_35
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.875335952288727
Encrypted:	false
Ssdeep:	1536:eaiMwScZ7vJXjYS2bYETEVVRm4j6YpJ8Qi7wCEy2LpI8sQH8Zyrr:a9SE77R58Yz8n7wCfOpI8sQcAr
Size:	88592
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\_ssl.pyd
Category:	dropped
Dump:	_ssl.pyd.0.dr
ID:	dr_36
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.015568704435241
Encrypted:	false
Ssdeep:	3072:B9+/8UxGzqHYjeS0Woia4TMpi6EPQNvURI847uHV:b+UUxGiY8Wo1UVV
Size:	120848
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\_tkinter.pyd
Category:	dropped
Dump:	_tkinter.pyd.0.dr
ID:	dr_37
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.022045168499411
Encrypted:	false
Ssdeep:	1536:wZSaB9UmU+YBYGnmmwe06hcvfyRiDpI8sS1yh:wZSDoe0FvfyRiDpI8sSo
Size:	69648
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\aiohttp\_helpers.pyd
Category:	dropped
Dump:	_helpers.pyd.0.dr
ID:	dr_14
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.693567055904789
Encrypted:	false
Ssdeep:	768:1UCU7LAkMMvUvtjstglOz2EidyxoWR9hVpBqnpE7sbzakcq:DVJTJSTzPZTnpsgs/
Size:	40448
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\aiohttp\_http_parser.pyd
Category:	dropped
Dump:	_http_parser.pyd.0.dr
ID:	dr_15
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.10666779226306
Encrypted:	false
Ssdeep:	3072:z1KrrdmOChmfhoNhE7H4qEa+0s+1j1RxfEQ1Zd:ArZGY73EaN1hL1f
Size:	220160
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\aiohttp\_http_writer.pyd
Category:	dropped
Dump:	_http_writer.pyd.0.dr
ID:	dr_16
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.74813879490357
Encrypted:	false
Ssdeep:	768:zQn96aluGuR1GxIBctGW3kJOvhlygNMuZzw:Utfu/mAOHMuB
Size:	36352
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\aiohttp\_websocket.pyd
Category:	dropped
Dump:	_websocket.pyd.0.dr
ID:	dr_17
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.4304573666415985
Encrypted:	false
Ssdeep:	384:6VuTABF4IYYKeg5qBtuHtsR4pLi9Pbb6lRNeyMSEJorsfqzl8eqSguxE:6VE0+IYZeg5qCtpLi9PbeRcyMSEJTy+h
Size:	24064
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\bcrypt\_bcrypt.pyd
Category:	dropped
Dump:	_bcrypt.pyd.0.dr
ID:	dr_18
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.264879673315508
Encrypted:	false
Ssdeep:	384:XKBxYvCc//KEdvX020YfLecJay5e0bxpJgLa0Mp8D0ekPwqOw7:zv3tdvk8Tle0gLa1SPd
Size:	31744
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\certifi\cacert.pem
Category:	dropped
Dump:	cacert.pem.0.dr
ID:	dr_19
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	ASCII text
Entropy:	6.049584029751259
Encrypted:	false
Ssdeep:	6144:QW1H/M8f9R0mNpliXCRrwADwYCuMEigT/Q5MSRqNb7d8l:QWN/vRLNL4CRrBC5MWavd0
Size:	285222
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\concrt140.dll
Category:	dropped
Dump:	concrt140.dll.0.dr
ID:	dr_38
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.325295618585691
Encrypted:	false
Ssdeep:	6144:2VwR2xhiXuz1BxUBE0I3umFKuLHqvqNXV4rnWzgCEcl:Vs9zGEj3saz7l
Size:	317208
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\cryptography\hazmat\bindings\_openssl.pyd
Category:	dropped
Dump:	_openssl.pyd.0.dr
ID:	dr_20
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.5600156596934625
Encrypted:	false
Ssdeep:	49152:LIU6ioeGtlqTVwASOICDs+JhX3wHqg+dhptXdqCHJYN1QwhIC4Fjz80nciTOzNqm:k+IkEs7JYNgFjz80cDh1YFZdZBT
Size:	3962880
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\cryptography\hazmat\bindings\_rust.pyd
Category:	dropped
Dump:	_rust.pyd.0.dr
ID:	dr_21
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.148502058477941
Encrypted:	false
Ssdeep:	24576:j/bXNabjIX1FSCD2Ai8tExl6/RA11zz5Wp3BabkGon9wC3f+um4aFu:PQjIX1FSCD2Ai8tE2aYUz
Size:	1593344
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\cv2\cv2.pyd
Category:	dropped
Dump:	cv2.pyd.0.dr
ID:	dr_22
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.741890175139891
Encrypted:	false
Ssdeep:	393216:ZH7PCXZQzJy4TWVv2/Eidszo7ARI5WEzq8E0vSH3nKBuT8CpX8GxWaHLiAUmYuk4:SQzJDWVv6dYReGxH3KB2XzhE2/sHs
Size:	87928320
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\frozenlist\_frozenlist.pyd
Category:	dropped
Dump:	_frozenlist.pyd.0.dr
ID:	dr_23
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.760625162582072
Encrypted:	false
Ssdeep:	768:3Ngp0st7ryWLy95UHJOBCSOFwR6Cy/92PwxjEM7HiXrxwkulWcB2:3NFsrUcJHSgww3/92PnM7HiXrxpu8c
Size:	53248
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\libcrypto-1_1.dll
Category:	dropped
Dump:	libcrypto-1_1.dll.0.dr
ID:	dr_39
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.094152840203032
Encrypted:	false
Ssdeep:	98304:R3+YyRoAK2rXHsoz5O8M1CPwDv3uFh+r:t9yWAK2zsozZM1CPwDv3uFh+r
Size:	3399200
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\libeay32.dll
Category:	dropped
Dump:	libeay32.dll.0.dr
ID:	dr_50
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.7573278120063724
Encrypted:	false
Ssdeep:	49152:iIGHW0Tlp28IQfPxwmUie+7IdlmQIU6iShqjQPPjWW8:ijHKqfw0v+qqjQDWW8
Size:	1988608
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\libfreetype-6.dll
Category:	dropped
Dump:	libfreetype-6.dll.0.dr
ID:	dr_51
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
Entropy:	6.4460699567644255
Encrypted:	false
Ssdeep:	12288:w7AvRbpuflWqWyhb/e+AUCnGqI3qoTF1OgfEWm:w7AWVhbm+AWqc5uZ
Size:	586240
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\libjpeg-9.dll
Category:	dropped
Dump:	libjpeg-9.dll.0.dr
ID:	dr_52
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
Entropy:	6.389441331010228
Encrypted:	false
Ssdeep:	6144:I7wNZIYb0maLgCaqrWqg7EdP8J1dJHoFaeghCbBL:I7we7gCaqrWqg7EdP8jpY
Size:	244224
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\libopenblas.WCDJNK7YVMPZQ2ME2ZZHJJRJ3JIKNDB7.gfortran-win_amd64.dll
Category:	dropped
Dump:	libopenblas.WCDJNK7YVMPZQ2ME2ZZHJJRJ3JIKNDB7.gfortran-win_amd64.dll.0.dr
ID:	dr_53
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.3382421612060815
Encrypted:	false
Ssdeep:	196608:fGLtguCargPguXVwK+UMidpW9fkSWweAY/CZoEeV8Vb13w6y1WftYk5kscxQfEGP:UksJf2OF
Size:	34369888
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\libpng16-16.dll
Category:	dropped
Dump:	libpng16-16.dll.0.dr
ID:	dr_54
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
Entropy:	6.4218776738200525
Encrypted:	false
Ssdeep:	3072:VatMOImapxER0/vnm2mjq61IJJT1fX0yuWUQstxZw2TnzFEY5IQ:VatMOImapaR03nmnYJV1cjtnwunw
Size:	210944
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\libssl-1_1.dll
Category:	dropped
Dump:	libssl-1_1.dll.0.dr
ID:	dr_55
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.526574117413294
Encrypted:	false
Ssdeep:	12288:1SurcFFRd4l6NCNH98PikxqceDotbA/nJspatQM5eJpAJfeMw4o8s6U2lvz:1KWZH98PiRLsAtf8AmMHogU2lvz
Size:	689184
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\lz4\_version.pyd
Category:	dropped
Dump:	_version.pyd.0.dr
ID:	dr_24
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	4.693564342821323
Encrypted:	false
Ssdeep:	96:yU5GYCsBIZw1A2z6pBo59ww0zkDQgJyUC5Xs+yEZqfkZFb37H/gQrOiw7v2V:9iiIZw1vuB09lqRGEZqMFr7brpwS
Size:	11264
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\lz4\block\_block.pyd
Category:	dropped
Dump:	_block.pyd.0.dr
ID:	dr_25
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.243272931591038
Encrypted:	false
Ssdeep:	1536:zJVWoR4lj3v525ltgp3N/fOPg2q4wOpRb55TuO3h7X:j3R4lj3vs5INOPduOpRb55Tuo9X
Size:	75264
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\msvcp140.dll
Category:	dropped
Dump:	msvcp140.dll.0.dr
ID:	dr_56
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.461874649448891
Encrypted:	false
Ssdeep:	12288:xI88L4Wu4+oJ+xc39ax5Ms4ETs3rxSvYcRkdQEKZm+jWodEEVh51:xD89rxZfQEKZm+jWodEEP5
Size:	590112
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\msvcp140_1.dll
Category:	dropped
Dump:	msvcp140_1.dll.0.dr
ID:	dr_57
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.499754548353504
Encrypted:	false
Ssdeep:	384:rOY/H1SbuIqnX8ndnWc95gW3C8c+pBj0HRN7bULkcyHRN7rxTO6iuQl9xiv:yYIBqnMdxxWd4urv
Size:	31728
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\multidict\_multidict.pyd
Category:	dropped
Dump:	_multidict.pyd.0.dr
ID:	dr_26
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.355295165687912
Encrypted:	false
Ssdeep:	768:fcjIEBdgjgEfwwuLR9JGMDYcMz/xYwr/:0czfQGM9
Size:	45568
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\numpy\core\_multiarray_tests.pyd
Category:	dropped
Dump:	_multiarray_tests.pyd.0.dr
ID:	dr_27
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.192836538611655
Encrypted:	false
Ssdeep:	1536:3lSGe/2iH80GUjTyKjT0k2MqIAP2u8vP0TU3s:Vh+GUjTybkpAPp8rs
Size:	106496
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\numpy\core\_multiarray_umath.pyd
Category:	dropped
Dump:	_multiarray_umath.pyd.0.dr
ID:	dr_28
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.537308891583725
Encrypted:	false
Ssdeep:	49152:/M/cze8S47oWNoUvqUEwdr8yzux14CtFrTyz4/V:WjAqw
Size:	2769920
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\numpy\fft\_pocketfft_internal.pyd
Category:	dropped
Dump:	_pocketfft_internal.pyd.0.dr
ID:	dr_29
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.177330572145835
Encrypted:	false
Ssdeep:	3072:LA/0iIoEsbAqVXfPkZpQd47ryh8J+s6dY+b6IDaY+Y:8/0SbAukZpQd47GK+HFF8
Size:	112640
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\numpy\linalg\_umath_linalg.pyd
Category:	dropped
Dump:	_umath_linalg.pyd.0.dr
ID:	dr_40
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.419120291258942
Encrypted:	false
Ssdeep:	1536:CYlNH+NrvsGeowHRMfrdC8+43FxV0cVZpyd0Rse8SzNXw8Y4ngIBdWweH:CYlNSs9owHut+wFxV0K98nmgIBdhg
Size:	153600
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\numpy\linalg\lapack_lite.pyd
Category:	dropped
Dump:	lapack_lite.pyd.0.dr
ID:	dr_41
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.530414151250272
Encrypted:	false
Ssdeep:	384:7FhVUSXgPqAEqjxkcHPA3mrrAnvx0cMYmhw:nVU2gPXjxDnonv4Ymh
Size:	21504
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\numpy\random\_bounded_integers.pyd
Category:	dropped
Dump:	_bounded_integers.pyd.0.dr
ID:	dr_42
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.483806960130266
Encrypted:	false
Ssdeep:	3072:T0na8Au2nW0p9zutrqKU+Xlsmbbsgm7A+4oUxph/Vjzutz3A1TQysg36yt:Ia1nx9z4+w1sibb5X/VjmjwTQc6
Size:	238592
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\numpy\random\_common.pyd
Category:	dropped
Dump:	_common.pyd.0.dr
ID:	dr_43
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.1540655505257815
Encrypted:	false
Ssdeep:	1536:2l2nUZt60F7ZVKAFbICNLDS7r01ngRnMA1ask7VcqKsljTuOaFb8+MFZgDXpcPCM:2lOG1vK2bICvyO+1kFJaFbJXpcPC
Size:	178688
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\numpy\random\_generator.pyd
Category:	dropped
Dump:	_generator.pyd.0.dr
ID:	dr_44
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.316831567097614
Encrypted:	false
Ssdeep:	6144:ra4JYWEkB0sQbOn+aQWo+pWJ46dtjwT+SiSySxeiS+WXSMd5S5SyS/9SZSaSriSg:W4uobowWJDjw56xQrDRM0BsavJ
Size:	646144
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\numpy\random\_mt19937.pyd
Category:	dropped
Dump:	_mt19937.pyd.0.dr
ID:	dr_45
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.169423227466293
Encrypted:	false
Ssdeep:	1536:bSANk9+gY7gs5zcZ70V4vkWTWPgmdc0Dgs:bPkGf5IZ70V4vkWx0Dd
Size:	77824
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\numpy\random\_pcg64.pyd
Category:	dropped
Dump:	_pcg64.pyd.0.dr
ID:	dr_46
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.980786853285234
Encrypted:	false
Ssdeep:	768:R3Q13VEAjbJYEPT+7VKsoTVmsZm0aPVfI2AxvGzetNX2L+w9kZSjYcJ/YIqXcvPp:gVEUF+7gv6194YYcJ/Yeb17dAHPtC
Size:	65024
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\numpy\random\_philox.pyd
Category:	dropped
Dump:	_philox.pyd.0.dr
ID:	dr_47
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.986508207434875
Encrypted:	false
Ssdeep:	1536:yIB2ic560kTG2nakT27hxiX0qWsr+1Gq:yK2ui0T0hxiX0Gr+1L
Size:	72192
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\numpy\random\_sfc64.pyd
Category:	dropped
Dump:	_sfc64.pyd.0.dr
ID:	dr_48
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.860938878798157
Encrypted:	false
Ssdeep:	768:8cqkigR6k3uj+vBSipT24nzbO9Dgh9gqVVfIXgE2vilKUmZUBUcIrBobaHnJKcmp:Kkik3uyZx2p/nxicbWH+
Size:	53248
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\numpy\random\bit_generator.pyd
Category:	dropped
Dump:	bit_generator.pyd.0.dr
ID:	dr_49
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.100107488012804
Encrypted:	false
Ssdeep:	3072:fRAMv1X6aXfjCSqs+CILiNwS6Pi2+WarahcWhbZdFkSx2+WarahzZms3T:5RNqqfj+zCILiNkPi2+Warahc4FkSx2f
Size:	151552
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\numpy\random\mtrand.pyd
Category:	dropped
Dump:	mtrand.pyd.0.dr
ID:	dr_60
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.202499551459795
Encrypted:	false
Ssdeep:	6144:fh36m8oc7i1j9Pr/cDo+KjJQuSxSISPw+SeWkSOKTSpSPuSx+SzS5SQS7SQSKStP:Hxr/pV6oYWLfrHV/NoPNhC1
Size:	561152
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\psutil\_psutil_windows.pyd
Category:	dropped
Dump:	_psutil_windows.pyd.0.dr
ID:	dr_61
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.925569454538302
Encrypted:	false
Ssdeep:	1536:kVydaZk6Wxl4LZTq4za+M2cgv/J6cVvOGb:k8cVWxI9qyMVgv/JVvOGb
Size:	78336
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\pyexpat.pyd
Category:	dropped
Dump:	pyexpat.pyd.0.dr
ID:	dr_58
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.312695764898477
Encrypted:	false
Ssdeep:	3072:nT3d9F9j+gUPNDoqAdeEaUwExv0yOWIkPQXLBLBtpug8FGty+auDomdI8VhHF:jHF1+gUP8deIwEXLIfLB6g8FGJauDom7
Size:	202768
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\pygame\_freetype.pyd
Category:	dropped
Dump:	_freetype.pyd.0.dr
ID:	dr_62
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.204869863327296
Encrypted:	false
Ssdeep:	1536:VhqhAKcrR/8x06ycBTBaqyuNSrfX8C+0C26cY0X86wSV:LogrR/i06ycBAWETm26cY+xw
Size:	78336
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\pygame\base.pyd
Category:	dropped
Dump:	base.pyd.0.dr
ID:	dr_63
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.679638168280965
Encrypted:	false
Ssdeep:	384:mVYWfe3eY7ucEbN00V4X77JL87z0bCtmmRWXQqO5SK14dhi5a7H0EovKsOlAPdQl:mVpDifJ9sSfbdHGwlbzaI3AOAo
Size:	30208
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\pygame\bufferproxy.pyd
Category:	dropped
Dump:	bufferproxy.pyd.0.dr
ID:	dr_64
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.170811425002114
Encrypted:	false
Ssdeep:	384:newY0rxsa3Cl+38Y5f+0TvTf7BCcMRU8:ewjGzWrWa
Size:	18432
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\pygame\color.pyd
Category:	dropped
Dump:	color.pyd.0.dr
ID:	dr_65
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.73802357017814
Encrypted:	false
Ssdeep:	384:czCH4hXynBaXFm8ztqAOpBD0Qr7rL2rYZr4cYhIYm5CJuw+Tais8z51YcaBhtKBu:qHXupBD02/pYhj+Tais8zgRkfjItDXN
Size:	35840
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\pygame\constants.pyd
Category:	dropped
Dump:	constants.pyd.0.dr
ID:	dr_66
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.274247290628612
Encrypted:	false
Ssdeep:	768:jIM9yfKTjm60ahCUCZ/2gPz5/+y2y4nUgb/VyEIc7taN38rw:99yfKTjm8hbK/FPzEnIc7taNm
Size:	49152
