Windows Analysis Report
2a2d6bO44t.exe

AV Detection

Source: 2a2d6bO44t.exe	ReversingLabs: Detection: 21%
Source: 2a2d6bO44t.exe	Virustotal: Detection: 22%			Perma Link

Source: 2a2d6bO44t.exe

Joe Sandbox ML: detected

Compliance

Source: 2a2d6bO44t.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE

Source:	Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: 2a2d6bO44t.exe, 00000000.00000003.1672930717.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-locale-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: 2a2d6bO44t.exe, 00000000.00000003.1673147081.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-runtime-l1-1-0.dll.0.dr
Source:	Binary string: C:\A\21\b\bin\amd64\_lzma.pdbMM source: 2a2d6bO44t.exe, 00000000.00000003.1670006950.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, _lzma.pyd.0.dr
Source:	Binary string: api-ms-win-core-file-l1-2-0.pdb source: 2a2d6bO44t.exe, 00000000.00000003.1670611686.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l1-2-0.dll.0.dr
Source:	Binary string: C:\A\21\b\bin\amd64\_socket.pdb source: 2a2d6bO44t.exe, 00000000.00000003.1670156798.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, _socket.pyd.0.dr
Source:	Binary string: ucrtbase.pdb source: 2a2d6bO44t.exe, 00000001.00000002.1683747797.00007FFE01435000.00000002.00000001.01000000.00000004.sdmp, ucrtbase.dll.0.dr
Source:	Binary string: api-ms-win-core-memory-l1-1-0.pdb source: 2a2d6bO44t.exe, 00000000.00000003.1671598773.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-memory-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-core-debug-l1-1-0.pdb source: 2a2d6bO44t.exe, 00000000.00000003.1670395383.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-debug-l1-1-0.dll.0.dr
Source:	Binary string: C:\A\21\b\bin\amd64\_hashlib.pdb source: 2a2d6bO44t.exe, 00000000.00000003.1669910584.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, _hashlib.pyd.0.dr
Source:	Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: 2a2d6bO44t.exe, 00000000.00000003.1672336146.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-sysinfo-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: 2a2d6bO44t.exe, 00000000.00000003.1672775643.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-filesystem-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: 2a2d6bO44t.exe, 00000000.00000003.1673221557.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-stdio-l1-1-0.dll.0.dr
Source:	Binary string: C:\A\21\b\bin\amd64\_ctypes.pdb source: 2a2d6bO44t.exe, 00000001.00000002.1683899472.00007FFE13341000.00000002.00000001.01000000.00000007.sdmp, _ctypes.pyd.0.dr
Source:	Binary string: api-ms-win-core-heap-l1-1-0.pdb source: 2a2d6bO44t.exe, 00000000.00000003.1670815928.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-heap-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-core-util-l1-1-0.pdb source: 2a2d6bO44t.exe, 00000000.00000003.1672479512.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-util-l1-1-0.dll.0.dr
Source:	Binary string: C:\A\21\b\bin\amd64\_bz2.pdb source: 2a2d6bO44t.exe, 00000000.00000003.1669675509.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, _bz2.pyd.0.dr
Source:	Binary string: api-ms-win-core-synch-l1-1-0.pdb source: 2a2d6bO44t.exe, 00000000.00000003.1672183830.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-synch-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: 2a2d6bO44t.exe, 00000000.00000003.1672705433.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-environment-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: 2a2d6bO44t.exe, 00000000.00000003.1670468290.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-errorhandling-l1-1-0.dll.0.dr
Source:	Binary string: vcruntime140.amd64.pdbGCTL source: 2a2d6bO44t.exe, 00000000.00000003.1669564233.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000001.00000002.1684178193.00007FFE1A45E000.00000002.00000001.01000000.00000006.sdmp, VCRUNTIME140.dll.0.dr
Source:	Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: 2a2d6bO44t.exe, 00000000.00000003.1671825906.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-core-console-l1-1-0.pdb source: 2a2d6bO44t.exe, 00000000.00000003.1670255248.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-console-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-core-file-l1-1-0.pdb source: 2a2d6bO44t.exe, 00000000.00000003.1670538040.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: 2a2d6bO44t.exe, 00000000.00000003.1672633384.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-convert-l1-1-0.dll.0.dr
Source:	Binary string: .PdB] source: 2a2d6bO44t.exe
Source:	Binary string: C:\A\21\b\bin\amd64\select.pdb source: 2a2d6bO44t.exe, 00000000.00000003.1676938192.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr
Source:	Binary string: api-ms-win-core-profile-l1-1-0.pdb source: 2a2d6bO44t.exe, 00000000.00000003.1671973807.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-profile-l1-1-0.dll.0.dr
Source:	Binary string: ucrtbase.pdbUGP source: 2a2d6bO44t.exe, 00000001.00000002.1683747797.00007FFE01435000.00000002.00000001.01000000.00000004.sdmp, ucrtbase.dll.0.dr
Source:	Binary string: vcruntime140.amd64.pdb source: 2a2d6bO44t.exe, 00000000.00000003.1669564233.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000001.00000002.1684178193.00007FFE1A45E000.00000002.00000001.01000000.00000006.sdmp, VCRUNTIME140.dll.0.dr
Source:	Binary string: api-ms-win-crt-time-l1-1-0.pdb source: 2a2d6bO44t.exe, 00000000.00000003.1673375428.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-time-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-core-handle-l1-1-0.pdb source: 2a2d6bO44t.exe, 00000000.00000003.1670746800.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-handle-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-core-synch-l1-2-0.pdb source: 2a2d6bO44t.exe, 00000000.00000003.1672262157.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-synch-l1-2-0.dll.0.dr
Source:	Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: 2a2d6bO44t.exe, 00000000.00000003.1671748664.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processenvironment-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: 2a2d6bO44t.exe, 00000000.00000003.1670325436.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-datetime-l1-1-0.dll.0.dr
Source:	Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1d 10 Sep 2019built on: Mon Sep 16 11:00:37 2019 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: libcrypto-1_1.dll.0.dr
Source:	Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: 2a2d6bO44t.exe, 00000000.00000003.1672552114.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-conio-l1-1-0.dll.0.dr
Source:	Binary string: C:\A\21\b\bin\amd64\python38.pdb source: 2a2d6bO44t.exe, 00000001.00000002.1683096527.00007FFDFB76D000.00000002.00000001.01000000.00000005.sdmp, python38.dll.0.dr
Source:	Binary string: api-ms-win-core-localization-l1-2-0.pdb source: 2a2d6bO44t.exe, 00000000.00000003.1671516198.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-localization-l1-2-0.dll.0.dr
Source:	Binary string: C:\A\21\b\bin\amd64\_lzma.pdb source: 2a2d6bO44t.exe, 00000000.00000003.1670006950.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, _lzma.pyd.0.dr
Source:	Binary string: api-ms-win-crt-math-l1-1-0.pdb source: 2a2d6bO44t.exe, 00000000.00000003.1673005619.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-math-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: 2a2d6bO44t.exe, 00000000.00000003.1671900470.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-1.dll.0.dr
Source:	Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: 2a2d6bO44t.exe, 00000000.00000003.1671672682.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-namedpipe-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: 2a2d6bO44t.exe, 00000000.00000003.1673449028.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-utility-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: 2a2d6bO44t.exe, 00000000.00000003.1672043673.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-rtlsupport-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: 2a2d6bO44t.exe, 00000000.00000003.1672407613.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-timezone-l1-1-0.dll.0.dr
Source:	Binary string: C:\A\6\b\libcrypto-1_1.pdb source: libcrypto-1_1.dll.0.dr
Source:	Binary string: api-ms-win-core-string-l1-1-0.pdb source: 2a2d6bO44t.exe, 00000000.00000003.1672114499.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-string-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-core-file-l2-1-0.pdb source: 2a2d6bO44t.exe, 00000000.00000003.1670679390.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l2-1-0.dll.0.dr
Source:	Binary string: api-ms-win-crt-process-l1-1-0.pdb source: 2a2d6bO44t.exe, 00000000.00000003.1673073194.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-process-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: 2a2d6bO44t.exe, 00000000.00000003.1671442800.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-libraryloader-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: 2a2d6bO44t.exe, 00000000.00000003.1670919441.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-interlocked-l1-1-0.dll.0.dr
Source:	Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: libcrypto-1_1.dll.0.dr
Source:	Binary string: C:\A\21\b\bin\amd64\unicodedata.pdb source: 2a2d6bO44t.exe, 00000000.00000003.1677571863.0000024A4687A000.00000004.00000020.00020000.00000000.sdmp, unicodedata.pyd.0.dr
Source:	Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: 2a2d6bO44t.exe, 00000000.00000003.1672854900.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-heap-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-crt-string-l1-1-0.pdb source: 2a2d6bO44t.exe, 00000000.00000003.1673298942.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-string-l1-1-0.dll.0.dr