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\pygame\display.pyd
Category:	dropped
Dump:	display.pyd.0.dr
ID:	dr_67
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.783700908556658
Encrypted:	false
Ssdeep:	768:xLapST8QYqxxALGvMCf6hPOHTQAaZh1JnqnwX1hWbg:rT8ap7WOeZhv8ajeg
Size:	44032
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\pygame\draw.pyd
Category:	dropped
Dump:	draw.pyd.0.dr
ID:	dr_68
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.099628652524892
Encrypted:	false
Ssdeep:	768:u9jFnfN/dACKdHg22tWi7/ogt1kHIMiF2Z3cmP+zZzFqzrYrsG:AVWVzoWi7/ZkHIMicXX0IG
Size:	48128
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\pygame\event.pyd
Category:	dropped
Dump:	event.pyd.0.dr
ID:	dr_69
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.665174203175519
Encrypted:	false
Ssdeep:	384:bgkujLBgOY7h3dsAj2jKF7gFkEIHsJfgB0rWNJ6jrkfc75tNU1JDmSov1ZeH/ax8:FuB413iXKR4piu6H/s9Cm1u
Size:	40448
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\pygame\font.pyd
Category:	dropped
Dump:	font.pyd.0.dr
ID:	dr_80
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.3407998299229
Encrypted:	false
Ssdeep:	384:1x2nVIdaFQqwXS7qCVjFuRtPE840dvihm2uhAfGsuRoIBIArACDcMMg:14YqwXclVjYRvWuu+dEc
Size:	24064
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\pygame\image.pyd
Category:	dropped
Dump:	image.pyd.0.dr
ID:	dr_81
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.791014923696717
Encrypted:	false
Ssdeep:	384:XL4Ltxxz1ugXX2AFovzngbdn17Rpk8mqk+AkB/66RT5ScAwWA7WRwh/TJ1XKcNmb:cBFFqLm1TbRoDwWA7WRKFrmb
Size:	28160
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\pygame\imageext.pyd
Category:	dropped
Dump:	imageext.pyd.0.dr
ID:	dr_82
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.3288808221207145
Encrypted:	false
Ssdeep:	384:hipEV3sRR7L9V6MJX9TgedamfBtCX4Zp1DmV4gevhzdcLLc7iz:hKEViRzQyzC4D5mV41dcqi
Size:	19456
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\pygame\joystick.pyd
Category:	dropped
Dump:	joystick.pyd.0.dr
ID:	dr_83
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.2928685167428196
Encrypted:	false
Ssdeep:	384:ND4c5eVL5VkHPRU13wki2sn+1jbZ4/mb1cMmmmM:Nb5Gt13wkiZ+1u/mf
Size:	20480
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\pygame\key.pyd
Category:	dropped
Dump:	key.pyd.0.dr
ID:	dr_84
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	4.885516034084412
Encrypted:	false
Ssdeep:	384:8rOTgL3DaLkKNrpcVVYMdFuTwgukAtyDT1/vcMABYStqaM6Krt:aLMi7Cwtextohqr6I
Size:	26624
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\pygame\mask.pyd
Category:	dropped
Dump:	mask.pyd.0.dr
ID:	dr_85
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.188213197887492
Encrypted:	false
Ssdeep:	1536:9ALYaiRq6PZda5jU2zsR4dOKiXUVmBIhbXjDEyHkljcc:9ALYbQ6Pq2P4dOKiXUVmBWXjIyHklo
Size:	56832
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\pygame\math.pyd
Category:	dropped
Dump:	math.pyd.0.dr
ID:	dr_86
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.986686387118695
Encrypted:	false
Ssdeep:	1536:6OdMMdcUIdLd9t2tFU/8O6nKMGCnq3dbiRr1CH:hdcUMLvMtFL7KMlnq3dbiRI
Size:	67072
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\pygame\mixer.pyd
Category:	dropped
Dump:	mixer.pyd.0.dr
ID:	dr_87
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.658295348751267
Encrypted:	false
Ssdeep:	768:oGrr4779GIItgzU/HftuysPesmSUf+SCd:/HteOHfIysPes9UWd
Size:	36352
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\pygame\mixer_music.pyd
Category:	dropped
Dump:	mixer_music.pyd.0.dr
ID:	dr_88
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.321389308193211
Encrypted:	false
Ssdeep:	384:PqvuUSXhqrH2CaBzR8nqAaTvVtEG8cNwniCU:JZT8ncvVtEy+U
Size:	20480
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\pygame\mouse.pyd
Category:	dropped
Dump:	mouse.pyd.0.dr
ID:	dr_89
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.213980760489755
Encrypted:	false
Ssdeep:	384:m4n1F8UOM95wBZ1rFtMtxtn4TdhT3L/cMrAU:m4n1F85Myutvczhr7
Size:	19456
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\pygame\pixelarray.pyd
Category:	dropped
Dump:	pixelarray.pyd.0.dr
ID:	dr_100
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.064596577114034
Encrypted:	false
Ssdeep:	768:yVp+JVksLW5k4flLN9DgDMEm6lqM78wkPCRZ7UmTlWHQaLCKU2ra76Z+iJXH/wHR:Up+cD8MMq48UbUdKKi6Z3oH
Size:	45056
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\pygame\pixelcopy.pyd
Category:	dropped
Dump:	pixelcopy.pyd.0.dr
ID:	dr_101
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.761453811981597
Encrypted:	false
Ssdeep:	384:TPQtj2J1h1LU1HYJ0U4QTg/4p0Np4QEMBnFRjTfL7cMynJ:TPQtO/1LRLIXnLrVy
Size:	26112
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\pygame\rect.pyd
Category:	dropped
Dump:	rect.pyd.0.dr
ID:	dr_102
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.688408458159711
Encrypted:	false
Ssdeep:	768:qlyQ1yzflz2H+xYeD5uRFc7DYendUdvmy:xDlAoTUd+
Size:	36864
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\pygame\rwobject.pyd
Category:	dropped
Dump:	rwobject.pyd.0.dr
ID:	dr_103
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.290419159050352
Encrypted:	false
Ssdeep:	384:Sw8SAsxJbWakMKhoYaVYfJMqdop7GvmmkSCFcNQX:r/HkMmE7ok7yQ
Size:	19968
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\pygame\scrap.pyd
Category:	dropped
Dump:	scrap.pyd.0.dr
ID:	dr_104
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.244515673174077
Encrypted:	false
Ssdeep:	384:GsZ9ciXBAQoBQo3HVtdsDKeJRnQTt/gZTheucMWqM5K/:H9ciXBY3AFDNtVWvE
Size:	18944
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\pygame\surface.pyd
Category:	dropped
Dump:	surface.pyd.0.dr
ID:	dr_105
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.3783596774039815
Encrypted:	false
Ssdeep:	3072:QAqOctGdEqVJ//lkjkVk+k9mPmVmTgFcIzMDnZE7:COcuJ//lkjkVk+k9mPmVmTgFcIQDnC7
Size:	220672
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\pygame\surflock.pyd
Category:	dropped
Dump:	surflock.pyd.0.dr
ID:	dr_106
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	4.748836333842975
Encrypted:	false
Ssdeep:	192:ds9WS9oDgVvpqPrtDmhRvPo24ekyPosKKFAgXU/ZMc6zG:K9t9oDgVBSQhRvsekyoKFAicM3
Size:	13824
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\pygame\time.pyd
Category:	dropped
Dump:	time.pyd.0.dr
ID:	dr_107
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.021063469377741
Encrypted:	false
Ssdeep:	384:am0CMudvllWt2O7s9fpuIEs/iAVEE2HTezx3cMe:amB7otSEs/3E/Hqre
Size:	18944
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\pygame\transform.pyd
Category:	dropped
Dump:	transform.pyd.0.dr
ID:	dr_108
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.234819540381457
Encrypted:	false
Ssdeep:	768:wLoLurPrJgIlzKqZIyqcerwMpdF6YBf1JmXyEq9D2/rfC2:sgIzpZIierwIdF11k1IETC2
Size:	52224
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\python3.dll
Category:	dropped
Dump:	python3.dll.0.dr
ID:	dr_59
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.843378110040134
Encrypted:	false
Ssdeep:	768:1iUuRp9VpBLm6g5YuLIE4k8kF/DFz1OuIwfBSCciqy0oeDOm+rENdI8V0eWDG4yv:n5gOqdI8V0jyv
Size:	58896
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\python37.dll
Category:	dropped
Dump:	python37.dll.0.dr
ID:	dr_70
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.384383088490926
Encrypted:	false
Ssdeep:	49152:KjVpkcACTIK0IKhyn9iafAdH1ZRHLqUCbNSuvYVeP84mzIAA5H0LMznZPMXT7p31:3CTIdKI7UWu4cAgHCMzqNOyVB
Size:	3750416
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\qt5core.dll
Category:	dropped
Dump:	qt5core.dll.0.dr
ID:	dr_71
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.768988071491288
Encrypted:	false
Ssdeep:	98304:hcirJylHYab/6bMJsv6tWKFdu9CLiZxqfg8gwf:+irJylHFb/QMJsv6tWKFdu9CL4xqfg8x
Size:	6023664
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\qt5dbus.dll
Category:	dropped
Dump:	qt5dbus.dll.0.dr
ID:	dr_72
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.392610185061176
Encrypted:	false
Ssdeep:	6144:ZLvnUJ17UTGOkWHUe/W9TgYMDu96ixMZQ8IlXbKgp8aIDeN:KP7cGOGegTwu96ixMZQtlrPN
Size:	436720
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\qt5gui.dll
Category:	dropped
Dump:	qt5gui.dll.0.dr
ID:	dr_73
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.674290383197779
Encrypted:	false
Ssdeep:	49152:9VPhJZWVvpg+za3cFlc61j2VjBW77I4iNlmLPycNRncuUx24LLsXZFC6FOCfDt2/:BJZzI1ZR3U9Cxc22aDACInVc4Z
Size:	7008240
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\qt5multimedia.dll
Category:	dropped
Dump:	qt5multimedia.dll.0.dr
ID:	dr_74
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.260644163524817
Encrypted:	false
Ssdeep:	6144:jLIJMPFfMerCs1uXdHbbbboLxywnY9jnvQz5dm9mMhI/p5PQCf3FR19EjqD0jKds:j+MPFfMervUXzYeg/mR4G
Size:	746480
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\qt5network.dll
Category:	dropped
Dump:	qt5network.dll.0.dr
ID:	dr_75
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.41486755163134
Encrypted:	false
Ssdeep:	24576:eXPn73RXox1U9M0m+1ffSDY565RzHUY1iaRy95hdGehEM:+7hXU1U95m4ff9A5RviaRy9NGI
Size:	1340400
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\qt5printsupport.dll
Category:	dropped
Dump:	qt5printsupport.dll.0.dr
ID:	dr_76
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.4458228745525155
Encrypted:	false
Ssdeep:	6144:809B+97t6UOTX3jrhVzgUA2GqWss4G+1gr7pGZmS0bZqXxtUPNs+5o/83+G2jW7:80v4p6UOjzQR0W7
Size:	317424
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\qt5qml.dll
Category:	dropped
Dump:	qt5qml.dll.0.dr
ID:	dr_77
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.333693598000157
Encrypted:	false
Ssdeep:	98304:iPnt09+kVh2NrSdSG779LLLS/o/L4YqoY0Xba+mRRH2T:iPnt2ZVhT
Size:	3591664
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\qt5qmlmodels.dll
Category:	dropped
Dump:	qt5qmlmodels.dll.0.dr
ID:	dr_78
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.312090336793804
Encrypted:	false
Ssdeep:	6144:k1tE6lq982HdyuEZ5gw+VHDZjZ0yOWm7Vdcm4GyasLCZCu6vdQp:k1tEuq9Hdyuo5gwguyOtVIup
Size:	438768
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\qt5quick.dll
Category:	dropped
Dump:	qt5quick.dll.0.dr
ID:	dr_79
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.462183686222023
Encrypted:	false
Ssdeep:	49152:EcDwCQsvkBD+ClI3IAVLA7Tr15SokomoqxQhT2bAssCFEUGX5ig:E7CKPsA3p0Z/QV/sS3Ag
Size:	4148720
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\qt5svg.dll
Category:	dropped
Dump:	qt5svg.dll.0.dr
ID:	dr_90
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.381828869454302
Encrypted:	false
Ssdeep:	6144:6qLZcTC3wR/0JNZ+csBkBv0L0hq+SvcO8MsvwbIeblsjTR:6qNcCwqHE2fYlsPR
Size:	330736
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\qt5websockets.dll
Category:	dropped
Dump:	qt5websockets.dll.0.dr
ID:	dr_91
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.116105454277536
Encrypted:	false
Ssdeep:	3072:4sSkET6pEXb3loojg1Q2sorWvZXF2sorrLA7cG27Qhvvc:4sSd6pwzloDbsnX0sCrc7ct7QVc
Size:	149488
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\qt5widgets.dll
Category:	dropped
Dump:	qt5widgets.dll.0.dr
ID:	dr_92
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.619117060971844
Encrypted:	false
Ssdeep:	49152:KO+LIFYAPZtMym9RRQ7/KKIXSewIa/2Xqq1sfeOoKGOh6EwNmiHYYwBrK8KMlH0p:IGoKZdRqJD10rK8KMlH0gi5GX0oKZ
Size:	5498352
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\regex\_regex.pyd
Category:	dropped
Dump:	_regex.pyd.0.dr
ID:	dr_109
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.484899841866105
Encrypted:	false
Ssdeep:	6144:wQW9qWlgJWRX3ICR2O91mivawUuO7KokluT4gZiIo:w2K7XYS9Biw/kqW4V
Size:	646144
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\sdl2.dll
Category:	dropped
Dump:	sdl2.dll.0.dr
ID:	dr_93
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
Entropy:	6.1101676126491045
Encrypted:	false
Ssdeep:	49152:otGVV4xwK5c4rvVO2ard4oZut2BRcfcK:f4GrBGc
Size:	2227712
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\sdl2_image.dll
Category:	dropped
Dump:	sdl2_image.dll.0.dr
ID:	dr_94
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64 (stripped to external PDB), for MS Windows
Entropy:	6.248060009482749
Encrypted:	false
Ssdeep:	3072:6bsejIuO504fzsOM05Nmy7iGpJ7SvFisgf:6bmX0qQOhmyPs
Size:	125440
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\sdl2_mixer.dll
Category:	dropped
Dump:	sdl2_mixer.dll.0.dr
ID:	dr_95
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64 (stripped to external PDB), for MS Windows
Entropy:	6.31428829821482
Encrypted:	false
Ssdeep:	3072:GeCtxSl2NCjItkjr2tXYsxSfbWO1i9ssFo2Bm:GeCtslnsw2YsxSZ1KssFo2B
Size:	123904
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\sdl2_ttf.dll
Category:	dropped
Dump:	sdl2_ttf.dll.0.dr
ID:	dr_96
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64 (stripped to external PDB), for MS Windows
Entropy:	5.651428871159069
Encrypted:	false
Ssdeep:	768:ch6nyBqTviPRGTSJuhrLSA9JT1vZgZDAMABz1w:U6yBqeITSm9HW7F
Size:	33792
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\select.pyd
Category:	dropped
Dump:	select.pyd.0.dr
ID:	dr_97
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.048170705523046
Encrypted:	false
Ssdeep:	384:FekE2XR1G6sOhmQI2HTRcqJcE99qT3dI8qGvnYPLxDG4y8Z6K9:F9csXHN/d9qT3dI8qGvWDG4yM
Size:	27152
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\simplejson\_speedups.pyd
Category:	dropped
Dump:	_speedups.pyd.0.dr
ID:	dr_120
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.790440747175544
Encrypted:	false
Ssdeep:	768:xAaUlpGSTGja3FdVoufWs7T7zpR286UH:xz440Voufl7O86E
Size:	39936
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\sqlite3.dll
Category:	dropped
Dump:	sqlite3.dll.0.dr
ID:	dr_98
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.5549229978521035
Encrypted:	false
Ssdeep:	24576:aHbbPP0RD/xNFJGBEumSLvNNB6P7arPg99uK1dXOsB4P:ebbPsRDJNF45TNNB6P7arPg6KOmy
Size:	1268752
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\ssleay32.dll
Category:	dropped
Dump:	ssleay32.dll.0.dr
ID:	dr_99
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.122702766666827
Encrypted:	false
Ssdeep:	6144:40HTL9wWNf4yMpLc5AdAZSNSxKqpZfyxDEagXPwkqHSu7miSOKIDermsP8CyjzLI:40HTL9wWNf/Mpg5AdAZSNUh/fyxDEagt
Size:	361984
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\tcl86t.dll
Category:	dropped
Dump:	tcl86t.dll.0.dr
ID:	dr_110
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.496511987047776
Encrypted:	false
Ssdeep:	24576:umJTd0nVi/Md3bupZkKBhWPRIlq5YZ6a2CXH7oZgKGc+erWJUVWyubuapwQDlaTR:umJTd4iMwXH7oZgKb++BVL4B+GITgr0h
Size:	1705120
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\tk86t.dll
Category:	dropped
Dump:	tk86t.dll.0.dr
ID:	dr_111
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.165850680457804
Encrypted:	false
Ssdeep:	24576:J7+Vm6O8hbcrckTNrkhaJVQhWnmb7u/DSe9qT03ZjLmFMoERDY5TUT/tXzddGyIK:JCQ69cYY9JVQWx/DSe9qTqJLUMPsJUT/
Size:	1468064
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\unicodedata.pyd
Category:	dropped
Dump:	unicodedata.pyd.0.dr
ID:	dr_112
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.327852618149687
Encrypted:	false
Ssdeep:	12288:ge+YbeoEYa6l0SYxytHcQJJwEI+V/IFx7agsSJNzkRoEVnOPmrZ6bK:ge+BN6axoc1r+VUx7agnNctOo6K
Size:	1073680
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\vcruntime140.dll
Category:	dropped
Dump:	vcruntime140.dll.0.dr
ID:	dr_113
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.50974924823557
Encrypted:	false
Ssdeep:	1536:JiOTTyNdd/mqN5fomseOpLJ5UP4nVnWecbtGgcNZVKL:JD4Vzgh5UXecbt2ju
Size:	87864
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\vcruntime140_1.dll
Category:	dropped
Dump:	vcruntime140_1.dll.0.dr
ID:	dr_114
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.627837381503075
Encrypted:	false
Ssdeep:	384:Aim/NRETi8kykt25HwviU5fJUiP2551xWmbTqOA7SXf+Ny85xM8ATJWr3KWoC8cS:0Ie8kySL2iPQxdvjAevcMESW5lxJG
Size:	44528
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\yarl\_quoting_c.pyd
Category:	dropped
Dump:	_quoting_c.pyd.0.dr
ID:	dr_121
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.996142689601423
Encrypted:	false
Ssdeep:	1536:9S/jLqQYflHPzmrotwTJcz7/P0TUTIkbjM9VwpGZD1G/fdzJ:9S/mdHPadTW/Rk/ZDyfdl
Size:	80384
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\zlib1.dll
Category:	dropped
Dump:	zlib1.dll.0.dr
ID:	dr_115
Target ID:	0
Process:	C:\Users\user\Desktop\msupdate.exe
Type:	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
Entropy:	6.422076432206121
Encrypted:	false
Ssdeep:	3072:wLmjK8n5MYk+NqZSB23eRenGvTBfs9Yy0J:wLl8n5MYCjFnaTBwYy0
Size:	108544
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\Crypto\Cipher\_Salsa20.pyd
Category:	dropped
Dump:	_Salsa20.pyd.14.dr
ID:	dr_253
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.043023051517476
Encrypted:	false
Ssdeep:	192:SF/1nb2eqCQtkluknuz4ceS4QDuBA7cqgYvEP:o2P6luLtn4QDKmgYvEP
Size:	13824
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\Crypto\Cipher\_raw_aes.pyd
Category:	dropped
Dump:	_raw_aes.pyd.14.dr
ID:	dr_254
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.5538426720189396
Encrypted:	false
Ssdeep:	384:3f+7nYpPMedFDlDchrVX1mEVmT9ZgkoD/PKDkGuF0U390QOo8VdbKBWmuvLg4HPy:PqWB7YJlmLJ3oD/S4j990th9VvsC
Size:	36352
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\Crypto\Cipher\_raw_aesni.pyd
Category:	dropped
Dump:	_raw_aesni.pyd.14.dr
ID:	dr_255
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.285321423775064
Encrypted:	false
Ssdeep:	192:wJBjJPqZkEPYinXKccxrEWx4xLquhS3WQ67EIfD4d1ccqgwYUMvEW:iURwin7mrEYCLEGd7/fDawgwYUMvE
Size:	15872
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\Crypto\Cipher\_raw_cbc.pyd
Category:	dropped
Dump:	_raw_cbc.pyd.14.dr
ID:	dr_256
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	4.737934511632203
Encrypted:	false
Ssdeep:	192:8F/1nb2eqCQtkrKnlPI12D00acqgYvEn:W2P6KlPe2DIgYvEn
Size:	12288
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\Crypto\Cipher\_raw_cfb.pyd
Category:	dropped
Dump:	_raw_cfb.pyd.14.dr
ID:	dr_257
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	4.896113420654944
Encrypted:	false
Ssdeep:	192:kzRgPfqLlvIOP3bdS2hkPUDkjoCM/vPXcqgzQkvEmO:kUYgAdDkUDlCWpgzQkvE
Size:	13824
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\Crypto\Cipher\_raw_ctr.pyd
Category:	dropped
Dump:	_raw_ctr.pyd.14.dr
ID:	dr_258
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.296941042514949
Encrypted:	false
Ssdeep:	192:dJ1gSPqgKkwv0i8NSixSK57NEEE/qexcEtDrnDjRcqgUF6+6vEX:dE1si8NSixS0CqebtDfrgUUjvE
Size:	14848
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\Crypto\Cipher\_raw_ecb.pyd
Category:	dropped
Dump:	_raw_ecb.pyd.14.dr
ID:	dr_259
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	4.58491776551014
Encrypted:	false
Ssdeep:	96:zK0KVVdJvbrqTuy/Th/Y0IluLfcC75JiCKs89EpmFWLOXDwoPPj16XkcX6gbW6z:z2VddiTHThQTctEEI4qXD/1CkcqgbW6
Size:	10752
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\Crypto\Cipher\_raw_eksblowfish.pyd
Category:	dropped
Dump:	_raw_eksblowfish.pyd.14.dr
ID:	dr_260
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.13818726721959
Encrypted:	false
Ssdeep:	384:IU/5cRUtPMbNv37t6KjjNrDF6pJgLa0Mp8Qk0gYP2lcCM:hKR8EbxwKflDFQgLa1kzP
Size:	22016
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\Crypto\Cipher\_raw_ocb.pyd
Category:	dropped
Dump:	_raw_ocb.pyd.14.dr
ID:	dr_261
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.344975505079875
Encrypted:	false
Ssdeep:	384:UzPHdP3Mj7Be/yB/MsB3yRcb+IqcOYoQViCBD81g6Vf4A:UPcnB8KEsB3ocb+pcOYLMCBDx
Size:	17920
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\Crypto\Cipher\_raw_ofb.pyd
Category:	dropped
Dump:	_raw_ofb.pyd.14.dr
ID:	dr_262
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	4.732524211136862
Encrypted:	false
Ssdeep:	192:sF/1nb2eqCQtkgU7L9D0V70fcqgYvEJPb:m2P6L9DAAxgYvEJj
Size:	12288
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\Crypto\Hash\_BLAKE2s.pyd
Category:	dropped
Dump:	_BLAKE2s.pyd.14.dr
ID:	dr_263
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.17157470367637
Encrypted:	false
Ssdeep:	192:pF/1nb2eqCQt7fSxp/CJPvADQRntxSOvbcqgEvcM+:12PNKxZWPIDmxVlgEvL
Size:	14336
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\Crypto\Hash\_MD5.pyd
Category:	dropped
Dump:	_MD5.pyd.14.dr
ID:	dr_264
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.463458228413267
Encrypted:	false
Ssdeep:	192:UIyZ9WfqP7M93g8UdsoS1hhiBvzcuiDSjeoGmDZfRBP0rcqgjPrvE:UqA0gHdzS1MwuiDSyoGmDxr89gjPrvE
Size:	15360
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\Crypto\Hash\_SHA1.pyd
Category:	dropped
Dump:	_SHA1.pyd.14.dr
ID:	dr_265
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.681553876702266
Encrypted:	false
Ssdeep:	384:UzPHdP3MjeQTh+QAZUUw8lMF6DW1tgj+kf4:EPcKQT3iw8lfDsej+
Size:	17920
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\Crypto\Hash\_SHA256.pyd
Category:	dropped
Dump:	_SHA256.pyd.14.dr
ID:	dr_266
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.90271944005012
Encrypted:	false
Ssdeep:	384:U1ljwG2JaQaqvYHp5RYcARQOj4MSTjqgPm4DwxregjxojS:AjwLJbZYtswvbDwxr7jUS
Size:	21504
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\Crypto\Hash\_ghash_clmul.pyd
Category:	dropped
Dump:	_ghash_clmul.pyd.14.dr
ID:	dr_267
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.019867964622382
Encrypted:	false
Ssdeep:	192:HRF/1nb2eqCQtkbsAT2fixSrdYDtHymjcqgQvEW:Hd2P6bsK4H+D4wgQvEW
Size:	12800
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\Crypto\Hash\_ghash_portable.pyd
Category:	dropped
Dump:	_ghash_portable.pyd.14.dr
ID:	dr_268
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.015378888018285
Encrypted:	false
Ssdeep:	192:IF/1nb2eqCQtks0iiNqdF4mtPjD0wA5LPYcqgYvEL2x:i2P6fFA/4GjD4cgYvEL2x
Size:	13312
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\Crypto\Protocol\_scrypt.pyd
Category:	dropped
Dump:	_scrypt.pyd.14.dr
ID:	dr_269
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	4.795317235666895
Encrypted:	false
Ssdeep:	192:kJkCffqPSTMeAk4OeR64ADp5i6RcqgO5vE:kXZMcPeR64ADu63gO5vE
Size:	12288
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\Crypto\Util\_cpuid_c.pyd
Category:	dropped
Dump:	_cpuid_c.pyd.14.dr
ID:	dr_270
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	4.7372077697895945
Encrypted:	false
Ssdeep:	192:zWVddiTHThQTctEEaEDKDvMRWJcqgbW6:SMdsc+EaEDKDvCWvgbW
Size:	10240
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\Crypto\Util\_strxor.pyd
Category:	dropped
Dump:	_strxor.pyd.14.dr
ID:	dr_271
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	4.693475725745118
Encrypted:	false
Ssdeep:	96:zuZVVdJvbrqTuy/Th/Y0IluLfcC75JiCKs89EMz3DVWMot4BcX6gbW6O:zUVddiTHThQTctEEO3DloKcqgbW6
Size:	10240
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\PIL\_imaging.pyd
Category:	dropped
Dump:	_imaging.pyd.14.dr
ID:	dr_272
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.459337580131227
Encrypted:	false
Ssdeep:	49152:koa4DDDK7v1T+bKpf6/ulLrLrLrLKg+JYWjHBF7:1K7v1TWX2q
Size:	2428928
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\PIL\_imagingcms.pyd
Category:	dropped
Dump:	_imagingcms.pyd.14.dr
ID:	dr_273
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.280201200423917
Encrypted:	false
Ssdeep:	6144:kFuq195UQ/b/8yRI7O4T9HFLg9uP1+74/LgHmPr9qvZqhLanLTLzLfqeqwL1Je0s:kFuqL5UfT9HFLg9uP1+74/LgHmPr9qvK
Size:	257536
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\PIL\_imagingft.pyd
Category:	dropped
Dump:	_imagingft.pyd.14.dr
ID:	dr_274
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.766846496259483
Encrypted:	false
Ssdeep:	24576:RGxm3UN0DyIeCzhYTUrU55IUYcEe7/t8fV7MZgyzcO0PEXbZ5Ap4Xfo45:ox4SfC2TUO5HCI/et+gytfo4
Size:	1652736
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\PIL\_imagingtk.pyd
Category:	dropped
Dump:	_imagingtk.pyd.14.dr
ID:	dr_275
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.016426536954842
Encrypted:	false
Ssdeep:	192:dLWyIXW4r4fhDBg3hB2tCIpg7or9edH58IPpElVysUA4ckgT1G:dL7IXr45DBg3hB2V9eswpsVyZA2gTQ
Size:	15872
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\PIL\_webp.pyd
Category:	dropped
Dump:	_webp.pyd.14.dr
ID:	dr_276
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.580984741686164
Encrypted:	false
Ssdeep:	12288:wyN9n89fa3Z6utaazqLrLrLrLaCCKVtNaIKJQIJzK:wV9ypLqLrLrLrLaCCKEIyQIJzK
Size:	531456
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\PyQt5\QtCore.pyd
Category:	dropped
Dump:	QtCore.pyd.14.dr
ID:	dr_277
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.240133820704683
Encrypted:	false
Ssdeep:	49152:aWYt+wPbTcSKSCcHFpXEqzhDarD9HDXTk5am3QSQK4ZAzYI+1ZdAEDGmtV/U3bwN:jSKSCcHFpXEqzhDarD9HDXTk5am3QSQO
Size:	2467840
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\PyQt5\QtGui.pyd
Category:	dropped
Dump:	QtGui.pyd.14.dr
ID:	dr_278
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.233473435581707
Encrypted:	false
Ssdeep:	49152:eq1Bdy8kK+zqwXSkaGV0COyxNkFAEfYoyWbP:dLdiznbTjO
Size:	2482688
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\PyQt5\QtWidgets.pyd
Category:	dropped
Dump:	QtWidgets.pyd.14.dr
ID:	dr_279
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.251608446485404
Encrypted:	false
Ssdeep:	49152:I6qnQByIoLSo7MMVjv7pekxL3UNmN61ZA+gca6xSdJzqNQ9SbBanj1Mxf5uJa:WxI/kMaz7YsgNDG90+VimCOa
Size:	5092864
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\PyQt5\qt-plugins\iconengines\qsvgicon.dll
Category:	dropped
Dump:	qsvgicon.dll.14.dr
ID:	dr_281
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.0993566622860635
Encrypted:	false
Ssdeep:	768:VPs5g31JfDgej5JZmA0ZsEEC6lmn+4FdDGimUf2hr:VkC31ee7ZmA+sEEC6lmn+4FOUfc
Size:	41968
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\PyQt5\qt-plugins\imageformats\qgif.dll
Category:	dropped
Dump:	qgif.dll.14.dr
ID:	dr_282
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.0316011626259405
Encrypted:	false
Ssdeep:	768:ygk2hM0GskFtvPCjEIxh8eDzFyPddeeGvnhotdDGPUf2he:yN2a05kfPOEMaeDzFkddeFnhotOUfh
Size:	39408
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\PyQt5\qt-plugins\imageformats\qicns.dll
Category:	dropped
Dump:	qicns.dll.14.dr
ID:	dr_283
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.016125225197622
Encrypted:	false
Ssdeep:	768:vEip0IlhxTDxut3dnm8IyAmQQ3ydJouEAkNypTAO0tfC3apmsdDG9Uf2hU:vxvXxgVIyA23ydJlEATpTAO0tfCKpms/
Size:	45040
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\PyQt5\qt-plugins\imageformats\qico.dll
Category:	dropped
Dump:	qico.dll.14.dr
ID:	dr_284
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.957072398645384
Encrypted:	false
Ssdeep:	768:zBXBEfQiAzC9Oh5AS7a3Z5OGrTDeV9mp7nnsWdDGgYUf2hi/:8JAzuOhy3zOGrTDeV9mp7nnsWjYUfz
Size:	38384
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\PyQt5\qt-plugins\imageformats\qjpeg.dll
Category:	dropped
Dump:	qjpeg.dll.14.dr
ID:	dr_285
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.7491063936821405
Encrypted:	false
Ssdeep:	6144:USgOWz1eW38u9tyh6fpGUasBKTrsXWwMmH1l3JM5hn0uEfB4:USPQTnastBRB4
Size:	421360
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\PyQt5\qt-plugins\imageformats\qsvg.dll
Category:	dropped
Dump:	qsvg.dll.14.dr
ID:	dr_286
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.978149408776758
Encrypted:	false
Ssdeep:	768:uOVKDlJJVlTuLiMtsKVG7TSdDG9Uf2h4e:hVgJVlTuL/tsKVG7TSQUfre
Size:	32240
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\PyQt5\qt-plugins\imageformats\qtga.dll
Category:	dropped
Dump:	qtga.dll.14.dr
ID:	dr_287
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.865766652452823
Encrypted:	false
Ssdeep:	768:1lGALluUEAQATWQ79Z2Y8Ar+dDG2vUf2hF:TZl/EH8WQ794Y8Ar+hvUfm
Size:	31728
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\PyQt5\qt-plugins\imageformats\qtiff.dll
Category:	dropped
Dump:	qtiff.dll.14.dr
ID:	dr_288
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.724665470266677
Encrypted:	false
Ssdeep:	6144:V0jqHiFBaRe0GPAKwP15e7xrEEEEEEN024Rx/3tkYiHUASQbs/l7OanYoOgyV:0qqwP15bx/q7/yyV
Size:	390128
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\PyQt5\qt-plugins\imageformats\qwbmp.dll
Category:	dropped
Dump:	qwbmp.dll.14.dr
ID:	dr_289
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.938644231596902
Encrypted:	false
Ssdeep:	768:EfEM3S46JE2X/xBZ76pC5J6GdDGZUf2h4:63S3JE2PHZ76pC5J6GEUfn
Size:	30192
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\PyQt5\qt-plugins\imageformats\qwebp.dll
Category:	dropped
Dump:	qwebp.dll.14.dr
ID:	dr_290
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.605517748735854
Encrypted:	false
Ssdeep:	12288:bPTjgdqdsvh+LrLrLrL5/y4DVHAsqx3hXS+oPZQqRaYG:jT5sMLrLrLrL5q4dAsaOFo
Size:	510448
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\PyQt5\qt-plugins\mediaservice\dsengine.dll
Category:	dropped
Dump:	dsengine.dll.14.dr
ID:	dr_291
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.15513142093455
Encrypted:	false
Ssdeep:	6144:+t6LjqQ5qwlL5536MDPlk1B9/f9EQlK13EsOyo+FRrzu:+sLWQwwT53dJA+FRrzu
Size:	301040
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\PyQt5\qt-plugins\mediaservice\qtmedia_audioengine.dll
Category:	dropped
Dump:	qtmedia_audioengine.dll.14.dr
ID:	dr_292
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.915530709928927
Encrypted:	false
Ssdeep:	1536:CX+k4JfQEzxmtbtXd8UxpzFV03X8GhCMIZm4XUfo:CyJBxm3XKUHzGhCMIZf/
Size:	68080
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\PyQt5\qt-plugins\mediaservice\wmfengine.dll
Category:	dropped
Dump:	wmfengine.dll.14.dr
ID:	dr_293
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.0609445635731305
Encrypted:	false
Ssdeep:	3072:W4vMUHhXLy+Duac3hiMGY3XQtjNjFiUipnrNg9KoHosdi:2eySuaQxejN4UipnrNg9XHoei
Size:	208368
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\PyQt5\qt-plugins\platforms\qminimal.dll
Category:	dropped
Dump:	qminimal.dll.14.dr
ID:	dr_294
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.625808732261156
Encrypted:	false
Ssdeep:	12288:y6MhioHKQ1ra8HT+bkMY8zKI4kwU7dFOTTYfEWmTxbwTlWc:BMhioHKQp+bkjAjwGdFSZtbwBd
Size:	844784
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\PyQt5\qt-plugins\platforms\qoffscreen.dll
Category:	dropped
Dump:	qoffscreen.dll.14.dr
ID:	dr_295
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.6323155845799695
Encrypted:	false
Ssdeep:	12288:/HpBmyVIRZ3Tck83vEgex5aebusGMIlhLfEWmpCJkl:/HpB63TckUcLaHMITAZmW
Size:	754672
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\PyQt5\qt-plugins\platforms\qwebgl.dll
Category:	dropped
Dump:	qwebgl.dll.14.dr
ID:	dr_296
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.152380961313931