Spreading

Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 0_2_00007FF733F685A0 FindFirstFileExW,FindClose,		0_2_00007FF733F685A0
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 0_2_00007FF733F679B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,		0_2_00007FF733F679B0
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 0_2_00007FF733F80B84 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,		0_2_00007FF733F80B84
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 1_2_00007FF733F685A0 FindFirstFileExW,FindClose,		1_2_00007FF733F685A0
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 1_2_00007FF733F679B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,		1_2_00007FF733F679B0
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 1_2_00007FF733F80B84 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,		1_2_00007FF733F80B84
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 1_2_00007FFE013F3280 FindFirstFileExW,FindNextFileW,FindClose,		1_2_00007FFE013F3280
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 1_2_00007FFE013F303C FindFirstFileExW,FindNextFileW,FindClose,		1_2_00007FFE013F303C

Networking

Source: 2a2d6bO44t.exe, 00000000.00000003.1674110682.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1669675509.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1675675597.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1669786731.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1670006950.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1676938192.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1677571863.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1669910584.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1670156798.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1675138485.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1677571863.0000024A4687A000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1676938192.0000024A4687D000.00000004.00000020.00020000.00000000.sdmp, python38.dll.0.dr, select.pyd.0.dr, _socket.pyd.0.dr, _ctypes.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-1_1.dll.0.dr, _bz2.pyd.0.dr, _lzma.pyd.0.dr, unicodedata.pyd.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: 2a2d6bO44t.exe, 00000000.00000003.1674110682.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1669675509.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1675675597.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1669786731.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1670006950.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1676938192.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1677571863.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1669910584.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1670156798.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1675138485.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1674110682.0000024A4687D000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1677571863.0000024A4687A000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1676938192.0000024A4687D000.00000004.00000020.00020000.00000000.sdmp, python38.dll.0.dr, select.pyd.0.dr, _socket.pyd.0.dr, _ctypes.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-1_1.dll.0.dr, _bz2.pyd.0.dr, _lzma.pyd.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: 2a2d6bO44t.exe, 00000000.00000003.1669564233.0000024A46870000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.mic
Source: 2a2d6bO44t.exe, 00000000.00000003.1669564233.0000024A46870000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.micG
Source: 2a2d6bO44t.exe, 00000000.00000003.1674110682.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1669675509.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1675675597.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1669786731.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1670006950.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1676938192.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1677571863.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1669910584.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1670156798.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1675138485.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, python38.dll.0.dr, select.pyd.0.dr, _socket.pyd.0.dr, _ctypes.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-1_1.dll.0.dr, _bz2.pyd.0.dr, _lzma.pyd.0.dr, unicodedata.pyd.0.dr, libffi-7.dll.0.dr	String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: 2a2d6bO44t.exe, 00000000.00000003.1674110682.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1669675509.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1675675597.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1669786731.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1670006950.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1676938192.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1677571863.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1669910584.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1670156798.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1675138485.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1677571863.0000024A4687A000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1676938192.0000024A4687D000.00000004.00000020.00020000.00000000.sdmp, python38.dll.0.dr, select.pyd.0.dr, _socket.pyd.0.dr, _ctypes.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-1_1.dll.0.dr, _bz2.pyd.0.dr, _lzma.pyd.0.dr, unicodedata.pyd.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: 2a2d6bO44t.exe, 00000000.00000003.1674110682.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1669675509.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1675675597.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1669786731.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1670006950.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1676938192.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1677571863.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1669910584.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1670156798.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1675138485.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1674110682.0000024A4687D000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1677571863.0000024A4687A000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1676938192.0000024A4687D000.00000004.00000020.00020000.00000000.sdmp, python38.dll.0.dr, select.pyd.0.dr, _socket.pyd.0.dr, _ctypes.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-1_1.dll.0.dr, _bz2.pyd.0.dr, _lzma.pyd.0.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: 2a2d6bO44t.exe, 00000000.00000003.1674110682.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1669675509.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1675675597.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1669786731.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1670006950.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1676938192.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1677571863.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1669910584.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1670156798.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1675138485.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1677571863.0000024A4687A000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1676938192.0000024A4687D000.00000004.00000020.00020000.00000000.sdmp, python38.dll.0.dr, select.pyd.0.dr, _socket.pyd.0.dr, _ctypes.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-1_1.dll.0.dr, _bz2.pyd.0.dr, _lzma.pyd.0.dr, unicodedata.pyd.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: 2a2d6bO44t.exe, 00000000.00000003.1674110682.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1669675509.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1675675597.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1669786731.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1670006950.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1676938192.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1677571863.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1669910584.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1670156798.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1675138485.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1674110682.0000024A4687D000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1677571863.0000024A4687A000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1676938192.0000024A4687D000.00000004.00000020.00020000.00000000.sdmp, python38.dll.0.dr, select.pyd.0.dr, _socket.pyd.0.dr, _ctypes.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-1_1.dll.0.dr, _bz2.pyd.0.dr, _lzma.pyd.0.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: 2a2d6bO44t.exe, 00000000.00000003.1674110682.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1669675509.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1675675597.