Encrypted:	false
Ssdeep:	6144:WO/vyK+DtyaHlIMDhg5WEOvAwKB2VaaHeqRw/yVfYu4UnCA6DEjeYchcD+1Zy2:bKtHOWg5OvAwK0NYu4AShcD+1U2
Size:	482288
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\PyQt5\qt-plugins\platforms\qwindows.dll
Category:	dropped
Dump:	qwindows.dll.14.dr
ID:	dr_297
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.575113537540671
Encrypted:	false
Ssdeep:	24576:4mCSPJrAbXEEuV9Hw2SoYFo3HdxjEgqJkLdLu5qpmZuhg/A2b:nPlIEEuV9Hw2SFFWHdWZsdmqja/A2b
Size:	1477104
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\PyQt5\qt-plugins\platformthemes\qxdgdesktopportal.dll
Category:	dropped
Dump:	qxdgdesktopportal.dll.14.dr
ID:	dr_298
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.125954940500008
Encrypted:	false
Ssdeep:	1536:Nt4B1RLj3S6TtH2sweUH+Hz6/4+D6VFsfvUfO:AB1RHFdoeUs6/4O6VFSZ
Size:	68592
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\PyQt5\qt-plugins\printsupport\windowsprintersupport.dll
Category:	dropped
Dump:	windowsprintersupport.dll.14.dr
ID:	dr_299
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.083938612859037
Encrypted:	false
Ssdeep:	768:PY5ff1eZ5yUgg+mpYPyU6bZAnhdbfLLAARljIFuzdDG9Uf2hFc:PY5X1ez9DYaUQZAnhJz8ARljmuzAUf1
Size:	55280
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\PyQt5\qt-plugins\styles\qwindowsvistastyle.dll
Category:	dropped
Dump:	qwindowsvistastyle.dll.14.dr
ID:	dr_300
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.294675868932723
Encrypted:	false
Ssdeep:	3072:rrjwZ43rCOtrBk7wcR0l7wBlaL6BtIEt51T0Nhkqg8FoQY:7hZu9R0l7wFBtIEt51T0Nuqg8JY
Size:	144368
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\PyQt5\sip.pyd
Category:	dropped
Dump:	sip.pyd.14.dr
ID:	dr_280
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.013239668983001
Encrypted:	false
Ssdeep:	3072:ffo4ygrnRYa5v7Wbj8F4HwSvQxoodR89X1f:44yQOa5jWnW4wSoPR2f
Size:	121344
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\_asyncio.pyd
Category:	dropped
Dump:	_asyncio.pyd.14.dr
ID:	dr_317
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.899692891859365
Encrypted:	false
Ssdeep:	1536:P/NHFMdDgugn5BHr/1Rq6mMxnBGpI8snaqy27:X/485x1Rq6mgncpI8snaw7
Size:	73744
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\_brotli.pyd
Category:	dropped
Dump:	_brotli.pyd.14.dr
ID:	dr_318
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.094087296276298
Encrypted:	false
Ssdeep:	12288:0+xM/y+Sd0o1zYbCUAHhlyE8ZXTw05nmZfRr+Tw:0+ylSTzYtAIiAmZfRrw
Size:	857600
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\_bz2.pyd
Category:	dropped
Dump:	_bz2.pyd.14.dr
ID:	dr_319
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.337586298062742
Encrypted:	false
Ssdeep:	1536:DGb6DBCvurMRnQhVx8/Nlv+SSm9YmFN87Xgq4ToV+dypRI84VAyE:abfXyg7pp9TC7Xgq4ToV+kRI84VY
Size:	94736
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\_cffi_backend.pyd
Category:	dropped
Dump:	_cffi_backend.pyd.14.dr
ID:	dr_320
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.199103831906969
Encrypted:	false
Ssdeep:	3072:fuDhqvb8EFiB2SAxCapLigdLnqH1nWShafSmnS791/9d9CdhjkhneKGg:fuDcz8EFfSAxzigdWnW1fSWWmhjkhneU
Size:	181760
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\_ctypes.pyd
Category:	dropped
Dump:	_ctypes.pyd.14.dr
ID:	dr_321
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.962671714439977
Encrypted:	false
Ssdeep:	1536:bRyGuR/8oD9tR2yHBIjxBaVGTODsAR04D0RfUGpd0/b8aMgiadI8VPEye:bcDd8oM+kBVQ/8f5pdObL7dI8VPG
Size:	132624
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\_decimal.pyd
Category:	dropped
Dump:	_decimal.pyd.14.dr
ID:	dr_322
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.490803702039132
Encrypted:	false
Ssdeep:	6144:16wN+Xkv3Pt2R4ihr6iboTfWebtedJ/gqWya38LWuAxR:U4ExW4oTdoC3R
Size:	267280
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\_elementtree.pyd
Category:	dropped
Dump:	_elementtree.pyd.14.dr
ID:	dr_323
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.299632329784148
Encrypted:	false
Ssdeep:	3072:eA5zdNfn+gUP4DoqYjDn0sYwtk9/h337lm2Fad8u2JyoMMMMMMF4S1jzhI8AfC:eAxL/+gUPJjD0sYw6nBmRQye1jz3
Size:	207888
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\_hashlib.pyd
Category:	dropped
Dump:	_hashlib.pyd.14.dr
ID:	dr_324
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.959951673192366
Encrypted:	false
Ssdeep:	768:AyvaHXGH0o9MBl7nqHQ03dpI8sIZhWDG4yfkO:UKnyBlmHQadpI8sIZcyMO
Size:	38928
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\_lzma.pyd
Category:	dropped
Dump:	_lzma.pyd.14.dr
ID:	dr_325
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.6945247495968045
Encrypted:	false
Ssdeep:	3072:KCvUDHEIzx6yBexOV3fNDjGTtDlQxueKd03DV8tv9XIGIPExZJV9mNoA2v1kqnfE:tvUtdBexOlNDk+xTKg8tlJKyXYOAC1Lc
Size:	176144
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\_multiprocessing.pyd
Category:	dropped
Dump:	_multiprocessing.pyd.14.dr
ID:	dr_326
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.960619050057232
Encrypted:	false
Ssdeep:	384:iPzxbi1duybZ93GDXIV0Y5FoTewHJ4nhB/5I8kBLheX1nYPLxDG4y8SNu7:imeIxo6wuH/5I8kthelWDG4ya7
Size:	29712
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\_overlapped.pyd
Category:	dropped
Dump:	_overlapped.pyd.14.dr
ID:	dr_327
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.925988445470974
Encrypted:	false
Ssdeep:	768:U4ljYOwns/tk8iin8alqEahsMJrrnoYIJVI8JtAWDG4yCO:TjtKPsMJrUVI8JtNyp
Size:	46096
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\_portaudio.pyd
Category:	dropped
Dump:	_portaudio.pyd.14.dr
ID:	dr_328
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.338498984880818
Encrypted:	false
Ssdeep:	6144:qEjjWdIr9nzXLiM2elPMQ8EsPvoD+24sqRA:qEjtcM7gvr3F
Size:	301056
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\_queue.pyd
Category:	dropped
Dump:	_queue.pyd.14.dr
ID:	dr_329
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.982244926544283
Encrypted:	false
Ssdeep:	384:lDZ54qTq9Qe//7vWXhTR/cEI6rgdI8qU8nYPLxDG4y8HmsuEyo:p4qwQ0WRtS6rgdI8qU8WDG4y6XuEyo
Size:	28176
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\_socket.pyd
Category:	dropped
Dump:	_socket.pyd.14.dr
ID:	dr_330
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.0942584309558985
Encrypted:	false
Ssdeep:	1536:vG/A9Fu5OEPenRXk5d2jw/hEdFcvY+RgOmkcH7dI8VwYyo:e/Anu5OEPenRXRjw/h0FcvYcgOmkcbdV
Size:	76816
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\_sqlite3.pyd
Category:	dropped
Dump:	_sqlite3.pyd.14.dr
ID:	dr_331
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.875335952288727
Encrypted:	false
Ssdeep:	1536:eaiMwScZ7vJXjYS2bYETEVVRm4j6YpJ8Qi7wCEy2LpI8sQH8Zyrr:a9SE77R58Yz8n7wCfOpI8sQcAr
Size:	88592
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\_ssl.pyd
Category:	dropped
Dump:	_ssl.pyd.14.dr
ID:	dr_332
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.015568704435241
Encrypted:	false
Ssdeep:	3072:B9+/8UxGzqHYjeS0Woia4TMpi6EPQNvURI847uHV:b+UUxGiY8Wo1UVV
Size:	120848
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\_tkinter.pyd
Category:	dropped
Dump:	_tkinter.pyd.14.dr
ID:	dr_333
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.022045168499411
Encrypted:	false
Ssdeep:	1536:wZSaB9UmU+YBYGnmmwe06hcvfyRiDpI8sS1yh:wZSDoe0FvfyRiDpI8sSo
Size:	69648
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\aiohttp\_helpers.pyd
Category:	dropped
Dump:	_helpers.pyd.14.dr
ID:	dr_301
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.693567055904789
Encrypted:	false
Ssdeep:	768:1UCU7LAkMMvUvtjstglOz2EidyxoWR9hVpBqnpE7sbzakcq:DVJTJSTzPZTnpsgs/
Size:	40448
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\aiohttp\_http_parser.pyd
Category:	dropped
Dump:	_http_parser.pyd.14.dr
ID:	dr_302
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.10666779226306
Encrypted:	false
Ssdeep:	3072:z1KrrdmOChmfhoNhE7H4qEa+0s+1j1RxfEQ1Zd:ArZGY73EaN1hL1f
Size:	220160
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\aiohttp\_http_writer.pyd
Category:	dropped
Dump:	_http_writer.pyd.14.dr
ID:	dr_303
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.74813879490357
Encrypted:	false
Ssdeep:	768:zQn96aluGuR1GxIBctGW3kJOvhlygNMuZzw:Utfu/mAOHMuB
Size:	36352
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\aiohttp\_websocket.pyd
Category:	dropped
Dump:	_websocket.pyd.14.dr
ID:	dr_304
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.4304573666415985
Encrypted:	false
Ssdeep:	384:6VuTABF4IYYKeg5qBtuHtsR4pLi9Pbb6lRNeyMSEJorsfqzl8eqSguxE:6VE0+IYZeg5qCtpLi9PbeRcyMSEJTy+h
Size:	24064
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\bcrypt\_bcrypt.pyd
Category:	dropped
Dump:	_bcrypt.pyd.14.dr
ID:	dr_305
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.264879673315508
Encrypted:	false
Ssdeep:	384:XKBxYvCc//KEdvX020YfLecJay5e0bxpJgLa0Mp8D0ekPwqOw7:zv3tdvk8Tle0gLa1SPd
Size:	31744
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\certifi\cacert.pem
Category:	dropped
Dump:	cacert.pem.14.dr
ID:	dr_306
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	ASCII text
Entropy:	6.049584029751259
Encrypted:	false
Ssdeep:	6144:QW1H/M8f9R0mNpliXCRrwADwYCuMEigT/Q5MSRqNb7d8l:QWN/vRLNL4CRrBC5MWavd0
Size:	285222
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\concrt140.dll
Category:	dropped
Dump:	concrt140.dll.14.dr
ID:	dr_334
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.325295618585691
Encrypted:	false
Ssdeep:	6144:2VwR2xhiXuz1BxUBE0I3umFKuLHqvqNXV4rnWzgCEcl:Vs9zGEj3saz7l
Size:	317208
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\cryptography\hazmat\bindings\_openssl.pyd
Category:	dropped
Dump:	_openssl.pyd.14.dr
ID:	dr_307
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.5600156596934625
Encrypted:	false
Ssdeep:	49152:LIU6ioeGtlqTVwASOICDs+JhX3wHqg+dhptXdqCHJYN1QwhIC4Fjz80nciTOzNqm:k+IkEs7JYNgFjz80cDh1YFZdZBT
Size:	3962880
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\cryptography\hazmat\bindings\_rust.pyd
Category:	dropped
Dump:	_rust.pyd.14.dr
ID:	dr_308
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.148502058477941
Encrypted:	false
Ssdeep:	24576:j/bXNabjIX1FSCD2Ai8tExl6/RA11zz5Wp3BabkGon9wC3f+um4aFu:PQjIX1FSCD2Ai8tE2aYUz
Size:	1593344
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\cv2\cv2.pyd
Category:	dropped
Dump:	cv2.pyd.14.dr
ID:	dr_309
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.741890175139891
Encrypted:	false
Ssdeep:	393216:ZH7PCXZQzJy4TWVv2/Eidszo7ARI5WEzq8E0vSH3nKBuT8CpX8GxWaHLiAUmYuk4:SQzJDWVv6dYReGxH3KB2XzhE2/sHs
Size:	87928320
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\frozenlist\_frozenlist.pyd
Category:	dropped
Dump:	_frozenlist.pyd.14.dr
ID:	dr_310
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.760625162582072
Encrypted:	false
Ssdeep:	768:3Ngp0st7ryWLy95UHJOBCSOFwR6Cy/92PwxjEM7HiXrxwkulWcB2:3NFsrUcJHSgww3/92PnM7HiXrxpu8c
Size:	53248
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\libcrypto-1_1.dll
Category:	dropped
Dump:	libcrypto-1_1.dll.14.dr
ID:	dr_335
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.094152840203032
Encrypted:	false
Ssdeep:	98304:R3+YyRoAK2rXHsoz5O8M1CPwDv3uFh+r:t9yWAK2zsozZM1CPwDv3uFh+r
Size:	3399200
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\libeay32.dll
Category:	dropped
Dump:	libeay32.dll.14.dr
ID:	dr_195
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.7573278120063724
Encrypted:	false
Ssdeep:	49152:iIGHW0Tlp28IQfPxwmUie+7IdlmQIU6iShqjQPPjWW8:ijHKqfw0v+qqjQDWW8
Size:	1988608
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\libfreetype-6.dll
Category:	dropped
Dump:	libfreetype-6.dll.14.dr
ID:	dr_197
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
Entropy:	6.4460699567644255
Encrypted:	false
Ssdeep:	12288:w7AvRbpuflWqWyhb/e+AUCnGqI3qoTF1OgfEWm:w7AWVhbm+AWqc5uZ
Size:	586240
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\libjpeg-9.dll
Category:	dropped
Dump:	libjpeg-9.dll.14.dr
ID:	dr_199
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
Entropy:	6.389441331010228
Encrypted:	false
Ssdeep:	6144:I7wNZIYb0maLgCaqrWqg7EdP8J1dJHoFaeghCbBL:I7we7gCaqrWqg7EdP8jpY
Size:	244224
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\libopenblas.WCDJNK7YVMPZQ2ME2ZZHJJRJ3JIKNDB7.gfortran-win_amd64.dll
Category:	dropped
Dump:	libopenblas.WCDJNK7YVMPZQ2ME2ZZHJJRJ3JIKNDB7.gfortran-win_amd64.dll.14.dr
ID:	dr_201
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.3382421612060815
Encrypted:	false
Ssdeep:	196608:fGLtguCargPguXVwK+UMidpW9fkSWweAY/CZoEeV8Vb13w6y1WftYk5kscxQfEGP:UksJf2OF
Size:	34369888
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\libpng16-16.dll
Category:	dropped
Dump:	libpng16-16.dll.14.dr
ID:	dr_203
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
Entropy:	6.4218776738200525
Encrypted:	false
Ssdeep:	3072:VatMOImapxER0/vnm2mjq61IJJT1fX0yuWUQstxZw2TnzFEY5IQ:VatMOImapaR03nmnYJV1cjtnwunw
Size:	210944
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\libssl-1_1.dll
Category:	dropped
Dump:	libssl-1_1.dll.14.dr
ID:	dr_205
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.526574117413294
Encrypted:	false
Ssdeep:	12288:1SurcFFRd4l6NCNH98PikxqceDotbA/nJspatQM5eJpAJfeMw4o8s6U2lvz:1KWZH98PiRLsAtf8AmMHogU2lvz
Size:	689184
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\lz4\_version.pyd
Category:	dropped
Dump:	_version.pyd.14.dr
ID:	dr_311
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	4.693564342821323
Encrypted:	false
Ssdeep:	96:yU5GYCsBIZw1A2z6pBo59ww0zkDQgJyUC5Xs+yEZqfkZFb37H/gQrOiw7v2V:9iiIZw1vuB09lqRGEZqMFr7brpwS
Size:	11264
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\lz4\block\_block.pyd
Category:	dropped
Dump:	_block.pyd.14.dr
ID:	dr_312
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.243272931591038
Encrypted:	false
Ssdeep:	1536:zJVWoR4lj3v525ltgp3N/fOPg2q4wOpRb55TuO3h7X:j3R4lj3vs5INOPduOpRb55Tuo9X
Size:	75264
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\msvcp140.dll
Category:	dropped
Dump:	msvcp140.dll.14.dr
ID:	dr_207
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.461874649448891
Encrypted:	false
Ssdeep:	12288:xI88L4Wu4+oJ+xc39ax5Ms4ETs3rxSvYcRkdQEKZm+jWodEEVh51:xD89rxZfQEKZm+jWodEEP5
Size:	590112
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\msvcp140_1.dll
Category:	dropped
Dump:	msvcp140_1.dll.14.dr
ID:	dr_209
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.499754548353504
Encrypted:	false
Ssdeep:	384:rOY/H1SbuIqnX8ndnWc95gW3C8c+pBj0HRN7bULkcyHRN7rxTO6iuQl9xiv:yYIBqnMdxxWd4urv
Size:	31728
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\multidict\_multidict.pyd
Category:	dropped
Dump:	_multidict.pyd.14.dr
ID:	dr_313
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.355295165687912
Encrypted:	false
Ssdeep:	768:fcjIEBdgjgEfwwuLR9JGMDYcMz/xYwr/:0czfQGM9
Size:	45568
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\numpy\core\_multiarray_tests.pyd
Category:	dropped
Dump:	_multiarray_tests.pyd.14.dr
ID:	dr_314
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.192836538611655
Encrypted:	false
Ssdeep:	1536:3lSGe/2iH80GUjTyKjT0k2MqIAP2u8vP0TU3s:Vh+GUjTybkpAPp8rs
Size:	106496
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\numpy\core\_multiarray_umath.pyd
Category:	dropped