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1669786731.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1670006950.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1676938192.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1677571863.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1669910584.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1670156798.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1675138485.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1677571863.0000024A4687A000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1676938192.0000024A4687D000.00000004.00000020.00020000.00000000.sdmp, python38.dll.0.dr, select.pyd.0.dr, _socket.pyd.0.dr, _ctypes.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-1_1.dll.0.dr, _bz2.pyd.0.dr, _lzma.pyd.0.dr, unicodedata.pyd.0.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: 2a2d6bO44t.exe, 00000000.00000003.1674110682.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1669675509.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1675675597.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1669786731.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1670006950.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1676938192.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1677571863.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1669910584.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1670156798.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1675138485.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1674110682.0000024A4687D000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1677571863.0000024A4687A000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1676938192.0000024A4687D000.00000004.00000020.00020000.00000000.sdmp, python38.dll.0.dr, select.pyd.0.dr, _socket.pyd.0.dr, _ctypes.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-1_1.dll.0.dr, _bz2.pyd.0.dr, _lzma.pyd.0.dr	String found in binary or memory: http://ocsp.digicert.com0N
Source: 2a2d6bO44t.exe, 00000000.00000003.1674110682.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1669675509.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1675675597.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1669786731.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1670006950.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1676938192.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1677571863.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1669910584.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1670156798.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1675138485.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, python38.dll.0.dr, select.pyd.0.dr, _socket.pyd.0.dr, _ctypes.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-1_1.dll.0.dr, _bz2.pyd.0.dr, _lzma.pyd.0.dr, unicodedata.pyd.0.dr, libffi-7.dll.0.dr	String found in binary or memory: http://ocsp.thawte.com0
Source: python38.dll.0.dr	String found in binary or memory: http://python.org/dev/peps/pep-0263/
Source: 2a2d6bO44t.exe, 00000000.00000003.1674110682.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1669675509.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1675675597.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1669786731.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1670006950.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1676938192.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1677571863.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1669910584.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1670156798.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1675138485.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, python38.dll.0.dr, select.pyd.0.dr, _socket.pyd.0.dr, _ctypes.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-1_1.dll.0.dr, _bz2.pyd.0.dr, _lzma.pyd.0.dr, unicodedata.pyd.0.dr, libffi-7.dll.0.dr	String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: 2a2d6bO44t.exe, 00000000.00000003.1674110682.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1669675509.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1675675597.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1669786731.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1670006950.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1676938192.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1677571863.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1669910584.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1670156798.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1675138485.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, python38.dll.0.dr, select.pyd.0.dr, _socket.pyd.0.dr, _ctypes.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-1_1.dll.0.dr, _bz2.pyd.0.dr, _lzma.pyd.0.dr, unicodedata.pyd.0.dr, libffi-7.dll.0.dr	String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: 2a2d6bO44t.exe, 00000000.00000003.1674110682.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1669675509.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1675675597.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1669786731.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1670006950.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1676938192.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1677571863.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1669910584.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1670156798.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1675138485.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, python38.dll.0.dr, select.pyd.0.dr, _socket.pyd.0.dr, _ctypes.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-1_1.dll.0.dr, _bz2.pyd.0.dr, _lzma.pyd.0.dr, unicodedata.pyd.0.dr, libffi-7.dll.0.dr	String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: 2a2d6bO44t.exe, 00000000.00000003.1673602870.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, base_library.zip.0.dr	String found in binary or memory: http://www.python.org/dev/peps/pep-0205/
Source: 2a2d6bO44t.exe, 00000001.00000002.1682041958.00000121382E0000.00000004.00001000.00020000.00000000.sdmp, base_library.zip.0.dr	String found in binary or memory: http://www.python.org/download/releases/2.3/mro/.
Source: 2a2d6bO44t.exe, 00000001.00000003.1680328487.00000121363F3000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000001.00000003.1680685111.00000121363F3000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000001.00000003.1680735796.0000012136404000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000001.00000002.1681149635.0000012136407000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
Source: 2a2d6bO44t.exe, 00000001.00000002.1681414736.0000012137C40000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
Source: 2a2d6bO44t.exe, 00000001.00000002.1681149635.0000012136407000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
Source: 2a2d6bO44t.exe, 00000001.00000003.1680328487.00000121363F3000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000001.00000003.1680685111.00000121363F3000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000001.00000003.1680735796.0000012136404000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000001.00000002.1681149635.0000012136407000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
Source: 2a2d6bO44t.exe, 00000001.00000003.1680328487.00000121363F3000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000001.00000003.1680685111.00000121363F3000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000001.00000003.1680735796.0000012136404000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000001.00000002.1681149635.0000012136407000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
Source: 2a2d6bO44t.exe, 00000000.00000003.1674110682.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1669675509.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1675675597.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1669786731.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1670006950.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1676938192.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1677571863.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1669910584.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1670156798.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1675138485.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1674110682.0000024A4687D000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1677571863.0000024A4687A000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000000.00000003.1676938192.0000024A4687D000.00000004.00000020.00020000.00000000.sdmp, python38.dll.0.dr, select.pyd.0.dr, _socket.pyd.0.dr, _ctypes.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-1_1.dll.0.dr, _bz2.pyd.0.dr, _lzma.pyd.0.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: libcrypto-1_1.dll.0.dr	String found in binary or memory: https://www.openssl.org/H