Dump:	_multiarray_umath.pyd.14.dr
ID:	dr_315
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.537308891583725
Encrypted:	false
Ssdeep:	49152:/M/cze8S47oWNoUvqUEwdr8yzux14CtFrTyz4/V:WjAqw
Size:	2769920
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\numpy\fft\_pocketfft_internal.pyd
Category:	dropped
Dump:	_pocketfft_internal.pyd.14.dr
ID:	dr_174
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.177330572145835
Encrypted:	false
Size:	112640
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\numpy\linalg\_umath_linalg.pyd
Category:	dropped
Dump:	_umath_linalg.pyd.14.dr
ID:	dr_175
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.419120291258942
Encrypted:	false
Size:	153600
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\numpy\linalg\lapack_lite.pyd
Category:	dropped
Dump:	lapack_lite.pyd.14.dr
ID:	dr_176
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.530414151250272
Encrypted:	false
Size:	21504
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\numpy\random\_bounded_integers.pyd
Category:	dropped
Dump:	_bounded_integers.pyd.14.dr
ID:	dr_177
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.483806960130266
Encrypted:	false
Size:	238592
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\numpy\random\_common.pyd
Category:	dropped
Dump:	_common.pyd.14.dr
ID:	dr_178
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.1540655505257815
Encrypted:	false
Size:	178688
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\numpy\random\_generator.pyd
Category:	dropped
Dump:	_generator.pyd.14.dr
ID:	dr_179
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.316831567097614
Encrypted:	false
Size:	646144
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\numpy\random\_mt19937.pyd
Category:	dropped
Dump:	_mt19937.pyd.14.dr
ID:	dr_180
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.169423227466293
Encrypted:	false
Size:	77824
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\numpy\random\_pcg64.pyd
Category:	dropped
Dump:	_pcg64.pyd.14.dr
ID:	dr_181
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.980786853285234
Encrypted:	false
Size:	65024
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\numpy\random\_philox.pyd
Category:	dropped
Dump:	_philox.pyd.14.dr
ID:	dr_182
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.986508207434875
Encrypted:	false
Size:	72192
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\numpy\random\_sfc64.pyd
Category:	dropped
Dump:	_sfc64.pyd.14.dr
ID:	dr_183
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.860938878798157
Encrypted:	false
Size:	53248
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\numpy\random\bit_generator.pyd
Category:	dropped
Dump:	bit_generator.pyd.14.dr
ID:	dr_184
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.100107488012804
Encrypted:	false
Size:	151552
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\numpy\random\mtrand.pyd
Category:	dropped
Dump:	mtrand.pyd.14.dr
ID:	dr_185
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.202499551459795
Encrypted:	false
Size:	561152
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\psutil\_psutil_windows.pyd
Category:	dropped
Dump:	_psutil_windows.pyd.14.dr
ID:	dr_186
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.925569454538302
Encrypted:	false
Size:	78336
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\pyexpat.pyd
Category:	dropped
Dump:	pyexpat.pyd.14.dr
ID:	dr_211
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.312695764898477
Encrypted:	false
Size:	202768
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\pygame\_freetype.pyd
Category:	dropped
Dump:	_freetype.pyd.14.dr
ID:	dr_187
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.204869863327296
Encrypted:	false
Size:	78336
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\pygame\base.pyd
Category:	dropped
Dump:	base.pyd.14.dr
ID:	dr_188
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.679638168280965
Encrypted:	false
Size:	30208
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\pygame\bufferproxy.pyd
Category:	dropped
Dump:	bufferproxy.pyd.14.dr
ID:	dr_189
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.170811425002114
Encrypted:	false
Size:	18432
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\pygame\color.pyd
Category:	dropped
Dump:	color.pyd.14.dr
ID:	dr_190
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.73802357017814
Encrypted:	false
Size:	35840
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\pygame\constants.pyd
Category:	dropped
Dump:	constants.pyd.14.dr
ID:	dr_191
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.274247290628612
Encrypted:	false
Size:	49152
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\pygame\display.pyd
Category:	dropped
Dump:	display.pyd.14.dr
ID:	dr_192
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.783700908556658
Encrypted:	false
Size:	44032
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\pygame\draw.pyd
Category:	dropped
Dump:	draw.pyd.14.dr
ID:	dr_193
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.099628652524892
Encrypted:	false
Size:	48128
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\pygame\event.pyd
Category:	dropped
Dump:	event.pyd.14.dr
ID:	dr_194
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.665174203175519
Encrypted:	false
Size:	40448
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\pygame\font.pyd
Category:	dropped
Dump:	font.pyd.14.dr
ID:	dr_196
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.3407998299229
Encrypted:	false
Size:	24064
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\pygame\image.pyd
Category:	dropped
Dump:	image.pyd.14.dr
ID:	dr_198
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.791014923696717
Encrypted:	false
Size:	28160
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\pygame\imageext.pyd
Category:	dropped
Dump:	imageext.pyd.14.dr
ID:	dr_200
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.3288808221207145
Encrypted:	false
Size:	19456
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\pygame\joystick.pyd
Category:	dropped
Dump:	joystick.pyd.14.dr
ID:	dr_202
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.2928685167428196
Encrypted:	false
Size:	20480
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\pygame\key.pyd
Category:	dropped
Dump:	key.pyd.14.dr
ID:	dr_204
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	4.885516034084412
Encrypted:	false
Size:	26624
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\pygame\mask.pyd
Category:	dropped
Dump:	mask.pyd.14.dr
ID:	dr_206
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.188213197887492
Encrypted:	false
Size:	56832
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\pygame\math.pyd
Category:	dropped
Dump:	math.pyd.14.dr
ID:	dr_208
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.986686387118695
Encrypted:	false
Size:	67072
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\pygame\mixer.pyd
Category:	dropped
Dump:	mixer.pyd.14.dr
ID:	dr_210
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.658295348751267
Encrypted:	false
Size:	36352
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\pygame\mixer_music.pyd
Category:	dropped
Dump:	mixer_music.pyd.14.dr
ID:	dr_212
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.321389308193211
Encrypted:	false
Size:	20480
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\pygame\mouse.pyd
Category:	dropped
Dump:	mouse.pyd.14.dr
ID:	dr_214
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.213980760489755
Encrypted:	false
Size:	19456
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\pygame\pixelarray.pyd
Category:	dropped
Dump:	pixelarray.pyd.14.dr
ID:	dr_216
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.064596577114034
Encrypted:	false
Size:	45056
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\pygame\pixelcopy.pyd
Category:	dropped
Dump:	pixelcopy.pyd.14.dr
ID:	dr_218
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.761453811981597
Encrypted:	false
Size:	26112
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\pygame\rect.pyd
Category:	dropped
Dump:	rect.pyd.14.dr
ID:	dr_220
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.688408458159711
Encrypted:	false
Size:	36864
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\pygame\rwobject.pyd
Category:	dropped
Dump:	rwobject.pyd.14.dr
ID:	dr_222
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.290419159050352
Encrypted:	false
Size:	19968
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\pygame\scrap.pyd
Category:	dropped
Dump:	scrap.pyd.14.dr
ID:	dr_224
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.244515673174077
Encrypted:	false
Size:	18944
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\pygame\surface.pyd
Category:	dropped
Dump:	surface.pyd.14.dr
ID:	dr_226
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.3783596774039815
Encrypted:	false
Size:	220672
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\pygame\surflock.pyd
Category:	dropped
Dump:	surflock.pyd.14.dr
ID:	dr_228
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	4.748836333842975
Encrypted:	false
Size:	13824
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\pygame\time.pyd
Category:	dropped
Dump:	time.pyd.14.dr
ID:	dr_230
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.021063469377741
Encrypted:	false
Size:	18944
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\pygame\transform.pyd
Category:	dropped
Dump:	transform.pyd.14.dr
ID:	dr_232
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.234819540381457
Encrypted:	false
Size:	52224
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\python3.dll
Category:	dropped
Dump:	python3.dll.14.dr
ID:	dr_213
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.843378110040134
Encrypted:	false
Size:	58896
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\python37.dll
Category:	dropped
Dump:	python37.dll.14.dr
ID:	dr_215
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.384383088490926
Encrypted:	false
Size:	3750416
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\qt5core.dll
Category:	dropped
Dump:	qt5core.dll.14.dr
ID:	dr_217
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.768988071491288
Encrypted:	false
Size:	6023664
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\qt5dbus.dll
Category:	dropped
Dump:	qt5dbus.dll.14.dr
ID:	dr_219
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.392610185061176
Encrypted:	false
Size:	436720
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\qt5gui.dll
Category:	dropped
Dump:	qt5gui.dll.14.dr
ID:	dr_221
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.674290383197779
Encrypted:	false
Size:	7008240
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\qt5multimedia.dll
Category:	dropped
Dump:	qt5multimedia.dll.14.dr
ID:	dr_223
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.260644163524817
Encrypted:	false
Size:	746480
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\qt5network.dll
Category:	dropped
Dump:	qt5network.dll.14.dr
ID:	dr_225
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.41486755163134
Encrypted:	false
Size:	1340400
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\qt5printsupport.dll
Category:	dropped
Dump:	qt5printsupport.dll.14.dr
ID:	dr_227
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.4458228745525155
Encrypted:	false
Size:	317424
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\qt5qml.dll
Category:	dropped
Dump:	qt5qml.dll.14.dr
ID:	dr_229
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.333693598000157
Encrypted:	false
Size:	3591664
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\qt5qmlmodels.dll
Category:	dropped
Dump:	qt5qmlmodels.dll.14.dr
ID:	dr_231
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.312090336793804
Encrypted:	false
Size:	438768
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\qt5quick.dll
Category:	dropped
Dump:	qt5quick.dll.14.dr
ID:	dr_233
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.462183686222023
Encrypted:	false
Size:	4148720
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\qt5svg.dll
Category:	dropped
Dump:	qt5svg.dll.14.dr
ID:	dr_235
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.381828869454302
Encrypted:	false
Size:	330736
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\qt5websockets.dll
Category:	dropped
Dump:	qt5websockets.dll.14.dr
ID:	dr_237
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.116105454277536
Encrypted:	false
Size:	149488
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\qt5widgets.dll
Category:	dropped
Dump:	qt5widgets.dll.14.dr
ID:	dr_239
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.619117060971844
Encrypted:	false
Size:	5498352
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\regex\_regex.pyd
Category:	dropped
Dump:	_regex.pyd.14.dr
ID:	dr_234
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.484899841866105
Encrypted:	false
Size:	646144
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\sdl2.dll
Category:	dropped
Dump:	sdl2.dll.14.dr
ID:	dr_240
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
Entropy:	6.1101676126491045
Encrypted:	false
Size:	2227712
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\sdl2_image.dll
Category:	dropped
Dump:	sdl2_image.dll.14.dr
ID:	dr_241
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64 (stripped to external PDB), for MS Windows
Entropy:	6.248060009482749
Encrypted:	false
Size:	125440
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\sdl2_mixer.dll
Category:	dropped
Dump:	sdl2_mixer.dll.14.dr
ID:	dr_242
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64 (stripped to external PDB), for MS Windows
Entropy:	6.31428829821482
Encrypted:	false
Size:	123904
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\sdl2_ttf.dll
Category:	dropped
Dump:	sdl2_ttf.dll.14.dr
ID:	dr_243
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64 (stripped to external PDB), for MS Windows
Entropy:	5.651428871159069
Encrypted:	false
Size:	33792
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\select.pyd
Category:	dropped
Dump:	select.pyd.14.dr
ID:	dr_244
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.048170705523046
Encrypted:	false
Size:	27152
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\simplejson\_speedups.pyd
Category:	dropped
Dump:	_speedups.pyd.14.dr
ID:	dr_236
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.790440747175544
Encrypted:	false
Size:	39936
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\sqlite3.dll
Category:	dropped
Dump:	sqlite3.dll.14.dr
ID:	dr_245
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.5549229978521035
Encrypted:	false
Size:	1268752
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\ssleay32.dll
Category:	dropped
Dump:	ssleay32.dll.14.dr
ID:	dr_246
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.122702766666827
Encrypted:	false
Size:	361984