System Summary

Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 0_2_00007FF733F61000		0_2_00007FF733F61000
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 0_2_00007FF733F7FBD8		0_2_00007FF733F7FBD8
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 0_2_00007FF733F85C74		0_2_00007FF733F85C74
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 0_2_00007FF733F7CD6C		0_2_00007FF733F7CD6C
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 0_2_00007FF733F695FB		0_2_00007FF733F695FB
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 0_2_00007FF733F70E70		0_2_00007FF733F70E70
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 0_2_00007FF733F84F10		0_2_00007FF733F84F10
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 0_2_00007FF733F82F20		0_2_00007FF733F82F20
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 0_2_00007FF733F85728		0_2_00007FF733F85728
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 0_2_00007FF733F7FBD8		0_2_00007FF733F7FBD8
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 0_2_00007FF733F71F30		0_2_00007FF733F71F30
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 0_2_00007FF733F6979B		0_2_00007FF733F6979B
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 0_2_00007FF733F69FCD		0_2_00007FF733F69FCD
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 0_2_00007FF733F75040		0_2_00007FF733F75040
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 0_2_00007FF733F71074		0_2_00007FF733F71074
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 0_2_00007FF733F7D880		0_2_00007FF733F7D880
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 0_2_00007FF733F728C0		0_2_00007FF733F728C0
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 0_2_00007FF733F8518C		0_2_00007FF733F8518C
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 0_2_00007FF733F791B0		0_2_00007FF733F791B0
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 0_2_00007FF733F7D200		0_2_00007FF733F7D200
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 0_2_00007FF733F88A38		0_2_00007FF733F88A38
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 0_2_00007FF733F70A60		0_2_00007FF733F70A60
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 0_2_00007FF733F71280		0_2_00007FF733F71280
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 0_2_00007FF733F77AAC		0_2_00007FF733F77AAC
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 0_2_00007FF733F68B20		0_2_00007FF733F68B20
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 0_2_00007FF733F80B84		0_2_00007FF733F80B84
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 0_2_00007FF733F833BC		0_2_00007FF733F833BC
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 0_2_00007FF733F773F4		0_2_00007FF733F773F4
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 0_2_00007FF733F70C64		0_2_00007FF733F70C64
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 0_2_00007FF733F71484		0_2_00007FF733F71484
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 0_2_00007FF733F72CC4		0_2_00007FF733F72CC4
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 1_2_00007FF733F695FB		1_2_00007FF733F695FB
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 1_2_00007FF733F84F10		1_2_00007FF733F84F10
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 1_2_00007FF733F61000		1_2_00007FF733F61000
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 1_2_00007FF733F85C74		1_2_00007FF733F85C74
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 1_2_00007FF733F7CD6C		1_2_00007FF733F7CD6C
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 1_2_00007FF733F70E70		1_2_00007FF733F70E70
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 1_2_00007FF733F82F20		1_2_00007FF733F82F20
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 1_2_00007FF733F85728		1_2_00007FF733F85728
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 1_2_00007FF733F7FBD8		1_2_00007FF733F7FBD8
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 1_2_00007FF733F71F30		1_2_00007FF733F71F30
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 1_2_00007FF733F6979B		1_2_00007FF733F6979B
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 1_2_00007FF733F69FCD		1_2_00007FF733F69FCD
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 1_2_00007FF733F75040		1_2_00007FF733F75040
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 1_2_00007FF733F71074		1_2_00007FF733F71074
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 1_2_00007FF733F7D880		1_2_00007FF733F7D880
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 1_2_00007FF733F728C0		1_2_00007FF733F728C0
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 1_2_00007FF733F8518C		1_2_00007FF733F8518C
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 1_2_00007FF733F791B0		1_2_00007FF733F791B0
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 1_2_00007FF733F7D200		1_2_00007FF733F7D200
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 1_2_00007FF733F88A38		1_2_00007FF733F88A38
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 1_2_00007FF733F70A60		1_2_00007FF733F70A60
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 1_2_00007FF733F71280		1_2_00007FF733F71280
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 1_2_00007FF733F77AAC		1_2_00007FF733F77AAC
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 1_2_00007FF733F68B20		1_2_00007FF733F68B20
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 1_2_00007FF733F80B84		1_2_00007FF733F80B84
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 1_2_00007FF733F833BC		1_2_00007FF733F833BC
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 1_2_00007FF733F7FBD8		1_2_00007FF733F7FBD8
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 1_2_00007FF733F773F4		1_2_00007FF733F773F4
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 1_2_00007FF733F70C64		1_2_00007FF733F70C64
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 1_2_00007FF733F71484		1_2_00007FF733F71484
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 1_2_00007FF733F72CC4		1_2_00007FF733F72CC4
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 1_2_00007FFE013A1200		1_2_00007FFE013A1200
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 1_2_00007FFE014100BC		1_2_00007FFE014100BC
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 1_2_00007FFE0139D120		1_2_00007FFE0139D120
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 1_2_00007FFE013A2384		1_2_00007FFE013A2384
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 1_2_00007FFE0138C360		1_2_00007FFE0138C360
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 1_2_00007FFE013AC429		1_2_00007FFE013AC429
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 1_2_00007FFE01383274		1_2_00007FFE01383274
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 1_2_00007FFE01390300		1_2_00007FFE01390300
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 1_2_00007FFE01388310		1_2_00007FFE01388310
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 1_2_00007FFE0138233C		1_2_00007FFE0138233C
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 1_2_00007FFE013A62D0		1_2_00007FFE013A62D0
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 1_2_00007FFE0139F5A4		1_2_00007FFE0139F5A4
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 1_2_00007FFE0138F520		1_2_00007FFE0138F520
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 1_2_00007FFE013C2740		1_2_00007FFE013C2740
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 1_2_00007FFE013916D0		1_2_00007FFE013916D0
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 1_2_00007FFE013826F8		1_2_00007FFE013826F8
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 1_2_00007FFE013928B0		1_2_00007FFE013928B0
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 1_2_00007FFE01388854		1_2_00007FFE01388854
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 1_2_00007FFE01385B5C		1_2_00007FFE01385B5C
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 1_2_00007FFE0138FBE0		1_2_00007FFE0138FBE0
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 1_2_00007FFE013E7BFC		1_2_00007FFE013E7BFC
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 1_2_00007FFE013F2A68		1_2_00007FFE013F2A68
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 1_2_00007FFE0139DAC0		1_2_00007FFE0139DAC0
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 1_2_00007FFE013B0E15		1_2_00007FFE013B0E15
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 1_2_00007FFE01428DF8		1_2_00007FFE01428DF8
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 1_2_00007FFE013F2C48		1_2_00007FFE013F2C48
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 1_2_00007FFE01382FA0		1_2_00007FFE01382FA0
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 1_2_00007FFE0138FF60		1_2_00007FFE0138FF60
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 1_2_00007FFE013AF000		1_2_00007FFE013AF000
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 1_2_00007FFE0138D030		1_2_00007FFE0138D030
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 1_2_00007FFE01425E64		1_2_00007FFE01425E64
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 1_2_00007FFE13336AE4		1_2_00007FFE13336AE4
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 1_2_00007FFE13332DD0		1_2_00007FFE13332DD0
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 1_2_00007FFE148E3CF0		1_2_00007FFE148E3CF0
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 1_2_00007FFE148E2D30		1_2_00007FFE148E2D30
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 1_2_00007FFE148E1A80		1_2_00007FFE148E1A80
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 1_2_00007FFE148E1A80		1_2_00007FFE148E1A80
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 1_2_00007FFE148E521C		1_2_00007FFE148E521C
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 1_2_00007FFE148E2630		1_2_00007FFE148E2630
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 1_2_00007FFE148E3140		1_2_00007FFE148E3140
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 1_2_00007FFE148E37B0		1_2_00007FFE148E37B0
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 1_2_00007FFE1A45D130		1_2_00007FFE1A45D130
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 1_2_00007FFE1A4571CC		1_2_00007FFE1A4571CC

Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: String function: 00007FF733F625F0 appears 100 times
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: String function: 00007FF733F62760 appears 36 times

Source: api-ms-win-core-processenvironment-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-interlocked-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-util-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-stdio-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-errorhandling-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-console-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-process-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-timezone-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-file-l2-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-debug-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-string-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-handle-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-2-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-profile-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-localization-l1-2-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-datetime-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-math-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-locale-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-time-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-1.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-utility-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-namedpipe-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-filesystem-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-rtlsupport-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-conio-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-heap-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-convert-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-runtime-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-string-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-2-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-memory-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-sysinfo-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-libraryloader-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-heap-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-environment-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found

Source: 2a2d6bO44t.exe, 00000000.00000003.1673073194.0000024A46870000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs 2a2d6bO44t.exe
Source: 2a2d6bO44t.exe, 00000000.00000003.1672262157.0000024A46870000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs 2a2d6bO44t.exe
Source: 2a2d6bO44t.exe, 00000000.00000003.1673298942.0000024A46870000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs 2a2d6bO44t.exe
Source: 2a2d6bO44t.exe, 00000000.00000003.1672183830.0000024A46870000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs 2a2d6bO44t.exe
Source: 2a2d6bO44t.exe, 00000000.00000003.1669675509.0000024A46870000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_bz2.pyd. vs 2a2d6bO44t.exe
Source: 2a2d6bO44t.exe, 00000000.00000003.1669564233.0000024A46870000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamevcruntime140.dll^ vs 2a2d6bO44t.exe
Source: 2a2d6bO44t.exe, 00000000.00000003.1671516198.0000024A46870000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs 2a2d6bO44t.exe
Source: 2a2d6bO44t.exe, 00000000.00000003.1673221557.0000024A46870000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs 2a2d6bO44t.exe
Source: 2a2d6bO44t.exe, 00000000.00000003.1670468290.0000024A46870000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs 2a2d6bO44t.exe
Source: 2a2d6bO44t.exe, 00000000.00000003.1672479512.0000024A46870000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs 2a2d6bO44t.exe
Source: 2a2d6bO44t.exe, 00000000.00000003.1671672682.0000024A46870000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs 2a2d6bO44t.exe
Source: 2a2d6bO44t.exe, 00000000.00000003.1675675597.0000024A46870000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamepython38.dll. vs 2a2d6bO44t.exe
Source: 2a2d6bO44t.exe, 00000000.00000003.1669786731.0000024A46870000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_ctypes.pyd. vs 2a2d6bO44t.exe
Source: 2a2d6bO44t.exe, 00000000.00000003.1670611686.0000024A46870000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs 2a2d6bO44t.exe
Source: 2a2d6bO44t.exe, 00000000.00000003.1670395383.0000024A46870000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs 2a2d6bO44t.exe
Source: 2a2d6bO44t.exe, 00000000.00000003.1671598773.0000024A46870000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs 2a2d6bO44t.exe
Source: 2a2d6bO44t.exe, 00000000.00000003.1670325436.0000024A46870000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs 2a2d6bO44t.exe
Source: 2a2d6bO44t.exe, 00000000.00000003.1673375428.0000024A46870000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs 2a2d6bO44t.exe
Source: 2a2d6bO44t.exe, 00000000.00000003.1670006950.0000024A46870000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_lzma.pyd. vs 2a2d6bO44t.exe
Source: 2a2d6bO44t.exe, 00000000.00000003.1670538040.0000024A46870000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs 2a2d6bO44t.exe
Source: 2a2d6bO44t.exe, 00000000.00000003.1672705433.0000024A46870000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs 2a2d6bO44t.exe
Source: 2a2d6bO44t.exe, 00000000.00000003.1670679390.0000024A46870000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs 2a2d6bO44t.exe
Source: 2a2d6bO44t.exe, 00000000.00000003.1672336146.0000024A46870000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs 2a2d6bO44t.exe
Source: 2a2d6bO44t.exe, 00000000.00000003.1672930717.0000024A46870000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs 2a2d6bO44t.exe
Source: 2a2d6bO44t.exe, 00000000.00000003.1676938192.0000024A46870000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameselect.pyd. vs 2a2d6bO44t.exe
Source: 2a2d6bO44t.exe, 00000000.00000003.1677571863.0000024A46870000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameunicodedata.pyd. vs 2a2d6bO44t.exe
Source: 2a2d6bO44t.exe, 00000000.00000003.1671748664.0000024A46870000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs 2a2d6bO44t.exe
Source: 2a2d6bO44t.exe, 00000000.00000003.1670255248.0000024A46870000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs 2a2d6bO44t.exe
Source: 2a2d6bO44t.exe, 00000000.00000003.1672043673.0000024A46870000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs 2a2d6bO44t.exe
Source: 2a2d6bO44t.exe, 00000000.00000003.1670919441.0000024A46870000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs 2a2d6bO44t.exe
Source: 2a2d6bO44t.exe, 00000000.00000003.1671973807.0000024A46870000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs 2a2d6bO44t.exe
Source: 2a2d6bO44t.exe, 00000000.00000003.1671900470.0000024A46870000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs 2a2d6bO44t.exe
Source: 2a2d6bO44t.exe, 00000000.00000003.1669910584.0000024A46870000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_ha vs 2a2d6bO44t.exe
Source: 2a2d6bO44t.exe, 00000000.00000003.1669910584.0000024A46870000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_hashlib.pyd. vs 2a2d6bO44t.exe
Source: 2a2d6bO44t.exe, 00000000.00000003.1670156798.0000024A46870000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_socket.pyd. vs 2a2d6bO44t.exe
Source: 2a2d6bO44t.exe, 00000000.00000003.1673005619.0000024A46870000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs 2a2d6bO44t.exe
Source: 2a2d6bO44t.exe, 00000000.00000003.1670746800.0000024A46870000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs 2a2d6bO44t.exe
Source: 2a2d6bO44t.exe, 00000000.00000003.1672552114.0000024A46870000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs 2a2d6bO44t.exe
Source: 2a2d6bO44t.exe, 00000000.00000003.1672633384.0000024A46870000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs 2a2d6bO44t.exe
Source: 2a2d6bO44t.exe, 00000000.00000003.1673147081.0000024A46870000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs 2a2d6bO44t.exe
Source: 2a2d6bO44t.exe, 00000000.00000003.1672114499.0000024A46870000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs 2a2d6bO44t.exe
Source: 2a2d6bO44t.exe, 00000000.00000003.1673449028.0000024A46870000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs 2a2d6bO44t.exe
Source: 2a2d6bO44t.exe, 00000000.00000003.1670815928.0000024A46870000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs 2a2d6bO44t.exe
Source: 2a2d6bO44t.exe, 00000000.00000003.1671825906.0000024A46870000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs 2a2d6bO44t.exe
Source: 2a2d6bO44t.exe, 00000000.00000003.1672407613.0000024A46870000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs 2a2d6bO44t.exe
Source: 2a2d6bO44t.exe, 00000000.00000003.1671442800.0000024A46870000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs 2a2d6bO44t.exe
Source: 2a2d6bO44t.exe, 00000000.00000003.1672854900.0000024A46870000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs 2a2d6bO44t.exe
Source: 2a2d6bO44t.exe, 00000000.00000003.1677147397.0000024A46870000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameucrtbase.dllj% vs 2a2d6bO44t.exe
Source: 2a2d6bO44t.exe, 00000000.00000003.1672775643.0000024A46870000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs 2a2d6bO44t.exe
Source: 2a2d6bO44t.exe	Binary or memory string: OriginalFilename vs 2a2d6bO44t.exe
Source: 2a2d6bO44t.exe, 00000001.00000003.1679503987.00000121363F3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamekernel32j% vs 2a2d6bO44t.exe
Source: 2a2d6bO44t.exe, 00000001.00000002.1683935915.00007FFE1334C000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: OriginalFilename_ctypes.pyd. vs 2a2d6bO44t.exe
Source: 2a2d6bO44t.exe, 00000001.00000003.1679383310.00000121363F3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamekernel32j% vs 2a2d6bO44t.exe
Source: 2a2d6bO44t.exe, 00000001.00000002.1683801881.00007FFE01472000.00000002.00000001.01000000.00000004.sdmp	Binary or memory string: OriginalFilenameucrtbase.dllj% vs 2a2d6bO44t.exe
Source: 2a2d6bO44t.exe, 00000001.00000002.1683579117.00007FFDFB87F000.00000002.00000001.01000000.00000005.sdmp	Binary or memory string: OriginalFilenamepython38.dll. vs 2a2d6bO44t.exe
Source: 2a2d6bO44t.exe, 00000001.00000002.1684215545.00007FFE1A463000.00000002.00000001.01000000.00000006.sdmp	Binary or memory string: OriginalFilenamevcruntime140.dll^ vs 2a2d6bO44t.exe