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\tcl86t.dll
Category:	dropped
Dump:	tcl86t.dll.14.dr
ID:	dr_247
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.496511987047776
Encrypted:	false
Size:	1705120
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\tk86t.dll
Category:	dropped
Dump:	tk86t.dll.14.dr
ID:	dr_248
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.165850680457804
Encrypted:	false
Size:	1468064
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\unicodedata.pyd
Category:	dropped
Dump:	unicodedata.pyd.14.dr
ID:	dr_249
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.327852618149687
Encrypted:	false
Size:	1073680
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\vcruntime140.dll
Category:	dropped
Dump:	vcruntime140.dll.14.dr
ID:	dr_250
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.50974924823557
Encrypted:	false
Size:	87864
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\vcruntime140_1.dll
Category:	dropped
Dump:	vcruntime140_1.dll.14.dr
ID:	dr_251
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.627837381503075
Encrypted:	false
Size:	44528
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\yarl\_quoting_c.pyd
Category:	dropped
Dump:	_quoting_c.pyd.14.dr
ID:	dr_238
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.996142689601423
Encrypted:	false
Size:	80384
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\zlib1.dll
Category:	dropped
Dump:	zlib1.dll.14.dr
ID:	dr_252
Target ID:	14
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
Entropy:	6.422076432206121
Encrypted:	false
Size:	108544
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\Crypto\Cipher\_Salsa20.pyd
Category:	dropped
Dump:	_Salsa20.pyd.15.dr
ID:	dr_496
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.043023051517476
Encrypted:	false
Size:	13824
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\Crypto\Cipher\_raw_aes.pyd
Category:	dropped
Dump:	_raw_aes.pyd.15.dr
ID:	dr_346
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.5538426720189396
Encrypted:	false
Size:	36352
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\Crypto\Cipher\_raw_aesni.pyd
Category:	dropped
Dump:	_raw_aesni.pyd.15.dr
ID:	dr_347
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.285321423775064
Encrypted:	false
Size:	15872
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\Crypto\Cipher\_raw_cbc.pyd
Category:	dropped
Dump:	_raw_cbc.pyd.15.dr
ID:	dr_348
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	4.737934511632203
Encrypted:	false
Size:	12288
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\Crypto\Cipher\_raw_cfb.pyd
Category:	dropped
Dump:	_raw_cfb.pyd.15.dr
ID:	dr_349
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	4.896113420654944
Encrypted:	false
Size:	13824
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\Crypto\Cipher\_raw_ctr.pyd
Category:	dropped
Dump:	_raw_ctr.pyd.15.dr
ID:	dr_350
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.296941042514949
Encrypted:	false
Size:	14848
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\Crypto\Cipher\_raw_ecb.pyd
Category:	dropped
Dump:	_raw_ecb.pyd.15.dr
ID:	dr_351
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	4.58491776551014
Encrypted:	false
Size:	10752
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\Crypto\Cipher\_raw_eksblowfish.pyd
Category:	dropped
Dump:	_raw_eksblowfish.pyd.15.dr
ID:	dr_352
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.13818726721959
Encrypted:	false
Size:	22016
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\Crypto\Cipher\_raw_ocb.pyd
Category:	dropped
Dump:	_raw_ocb.pyd.15.dr
ID:	dr_353
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.344975505079875
Encrypted:	false
Size:	17920
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\Crypto\Cipher\_raw_ofb.pyd
Category:	dropped
Dump:	_raw_ofb.pyd.15.dr
ID:	dr_354
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	4.732524211136862
Encrypted:	false
Size:	12288
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\Crypto\Hash\_BLAKE2s.pyd
Category:	dropped
Dump:	_BLAKE2s.pyd.15.dr
ID:	dr_355
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.17157470367637
Encrypted:	false
Size:	14336
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\Crypto\Hash\_MD5.pyd
Category:	dropped
Dump:	_MD5.pyd.15.dr
ID:	dr_356
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.463458228413267
Encrypted:	false
Size:	15360
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\Crypto\Hash\_SHA1.pyd
Category:	dropped
Dump:	_SHA1.pyd.15.dr
ID:	dr_357
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.681553876702266
Encrypted:	false
Size:	17920
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\Crypto\Hash\_SHA256.pyd
Category:	dropped
Dump:	_SHA256.pyd.15.dr
ID:	dr_358
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.90271944005012
Encrypted:	false
Size:	21504
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\Crypto\Hash\_ghash_clmul.pyd
Category:	dropped
Dump:	_ghash_clmul.pyd.15.dr
ID:	dr_359
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.019867964622382
Encrypted:	false
Size:	12800
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\Crypto\Hash\_ghash_portable.pyd
Category:	dropped
Dump:	_ghash_portable.pyd.15.dr
ID:	dr_360
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.015378888018285
Encrypted:	false
Size:	13312
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\Crypto\Protocol\_scrypt.pyd
Category:	dropped
Dump:	_scrypt.pyd.15.dr
ID:	dr_361
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	4.795317235666895
Encrypted:	false
Size:	12288
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\Crypto\Util\_cpuid_c.pyd
Category:	dropped
Dump:	_cpuid_c.pyd.15.dr
ID:	dr_362
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	4.7372077697895945
Encrypted:	false
Size:	10240
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\Crypto\Util\_strxor.pyd
Category:	dropped
Dump:	_strxor.pyd.15.dr
ID:	dr_363
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	4.693475725745118
Encrypted:	false
Size:	10240
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\PIL\_imaging.pyd
Category:	dropped
Dump:	_imaging.pyd.15.dr
ID:	dr_364
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.459337580131227
Encrypted:	false
Size:	2428928
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\PIL\_imagingcms.pyd
Category:	dropped
Dump:	_imagingcms.pyd.15.dr
ID:	dr_365
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.280201200423917
Encrypted:	false
Size:	257536
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\PIL\_imagingft.pyd
Category:	dropped
Dump:	_imagingft.pyd.15.dr
ID:	dr_366
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.766846496259483
Encrypted:	false
Size:	1652736
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\PIL\_imagingtk.pyd
Category:	dropped
Dump:	_imagingtk.pyd.15.dr
ID:	dr_367
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.016426536954842
Encrypted:	false
Size:	15872
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\PIL\_webp.pyd
Category:	dropped
Dump:	_webp.pyd.15.dr
ID:	dr_368
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.580984741686164
Encrypted:	false
Size:	531456
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\PyQt5\QtCore.pyd
Category:	dropped
Dump:	QtCore.pyd.15.dr
ID:	dr_369
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.240133820704683
Encrypted:	false
Size:	2467840
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\PyQt5\QtGui.pyd
Category:	dropped
Dump:	QtGui.pyd.15.dr
ID:	dr_370
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.233473435581707
Encrypted:	false
Size:	2482688
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\PyQt5\QtWidgets.pyd
Category:	dropped
Dump:	QtWidgets.pyd.15.dr
ID:	dr_371
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.251608446485404
Encrypted:	false
Size:	5092864
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\PyQt5\qt-plugins\iconengines\qsvgicon.dll
Category:	dropped
Dump:	qsvgicon.dll.15.dr
ID:	dr_373
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.0993566622860635
Encrypted:	false
Size:	41968
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\PyQt5\qt-plugins\imageformats\qgif.dll
Category:	dropped
Dump:	qgif.dll.15.dr
ID:	dr_374
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.0316011626259405
Encrypted:	false
Size:	39408
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\PyQt5\qt-plugins\imageformats\qicns.dll
Category:	dropped
Dump:	qicns.dll.15.dr
ID:	dr_375
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.016125225197622
Encrypted:	false
Size:	45040
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\PyQt5\qt-plugins\imageformats\qico.dll
Category:	dropped
Dump:	qico.dll.15.dr
ID:	dr_376
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.957072398645384
Encrypted:	false
Size:	38384
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\PyQt5\qt-plugins\imageformats\qjpeg.dll
Category:	dropped
Dump:	qjpeg.dll.15.dr
ID:	dr_377
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.7491063936821405
Encrypted:	false
Size:	421360
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\PyQt5\qt-plugins\imageformats\qsvg.dll
Category:	dropped
Dump:	qsvg.dll.15.dr
ID:	dr_378
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.978149408776758
Encrypted:	false
Size:	32240
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\PyQt5\qt-plugins\imageformats\qtga.dll
Category:	dropped
Dump:	qtga.dll.15.dr
ID:	dr_379
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.865766652452823
Encrypted:	false
Size:	31728
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\PyQt5\qt-plugins\imageformats\qtiff.dll
Category:	dropped
Dump:	qtiff.dll.15.dr
ID:	dr_380
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.724665470266677
Encrypted:	false
Size:	390128
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\PyQt5\qt-plugins\imageformats\qwbmp.dll
Category:	dropped
Dump:	qwbmp.dll.15.dr
ID:	dr_381
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.938644231596902
Encrypted:	false
Size:	30192
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\PyQt5\qt-plugins\imageformats\qwebp.dll
Category:	dropped
Dump:	qwebp.dll.15.dr
ID:	dr_382
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.605517748735854
Encrypted:	false
Size:	510448
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\PyQt5\qt-plugins\mediaservice\dsengine.dll
Category:	dropped
Dump:	dsengine.dll.15.dr
ID:	dr_383
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.15513142093455
Encrypted:	false
Size:	301040
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\PyQt5\qt-plugins\mediaservice\qtmedia_audioengine.dll
Category:	dropped
Dump:	qtmedia_audioengine.dll.15.dr
ID:	dr_384
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.915530709928927
Encrypted:	false
Size:	68080
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\PyQt5\qt-plugins\mediaservice\wmfengine.dll
Category:	dropped
Dump:	wmfengine.dll.15.dr
ID:	dr_385
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.0609445635731305
Encrypted:	false
Size:	208368
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\PyQt5\qt-plugins\platforms\qminimal.dll
Category:	dropped
Dump:	qminimal.dll.15.dr
ID:	dr_386
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.625808732261156
Encrypted:	false
Size:	844784
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\PyQt5\qt-plugins\platforms\qoffscreen.dll
Category:	dropped
Dump:	qoffscreen.dll.15.dr
ID:	dr_387
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.6323155845799695
Encrypted:	false
Size:	754672
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\PyQt5\qt-plugins\platforms\qwebgl.dll
Category:	dropped
Dump:	qwebgl.dll.15.dr
ID:	dr_388
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.152380961313931
Encrypted:	false
Size:	482288
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\PyQt5\qt-plugins\platforms\qwindows.dll
Category:	dropped
Dump:	qwindows.dll.15.dr
ID:	dr_389
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.575113537540671
Encrypted:	false
Size:	1477104
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\PyQt5\qt-plugins\platformthemes\qxdgdesktopportal.dll
Category:	dropped
Dump:	qxdgdesktopportal.dll.15.dr
ID:	dr_390
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.125954940500008
Encrypted:	false
Size:	68592
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\PyQt5\qt-plugins\printsupport\windowsprintersupport.dll
Category:	dropped
Dump:	windowsprintersupport.dll.15.dr
ID:	dr_391
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.083938612859037
Encrypted:	false
Size:	55280
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\PyQt5\qt-plugins\styles\qwindowsvistastyle.dll
Category:	dropped
Dump:	qwindowsvistastyle.dll.15.dr
ID:	dr_392
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.294675868932723
Encrypted:	false
Size:	144368
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\PyQt5\sip.pyd
Category:	dropped
Dump:	sip.pyd.15.dr
ID:	dr_372
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.013239668983001
Encrypted:	false
Size:	121344
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\_asyncio.pyd
Category:	dropped
Dump:	_asyncio.pyd.15.dr
ID:	dr_405
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.899692891859365
Encrypted:	false
Size:	73744
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\_brotli.pyd
Category:	dropped
Dump:	_brotli.pyd.15.dr
ID:	dr_407
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.094087296276298
Encrypted:	false
Size:	857600
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\_bz2.pyd
Category:	dropped
Dump:	_bz2.pyd.15.dr
ID:	dr_409
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.337586298062742
Encrypted:	false
Size:	94736
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\_cffi_backend.pyd
Category:	dropped
Dump:	_cffi_backend.pyd.15.dr
ID:	dr_411
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.199103831906969
Encrypted:	false
Size:	181760
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\_ctypes.pyd
Category:	dropped
Dump:	_ctypes.pyd.15.dr
ID:	dr_413
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.962671714439977
Encrypted:	false
Size:	132624
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\_decimal.pyd
Category:	dropped
Dump:	_decimal.pyd.15.dr
ID:	dr_415
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.490803702039132
Encrypted:	false
Size:	267280
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\_elementtree.pyd
Category:	dropped
Dump:	_elementtree.pyd.15.dr
ID:	dr_417
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.299632329784148
Encrypted:	false
Size:	207888
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\_hashlib.pyd
Category:	dropped
Dump:	_hashlib.pyd.15.dr
ID:	dr_419
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.959951673192366
Encrypted:	false
Size:	38928