Source: classification engine

Classification label: mal52.winEXE@3/51@0/0

Source: C:\Users\user\Desktop\2a2d6bO44t.exe

Code function: 0_2_00007FF733F629E0 GetLastError,FormatMessageW,MessageBoxW,

0_2_00007FF733F629E0

Source: C:\Users\user\Desktop\2a2d6bO44t.exe

File created: C:\Users\user\AppData\Local\Temp\_MEI8242

Jump to behavior

Source: 2a2d6bO44t.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\2a2d6bO44t.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: 2a2d6bO44t.exe	ReversingLabs: Detection: 21%
Source: 2a2d6bO44t.exe	Virustotal: Detection: 22%

Source: C:\Users\user\Desktop\2a2d6bO44t.exe

File read: C:\Users\user\Desktop\2a2d6bO44t.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\2a2d6bO44t.exe "C:\Users\user\Desktop\2a2d6bO44t.exe"
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Process created: C:\Users\user\Desktop\2a2d6bO44t.exe "C:\Users\user\Desktop\2a2d6bO44t.exe"
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Process created: C:\Users\user\Desktop\2a2d6bO44t.exe "C:\Users\user\Desktop\2a2d6bO44t.exe"			Jump to behavior

Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Section loaded: kernel.appcore.dll			Jump to behavior
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Section loaded: version.dll			Jump to behavior
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Section loaded: vcruntime140.dll			Jump to behavior
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Section loaded: cryptsp.dll			Jump to behavior
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Section loaded: rsaenh.dll			Jump to behavior
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Section loaded: cryptbase.dll			Jump to behavior
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Section loaded: libffi-7.dll			Jump to behavior
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Section loaded: kernel.appcore.dll			Jump to behavior

Source: C:\Users\user\Desktop\2a2d6bO44t.exe

File opened: C:\Users\user\Desktop\pyvenv.cfg

Jump to behavior

Source: 2a2d6bO44t.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: 2a2d6bO44t.exe

Static file information: File size 5915953 > 1048576

Source: 2a2d6bO44t.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: 2a2d6bO44t.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: 2a2d6bO44t.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: 2a2d6bO44t.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: 2a2d6bO44t.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: 2a2d6bO44t.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: 2a2d6bO44t.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE

Source: 2a2d6bO44t.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: 2a2d6bO44t.exe, 00000000.00000003.1672930717.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-locale-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: 2a2d6bO44t.exe, 00000000.00000003.1673147081.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-runtime-l1-1-0.dll.0.dr
Source:	Binary string: C:\A\21\b\bin\amd64\_lzma.pdbMM source: 2a2d6bO44t.exe, 00000000.00000003.1670006950.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, _lzma.pyd.0.dr
Source:	Binary string: api-ms-win-core-file-l1-2-0.pdb source: 2a2d6bO44t.exe, 00000000.00000003.1670611686.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l1-2-0.dll.0.dr
Source:	Binary string: C:\A\21\b\bin\amd64\_socket.pdb source: 2a2d6bO44t.exe, 00000000.00000003.1670156798.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, _socket.pyd.0.dr
Source:	Binary string: ucrtbase.pdb source: 2a2d6bO44t.exe, 00000001.00000002.1683747797.00007FFE01435000.00000002.00000001.01000000.00000004.sdmp, ucrtbase.dll.0.dr
Source:	Binary string: api-ms-win-core-memory-l1-1-0.pdb source: 2a2d6bO44t.exe, 00000000.00000003.1671598773.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-memory-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-core-debug-l1-1-0.pdb source: 2a2d6bO44t.exe, 00000000.00000003.1670395383.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-debug-l1-1-0.dll.0.dr
Source:	Binary string: C:\A\21\b\bin\amd64\_hashlib.pdb source: 2a2d6bO44t.exe, 00000000.00000003.1669910584.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, _hashlib.pyd.0.dr
Source:	Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: 2a2d6bO44t.exe, 00000000.00000003.1672336146.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-sysinfo-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: 2a2d6bO44t.exe, 00000000.00000003.1672775643.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-filesystem-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: 2a2d6bO44t.exe, 00000000.00000003.1673221557.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-stdio-l1-1-0.dll.0.dr
Source:	Binary string: C:\A\21\b\bin\amd64\_ctypes.pdb source: 2a2d6bO44t.exe, 00000001.00000002.1683899472.00007FFE13341000.00000002.00000001.01000000.00000007.sdmp, _ctypes.pyd.0.dr
Source:	Binary string: api-ms-win-core-heap-l1-1-0.pdb source: 2a2d6bO44t.exe, 00000000.00000003.1670815928.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-heap-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-core-util-l1-1-0.pdb source: 2a2d6bO44t.exe, 00000000.00000003.1672479512.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-util-l1-1-0.dll.0.dr
Source:	Binary string: C:\A\21\b\bin\amd64\_bz2.pdb source: 2a2d6bO44t.exe, 00000000.00000003.1669675509.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, _bz2.pyd.0.dr
Source:	Binary string: api-ms-win-core-synch-l1-1-0.pdb source: 2a2d6bO44t.exe, 00000000.00000003.1672183830.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-synch-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: 2a2d6bO44t.exe, 00000000.00000003.1672705433.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-environment-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: 2a2d6bO44t.exe, 00000000.00000003.1670468290.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-errorhandling-l1-1-0.dll.0.dr
Source:	Binary string: vcruntime140.amd64.pdbGCTL source: 2a2d6bO44t.exe, 00000000.00000003.1669564233.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000001.00000002.1684178193.00007FFE1A45E000.00000002.00000001.01000000.00000006.sdmp, VCRUNTIME140.dll.0.dr
Source:	Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: 2a2d6bO44t.exe, 00000000.00000003.1671825906.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-core-console-l1-1-0.pdb source: 2a2d6bO44t.exe, 00000000.00000003.1670255248.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-console-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-core-file-l1-1-0.pdb source: 2a2d6bO44t.exe, 00000000.00000003.1670538040.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: 2a2d6bO44t.exe, 00000000.00000003.1672633384.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-convert-l1-1-0.dll.0.dr
Source:	Binary string: .PdB] source: 2a2d6bO44t.exe
Source:	Binary string: C:\A\21\b\bin\amd64\select.pdb source: 2a2d6bO44t.exe, 00000000.00000003.1676938192.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr
Source:	Binary string: api-ms-win-core-profile-l1-1-0.pdb source: 2a2d6bO44t.exe, 00000000.00000003.1671973807.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-profile-l1-1-0.dll.0.dr
Source:	Binary string: ucrtbase.pdbUGP source: 2a2d6bO44t.exe, 00000001.00000002.1683747797.00007FFE01435000.00000002.00000001.01000000.00000004.sdmp, ucrtbase.dll.0.dr
Source:	Binary string: vcruntime140.amd64.pdb source: 2a2d6bO44t.exe, 00000000.00000003.1669564233.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, 2a2d6bO44t.exe, 00000001.00000002.1684178193.00007FFE1A45E000.00000002.00000001.01000000.00000006.sdmp, VCRUNTIME140.dll.0.dr
Source:	Binary string: api-ms-win-crt-time-l1-1-0.pdb source: 2a2d6bO44t.exe, 00000000.00000003.1673375428.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-time-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-core-handle-l1-1-0.pdb source: 2a2d6bO44t.exe, 00000000.00000003.1670746800.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-handle-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-core-synch-l1-2-0.pdb source: 2a2d6bO44t.exe, 00000000.00000003.1672262157.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-synch-l1-2-0.dll.0.dr
Source:	Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: 2a2d6bO44t.exe, 00000000.00000003.1671748664.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processenvironment-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: 2a2d6bO44t.exe, 00000000.00000003.1670325436.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-datetime-l1-1-0.dll.0.dr
Source:	Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1d 10 Sep 2019built on: Mon Sep 16 11:00:37 2019 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: libcrypto-1_1.dll.0.dr
Source:	Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: 2a2d6bO44t.exe, 00000000.00000003.1672552114.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-conio-l1-1-0.dll.0.dr
Source:	Binary string: C:\A\21\b\bin\amd64\python38.pdb source: 2a2d6bO44t.exe, 00000001.00000002.1683096527.00007FFDFB76D000.00000002.00000001.01000000.00000005.sdmp, python38.dll.0.dr
Source:	Binary string: api-ms-win-core-localization-l1-2-0.pdb source: 2a2d6bO44t.exe, 00000000.00000003.1671516198.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-localization-l1-2-0.dll.0.dr
Source:	Binary string: C:\A\21\b\bin\amd64\_lzma.pdb source: 2a2d6bO44t.exe, 00000000.00000003.1670006950.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, _lzma.pyd.0.dr
Source:	Binary string: api-ms-win-crt-math-l1-1-0.pdb source: 2a2d6bO44t.exe, 00000000.00000003.1673005619.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-math-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: 2a2d6bO44t.exe, 00000000.00000003.1671900470.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-1.dll.0.dr
Source:	Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: 2a2d6bO44t.exe, 00000000.00000003.1671672682.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-namedpipe-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: 2a2d6bO44t.exe, 00000000.00000003.1673449028.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-utility-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: 2a2d6bO44t.exe, 00000000.00000003.1672043673.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-rtlsupport-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: 2a2d6bO44t.exe, 00000000.00000003.1672407613.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-timezone-l1-1-0.dll.0.dr
Source:	Binary string: C:\A\6\b\libcrypto-1_1.pdb source: libcrypto-1_1.dll.0.dr
Source:	Binary string: api-ms-win-core-string-l1-1-0.pdb source: 2a2d6bO44t.exe, 00000000.00000003.1672114499.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-string-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-core-file-l2-1-0.pdb source: 2a2d6bO44t.exe, 00000000.00000003.1670679390.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l2-1-0.dll.0.dr
Source:	Binary string: api-ms-win-crt-process-l1-1-0.pdb source: 2a2d6bO44t.exe, 00000000.00000003.1673073194.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-process-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: 2a2d6bO44t.exe, 00000000.00000003.1671442800.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-libraryloader-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: 2a2d6bO44t.exe, 00000000.00000003.1670919441.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-interlocked-l1-1-0.dll.0.dr
Source:	Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: libcrypto-1_1.dll.0.dr
Source:	Binary string: C:\A\21\b\bin\amd64\unicodedata.pdb source: 2a2d6bO44t.exe, 00000000.00000003.1677571863.0000024A4687A000.00000004.00000020.00020000.00000000.sdmp, unicodedata.pyd.0.dr
Source:	Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: 2a2d6bO44t.exe, 00000000.00000003.1672854900.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-heap-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-crt-string-l1-1-0.pdb source: 2a2d6bO44t.exe, 00000000.00000003.1673298942.0000024A46870000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-string-l1-1-0.dll.0.dr