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\_lzma.pyd
Category:	dropped
Dump:	_lzma.pyd.15.dr
ID:	dr_421
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.6945247495968045
Encrypted:	false
Size:	176144
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\_multiprocessing.pyd
Category:	dropped
Dump:	_multiprocessing.pyd.15.dr
ID:	dr_423
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.960619050057232
Encrypted:	false
Size:	29712
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\_overlapped.pyd
Category:	dropped
Dump:	_overlapped.pyd.15.dr
ID:	dr_425
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.925988445470974
Encrypted:	false
Size:	46096
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\_portaudio.pyd
Category:	dropped
Dump:	_portaudio.pyd.15.dr
ID:	dr_427
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.338498984880818
Encrypted:	false
Size:	301056
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\_queue.pyd
Category:	dropped
Dump:	_queue.pyd.15.dr
ID:	dr_429
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.982244926544283
Encrypted:	false
Size:	28176
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\_socket.pyd
Category:	dropped
Dump:	_socket.pyd.15.dr
ID:	dr_431
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.0942584309558985
Encrypted:	false
Size:	76816
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\_sqlite3.pyd
Category:	dropped
Dump:	_sqlite3.pyd.15.dr
ID:	dr_433
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.875335952288727
Encrypted:	false
Size:	88592
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\_ssl.pyd
Category:	dropped
Dump:	_ssl.pyd.15.dr
ID:	dr_435
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.015568704435241
Encrypted:	false
Size:	120848
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\_tkinter.pyd
Category:	dropped
Dump:	_tkinter.pyd.15.dr
ID:	dr_437
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.022045168499411
Encrypted:	false
Size:	69648
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\aiohttp\_helpers.pyd
Category:	dropped
Dump:	_helpers.pyd.15.dr
ID:	dr_393
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.693567055904789
Encrypted:	false
Size:	40448
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\aiohttp\_http_parser.pyd
Category:	dropped
Dump:	_http_parser.pyd.15.dr
ID:	dr_394
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.10666779226306
Encrypted:	false
Size:	220160
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\aiohttp\_http_writer.pyd
Category:	dropped
Dump:	_http_writer.pyd.15.dr
ID:	dr_395
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.74813879490357
Encrypted:	false
Size:	36352
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\aiohttp\_websocket.pyd
Category:	dropped
Dump:	_websocket.pyd.15.dr
ID:	dr_396
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.4304573666415985
Encrypted:	false
Size:	24064
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\bcrypt\_bcrypt.pyd
Category:	dropped
Dump:	_bcrypt.pyd.15.dr
ID:	dr_397
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.264879673315508
Encrypted:	false
Size:	31744
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\certifi\cacert.pem
Category:	dropped
Dump:	cacert.pem.15.dr
ID:	dr_398
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	ASCII text
Entropy:	6.049584029751259
Encrypted:	false
Size:	285222
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\concrt140.dll
Category:	dropped
Dump:	concrt140.dll.15.dr
ID:	dr_439
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.325295618585691
Encrypted:	false
Size:	317208
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\cryptography\hazmat\bindings\_openssl.pyd
Category:	dropped
Dump:	_openssl.pyd.15.dr
ID:	dr_399
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.5600156596934625
Encrypted:	false
Size:	3962880
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\cryptography\hazmat\bindings\_rust.pyd
Category:	dropped
Dump:	_rust.pyd.15.dr
ID:	dr_400
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.148502058477941
Encrypted:	false
Size:	1593344
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\cv2\cv2.pyd
Category:	dropped
Dump:	cv2.pyd.15.dr
ID:	dr_401
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.741890175139891
Encrypted:	false
Size:	87928320
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\frozenlist\_frozenlist.pyd
Category:	dropped
Dump:	_frozenlist.pyd.15.dr
ID:	dr_402
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.760625162582072
Encrypted:	false
Size:	53248
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\libcrypto-1_1.dll
Category:	dropped
Dump:	libcrypto-1_1.dll.15.dr
ID:	dr_441
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.094152840203032
Encrypted:	false
Size:	3399200
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\libeay32.dll
Category:	dropped
Dump:	libeay32.dll.15.dr
ID:	dr_443
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.7573278120063724
Encrypted:	false
Size:	1988608
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\libfreetype-6.dll
Category:	dropped
Dump:	libfreetype-6.dll.15.dr
ID:	dr_445
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
Entropy:	6.4460699567644255
Encrypted:	false
Size:	586240
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\libjpeg-9.dll
Category:	dropped
Dump:	libjpeg-9.dll.15.dr
ID:	dr_447
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
Entropy:	6.389441331010228
Encrypted:	false
Size:	244224
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\libopenblas.WCDJNK7YVMPZQ2ME2ZZHJJRJ3JIKNDB7.gfortran-win_amd64.dll
Category:	dropped
Dump:	libopenblas.WCDJNK7YVMPZQ2ME2ZZHJJRJ3JIKNDB7.gfortran-win_amd64.dll.15.dr
ID:	dr_449
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.3382421612060815
Encrypted:	false
Size:	34369888
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\libpng16-16.dll
Category:	dropped
Dump:	libpng16-16.dll.15.dr
ID:	dr_451
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
Entropy:	6.4218776738200525
Encrypted:	false
Size:	210944
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\libssl-1_1.dll
Category:	dropped
Dump:	libssl-1_1.dll.15.dr
ID:	dr_453
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.526574117413294
Encrypted:	false
Size:	689184
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\lz4\_version.pyd
Category:	dropped
Dump:	_version.pyd.15.dr
ID:	dr_403
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	4.693564342821323
Encrypted:	false
Size:	11264
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\lz4\block\_block.pyd
Category:	dropped
Dump:	_block.pyd.15.dr
ID:	dr_404
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.243272931591038
Encrypted:	false
Size:	75264
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\msvcp140.dll
Category:	dropped
Dump:	msvcp140.dll.15.dr
ID:	dr_455
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.461874649448891
Encrypted:	false
Size:	590112
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\msvcp140_1.dll
Category:	dropped
Dump:	msvcp140_1.dll.15.dr
ID:	dr_457
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.499754548353504
Encrypted:	false
Size:	31728
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\multidict\_multidict.pyd
Category:	dropped
Dump:	_multidict.pyd.15.dr
ID:	dr_406
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.355295165687912
Encrypted:	false
Size:	45568
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\numpy\core\_multiarray_tests.pyd
Category:	dropped
Dump:	_multiarray_tests.pyd.15.dr
ID:	dr_408
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.192836538611655
Encrypted:	false
Size:	106496
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\numpy\core\_multiarray_umath.pyd
Category:	dropped
Dump:	_multiarray_umath.pyd.15.dr
ID:	dr_410
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.537308891583725
Encrypted:	false
Size:	2769920
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\numpy\fft\_pocketfft_internal.pyd
Category:	dropped
Dump:	_pocketfft_internal.pyd.15.dr
ID:	dr_412
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.177330572145835
Encrypted:	false
Size:	112640
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\numpy\linalg\_umath_linalg.pyd
Category:	dropped
Dump:	_umath_linalg.pyd.15.dr
ID:	dr_414
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.419120291258942
Encrypted:	false
Size:	153600
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\numpy\linalg\lapack_lite.pyd
Category:	dropped
Dump:	lapack_lite.pyd.15.dr
ID:	dr_416
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.530414151250272
Encrypted:	false
Size:	21504
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\numpy\random\_bounded_integers.pyd
Category:	dropped
Dump:	_bounded_integers.pyd.15.dr
ID:	dr_418
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.483806960130266
Encrypted:	false
Size:	238592
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\numpy\random\_common.pyd
Category:	dropped
Dump:	_common.pyd.15.dr
ID:	dr_420
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.1540655505257815
Encrypted:	false
Size:	178688
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\numpy\random\_generator.pyd
Category:	dropped
Dump:	_generator.pyd.15.dr
ID:	dr_422
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.316831567097614
Encrypted:	false
Size:	646144
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\numpy\random\_mt19937.pyd
Category:	dropped
Dump:	_mt19937.pyd.15.dr
ID:	dr_424
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.169423227466293
Encrypted:	false
Size:	77824
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\numpy\random\_pcg64.pyd
Category:	dropped
Dump:	_pcg64.pyd.15.dr
ID:	dr_426
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.980786853285234
Encrypted:	false
Size:	65024
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\numpy\random\_philox.pyd
Category:	dropped
Dump:	_philox.pyd.15.dr
ID:	dr_428
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.986508207434875
Encrypted:	false
Size:	72192
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\numpy\random\_sfc64.pyd
Category:	dropped
Dump:	_sfc64.pyd.15.dr
ID:	dr_430
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.860938878798157
Encrypted:	false
Size:	53248
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\numpy\random\bit_generator.pyd
Category:	dropped
Dump:	bit_generator.pyd.15.dr
ID:	dr_432
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.100107488012804
Encrypted:	false
Size:	151552
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\numpy\random\mtrand.pyd
Category:	dropped
Dump:	mtrand.pyd.15.dr
ID:	dr_434
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.202499551459795
Encrypted:	false
Size:	561152
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\psutil\_psutil_windows.pyd
Category:	dropped
Dump:	_psutil_windows.pyd.15.dr
ID:	dr_436
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.925569454538302
Encrypted:	false
Size:	78336
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\pyexpat.pyd
Category:	dropped
Dump:	pyexpat.pyd.15.dr
ID:	dr_459
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.312695764898477
Encrypted:	false
Size:	202768
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\pygame\_freetype.pyd
Category:	dropped
Dump:	_freetype.pyd.15.dr
ID:	dr_438
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.204869863327296
Encrypted:	false
Size:	78336
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\pygame\base.pyd
Category:	dropped
Dump:	base.pyd.15.dr
ID:	dr_440
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.679638168280965
Encrypted:	false
Size:	30208
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\pygame\bufferproxy.pyd
Category:	dropped
Dump:	bufferproxy.pyd.15.dr
ID:	dr_442
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.170811425002114
Encrypted:	false
Size:	18432
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\pygame\color.pyd
Category:	dropped
Dump:	color.pyd.15.dr
ID:	dr_444
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.73802357017814
Encrypted:	false
Size:	35840
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\pygame\constants.pyd
Category:	dropped
Dump:	constants.pyd.15.dr
ID:	dr_446
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.274247290628612
Encrypted:	false
Size:	49152
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\pygame\display.pyd
Category:	dropped
Dump:	display.pyd.15.dr
ID:	dr_448
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.783700908556658
Encrypted:	false
Size:	44032
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\pygame\draw.pyd
Category:	dropped
Dump:	draw.pyd.15.dr
ID:	dr_450
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.099628652524892
Encrypted:	false
Size:	48128
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\pygame\event.pyd
Category:	dropped
Dump:	event.pyd.15.dr
ID:	dr_452
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.665174203175519
Encrypted:	false
Size:	40448
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\pygame\font.pyd
Category:	dropped
Dump:	font.pyd.15.dr
ID:	dr_454
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.3407998299229
Encrypted:	false
Size:	24064
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\pygame\image.pyd
Category:	dropped
Dump:	image.pyd.15.dr
ID:	dr_456
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.791014923696717
Encrypted:	false
Size:	28160
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\pygame\imageext.pyd
Category:	dropped
Dump:	imageext.pyd.15.dr
ID:	dr_458
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.3288808221207145
Encrypted:	false
Size:	19456
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\pygame\joystick.pyd
Category:	dropped
Dump:	joystick.pyd.15.dr
ID:	dr_460
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.2928685167428196
Encrypted:	false
Size:	20480
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\pygame\key.pyd
Category:	dropped
Dump:	key.pyd.15.dr
ID:	dr_462
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	4.885516034084412
Encrypted:	false
Size:	26624
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\pygame\mask.pyd
Category:	dropped
Dump:	mask.pyd.15.dr
ID:	dr_464
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.188213197887492
Encrypted:	false
Size:	56832
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\pygame\math.pyd
Category:	dropped
Dump:	math.pyd.15.dr
ID:	dr_466
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.986686387118695
Encrypted:	false
Size:	67072
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\pygame\mixer.pyd
Category:	dropped
Dump:	mixer.pyd.15.dr
ID:	dr_468
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.658295348751267
Encrypted:	false
Size:	36352
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\pygame\mixer_music.pyd
Category:	dropped
Dump:	mixer_music.pyd.15.dr
ID:	dr_470
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.321389308193211
Encrypted:	false
Size:	20480
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\pygame\mouse.pyd
Category:	dropped
Dump:	mouse.pyd.15.dr
ID:	dr_472
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.213980760489755
Encrypted:	false
Size:	19456
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\pygame\pixelarray.pyd
Category:	dropped
Dump:	pixelarray.pyd.15.dr
ID:	dr_474
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.064596577114034
Encrypted:	false
Size:	45056
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\pygame\pixelcopy.pyd
Category:	dropped
Dump:	pixelcopy.pyd.15.dr
ID:	dr_476
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.761453811981597
Encrypted:	false
Size:	26112
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\pygame\rect.pyd
Category:	dropped
Dump:	rect.pyd.15.dr
ID:	dr_336
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.688408458159711
Encrypted:	false
Size:	36864
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\pygame\rwobject.pyd
Category:	dropped
Dump:	rwobject.pyd.15.dr
ID:	dr_337
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.290419159050352
Encrypted:	false
Size:	19968
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\pygame\scrap.pyd
Category:	dropped
Dump:	scrap.pyd.15.dr
ID:	dr_338
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.244515673174077
Encrypted:	false
Size:	18944
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\pygame\surface.pyd
Category:	dropped
Dump:	surface.pyd.15.dr
ID:	dr_339
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.3783596774039815
Encrypted:	false
Size:	220672
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\pygame\surflock.pyd
Category:	dropped
Dump:	surflock.pyd.15.dr
ID:	dr_340
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	4.748836333842975
Encrypted:	false
Size:	13824
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\pygame\time.pyd
Category:	dropped
Dump:	time.pyd.15.dr
ID:	dr_341
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.021063469377741
Encrypted:	false
Size:	18944
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\pygame\transform.pyd
Category:	dropped
Dump:	transform.pyd.15.dr
ID:	dr_342
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.234819540381457
Encrypted:	false
Size:	52224
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\python3.dll
Category:	dropped
Dump:	python3.dll.15.dr
ID:	dr_461
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.843378110040134
Encrypted:	false
Size:	58896
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\python37.dll
Category:	dropped
Dump:	python37.dll.15.dr
ID:	dr_463
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.384383088490926
Encrypted:	false
Size:	3750416
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\qt5core.dll
Category:	dropped
Dump:	qt5core.dll.15.dr
ID:	dr_465
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.768988071491288
Encrypted:	false
Size:	6023664
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\qt5dbus.dll
Category:	dropped
Dump:	qt5dbus.dll.15.dr
ID:	dr_467
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.392610185061176
Encrypted:	false
Size:	436720
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\qt5gui.dll
Category:	dropped
Dump:	qt5gui.dll.15.dr
ID:	dr_469
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.674290383197779
Encrypted:	false
Size:	7008240
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\qt5multimedia.dll
Category:	dropped
Dump:	qt5multimedia.dll.15.dr
ID:	dr_471
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.260644163524817
Encrypted:	false
Size:	746480
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\qt5network.dll
Category:	dropped
Dump:	qt5network.dll.15.dr
ID:	dr_473
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.41486755163134
Encrypted:	false
Size:	1340400
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\qt5printsupport.dll
Category:	dropped
Dump:	qt5printsupport.dll.15.dr
ID:	dr_475
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.4458228745525155
Encrypted:	false
Size:	317424
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\qt5qml.dll
Category:	dropped
Dump:	qt5qml.dll.15.dr
ID:	dr_477
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.333693598000157
Encrypted:	false
Size:	3591664
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\qt5qmlmodels.dll
Category:	dropped
Dump:	qt5qmlmodels.dll.15.dr
ID:	dr_478
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.312090336793804
Encrypted:	false
Size:	438768
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\qt5quick.dll
Category:	dropped
Dump:	qt5quick.dll.15.dr
ID:	dr_479
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.462183686222023
Encrypted:	false
Size:	4148720
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\qt5svg.dll
Category:	dropped
Dump:	qt5svg.dll.15.dr
ID:	dr_480
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.381828869454302
Encrypted:	false
Size:	330736
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\qt5websockets.dll
Category:	dropped
Dump:	qt5websockets.dll.15.dr
ID:	dr_481
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.116105454277536
Encrypted:	false
Size:	149488
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\qt5widgets.dll
Category:	dropped
Dump:	qt5widgets.dll.15.dr
ID:	dr_482
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.619117060971844
Encrypted:	false
Size:	5498352
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\regex\_regex.pyd
Category:	dropped
Dump:	_regex.pyd.15.dr
ID:	dr_343
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.484899841866105
Encrypted:	false
Size:	646144
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\sdl2.dll
Category:	dropped
Dump:	sdl2.dll.15.dr
ID:	dr_483
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
Entropy:	6.1101676126491045
Encrypted:	false
Size:	2227712
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\sdl2_image.dll
Category:	dropped
Dump:	sdl2_image.dll.15.dr
ID:	dr_484
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64 (stripped to external PDB), for MS Windows
Entropy:	6.248060009482749
Encrypted:	false
Size:	125440
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\sdl2_mixer.dll
Category:	dropped
Dump:	sdl2_mixer.dll.15.dr
ID:	dr_485
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64 (stripped to external PDB), for MS Windows
Entropy:	6.31428829821482
Encrypted:	false
Size:	123904
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\sdl2_ttf.dll
Category:	dropped
Dump:	sdl2_ttf.dll.15.dr
ID:	dr_486
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64 (stripped to external PDB), for MS Windows
Entropy:	5.651428871159069
Encrypted:	false
Size:	33792
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\select.pyd
Category:	dropped
Dump:	select.pyd.15.dr
ID:	dr_487
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.048170705523046
Encrypted:	false
Size:	27152
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\simplejson\_speedups.pyd
Category:	dropped
Dump:	_speedups.pyd.15.dr
ID:	dr_344
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.790440747175544
Encrypted:	false
Size:	39936
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\sqlite3.dll
Category:	dropped
Dump:	sqlite3.dll.15.dr
ID:	dr_488
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.5549229978521035
Encrypted:	false
Size:	1268752
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\ssleay32.dll
Category:	dropped
Dump:	ssleay32.dll.15.dr
ID:	dr_489
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.122702766666827
Encrypted:	false
Size:	361984
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\tcl86t.dll
Category:	dropped
Dump:	tcl86t.dll.15.dr
ID:	dr_490
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.496511987047776
Encrypted:	false
Size:	1705120
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\tk86t.dll
Category:	dropped
Dump:	tk86t.dll.15.dr
ID:	dr_491
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.165850680457804
Encrypted:	false
Size:	1468064
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\unicodedata.pyd
Category:	dropped
Dump:	unicodedata.pyd.15.dr
ID:	dr_492
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.327852618149687
Encrypted:	false
Size:	1073680
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\vcruntime140.dll
Category:	dropped
Dump:	vcruntime140.dll.15.dr
ID:	dr_493
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.50974924823557
Encrypted:	false
Size:	87864
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\vcruntime140_1.dll
Category:	dropped
Dump:	vcruntime140_1.dll.15.dr
ID:	dr_494
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.627837381503075
Encrypted:	false
Size:	44528
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\yarl\_quoting_c.pyd
Category:	dropped
Dump:	_quoting_c.pyd.15.dr
ID:	dr_345
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.996142689601423
Encrypted:	false
Size:	80384
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\zlib1.dll
Category:	dropped
Dump:	zlib1.dll.15.dr
ID:	dr_495
Target ID:	15
Process:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Type:	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
Entropy:	6.422076432206121
Encrypted:	false
Size:	108544
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\user\AppData\Local\Tempcrbsxvgjoy.db
Category:	dropped
Dump:	Tempcrbsxvgjoy.db.16.dr
ID:	dr_501
Target ID:	16
Process:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\localtest.exe
Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
Entropy:	0.6732424250451717
Encrypted:	false
Size:	20480
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Tempcrcwblpieb.db
Category:	dropped
Dump:	Tempcrcwblpieb.db.16.dr
ID:	dr_499
Target ID:	16
Process:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\localtest.exe
Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
Entropy:	0.8475592208333753
Encrypted:	false
Size:	20480
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Tempcrkflvesgb.db
Category:	dropped
Dump:	Tempcrkflvesgb.db.2.dr
ID:	dr_165
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\localtest.exe
Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Entropy:	0.8553638852307782
Encrypted:	false
Size:	40960
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Tempcrlzluscrn.db
Category:	dropped
Dump:	Tempcrlzluscrn.db.2.dr
ID:	dr_167
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\localtest.exe
Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
Entropy:	0.8475592208333753
Encrypted:	false
Size:	20480
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Tempcrouutfgon.db
Category:	dropped
Dump:	Tempcrouutfgon.db.23.dr
ID:	dr_507
Target ID:	23
Process:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\localtest.exe
Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
Entropy:	0.6732424250451717
Encrypted:	false
Size:	20480
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Tempcrsmbeiqng.db
Category:	dropped
Dump:	Tempcrsmbeiqng.db.23.dr
ID:	dr_504
Target ID:	23
Process:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\localtest.exe
Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Entropy:	0.8553638852307782
Encrypted:	false
Size:	40960
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Tempcrteoxnopv.db
Category:	dropped
Dump:	Tempcrteoxnopv.db.16.dr
ID:	dr_502
Target ID:	16
Process:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\localtest.exe
Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Entropy:	0.8553638852307782
Encrypted:	false
Size:	40960
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Tempcrupbdtldh.db
Category:	dropped
Dump:	Tempcrupbdtldh.db.16.dr
ID:	dr_500
Target ID:	16
Process:	C:\Users\user\AppData\Local\Temp\onefile_3700_133646285352975123\localtest.exe
Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Entropy:	0.8746135976761988
Encrypted:	false
Size:	51200
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Tempcruvhdtnrp.db
Category:	dropped
Dump:	Tempcruvhdtnrp.db.23.dr
ID:	dr_506
Target ID:	23
Process:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\localtest.exe
Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
Entropy:	0.8475592208333753
Encrypted:	false
Size:	20480
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Tempcrvywzldrc.db
Category:	dropped
Dump:	Tempcrvywzldrc.db.2.dr
ID:	dr_168
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\localtest.exe
Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
Entropy:	0.6732424250451717
Encrypted:	false
Size:	20480
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Tempcrypoytydq.db
Category:	dropped
Dump:	Tempcrypoytydq.db.23.dr
ID:	dr_505
Target ID:	23
Process:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\localtest.exe
Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Entropy:	0.8746135976761988
Encrypted:	false
Size:	51200
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Tempcrytzkcpyu.db
Category:	dropped
Dump:	Tempcrytzkcpyu.db.2.dr
ID:	dr_166
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\localtest.exe
Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Entropy:	0.8746135976761988
Encrypted:	false
Size:	51200
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Roaming\MicrosoftSupport\MicrosoftSecurityUpdate.exe
Category:	dropped
Dump:	MicrosoftSecurityUpdate.exe.2.dr
ID:	dr_164
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\localtest.exe
Type:	PE32+ executable (GUI) x86-64, for MS Windows
Entropy:	7.998650670687196
Encrypted:	true
Size:	69484264
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Sigma detected: CurrentVersion Autorun Keys Modification	System Summary
Disables application error messsages (SetErrorMode)	Hooking and other Techniques for Hiding and Protection
Spawns processes	System Summary	Process Injection
Tries to load missing DLLs	System Summary	DLL Side-Loading

Details

File:	C:\Users\user\AppData\Roaming\MicrosoftSupport\WindowsSecurityService.exe
Category:	dropped
Dump:	WindowsSecurityService.exe.2.dr
ID:	dr_163
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\onefile_2444_133646285062301735\localtest.exe
Type:	PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
Entropy:	6.22681497927518
Encrypted:	false
Size:	7811072
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	\Device\Null
Category:	dropped
Dump:	Null.23.dr
ID:	dr_503
Target ID:	23
Process:	C:\Users\user\AppData\Local\Temp\onefile_5244_133646285434309074\localtest.exe
Type:	ASCII text, with CRLF line terminators
Entropy:	4.576593583920652
Encrypted:	false
Size:	133
Whitelisted:	false
Reputation:	timeout

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
msupdate.exe

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportmsupdate.exe

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

IOC Report
msupdate.exe