Source: 2a2d6bO44t.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: 2a2d6bO44t.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: 2a2d6bO44t.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: 2a2d6bO44t.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: 2a2d6bO44t.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Data Obfuscation

Source: ucrtbase.dll.0.dr

Static PE information: 0x81CF5D89 [Wed Jan 5 14:32:41 2039 UTC]

Source: libcrypto-1_1.dll.0.dr

Static PE information: section name: .00cfg

Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 1_2_00007FFE013B0200 push rdi; ret		1_2_00007FFE013B0206
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 1_2_00007FFE013AA096 push rdi; ret		1_2_00007FFE013AA0A2
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 1_2_00007FFE013AA5B5 push rdi; ret		1_2_00007FFE013AA5BB
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 1_2_00007FFE013AFAED push rdi; ret		1_2_00007FFE013AFAF4
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 1_2_00007FFE1A45CB1B push rbp; retf		1_2_00007FFE1A45CB28

Persistence and Installation Behavior

Source: C:\Users\user\Desktop\2a2d6bO44t.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-core-timezone-l1-1-0.dll			Jump to dropped file
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI8242\_ctypes.pyd			Jump to dropped file
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-core-handle-l1-1-0.dll			Jump to dropped file
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-core-synch-l1-2-0.dll			Jump to dropped file
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-core-libraryloader-l1-1-0.dll			Jump to dropped file
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-crt-time-l1-1-0.dll			Jump to dropped file
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-core-localization-l1-2-0.dll			Jump to dropped file
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI8242\_socket.pyd			Jump to dropped file
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI8242\_bz2.pyd			Jump to dropped file
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-core-namedpipe-l1-1-0.dll			Jump to dropped file
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-crt-utility-l1-1-0.dll			Jump to dropped file
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-core-util-l1-1-0.dll			Jump to dropped file
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI8242\libcrypto-1_1.dll			Jump to dropped file
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI8242\VCRUNTIME140.dll			Jump to dropped file
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-core-processthreads-l1-1-0.dll			Jump to dropped file
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-crt-process-l1-1-0.dll			Jump to dropped file
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-core-file-l2-1-0.dll			Jump to dropped file
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-core-string-l1-1-0.dll			Jump to dropped file
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI8242\_lzma.pyd			Jump to dropped file
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI8242\python38.dll			Jump to dropped file
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-core-heap-l1-1-0.dll			Jump to dropped file
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-crt-environment-l1-1-0.dll			Jump to dropped file
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-core-processthreads-l1-1-1.dll			Jump to dropped file
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-crt-stdio-l1-1-0.dll			Jump to dropped file
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-crt-string-l1-1-0.dll			Jump to dropped file
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-core-errorhandling-l1-1-0.dll			Jump to dropped file
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-crt-math-l1-1-0.dll			Jump to dropped file
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-crt-runtime-l1-1-0.dll			Jump to dropped file
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-crt-locale-l1-1-0.dll			Jump to dropped file
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-core-memory-l1-1-0.dll			Jump to dropped file
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-core-debug-l1-1-0.dll			Jump to dropped file
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-core-file-l1-2-0.dll			Jump to dropped file
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-core-sysinfo-l1-1-0.dll			Jump to dropped file
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI8242\select.pyd			Jump to dropped file
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-crt-filesystem-l1-1-0.dll			Jump to dropped file
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI8242\ucrtbase.dll			Jump to dropped file
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI8242\libffi-7.dll			Jump to dropped file
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-crt-convert-l1-1-0.dll			Jump to dropped file
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-core-datetime-l1-1-0.dll			Jump to dropped file
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-core-interlocked-l1-1-0.dll			Jump to dropped file
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-core-synch-l1-1-0.dll			Jump to dropped file
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-core-file-l1-1-0.dll			Jump to dropped file
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-crt-heap-l1-1-0.dll			Jump to dropped file
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-core-processenvironment-l1-1-0.dll			Jump to dropped file
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-core-console-l1-1-0.dll			Jump to dropped file
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-core-rtlsupport-l1-1-0.dll			Jump to dropped file
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-crt-conio-l1-1-0.dll			Jump to dropped file
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-core-profile-l1-1-0.dll			Jump to dropped file
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI8242\_hashlib.pyd			Jump to dropped file
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI8242\unicodedata.pyd			Jump to dropped file

Hooking and other Techniques for Hiding and Protection

Source: C:\Users\user\Desktop\2a2d6bO44t.exe

Code function: 0_2_00007FF733F66EA0 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

0_2_00007FF733F66EA0

Malware Analysis System Evasion

Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-core-errorhandling-l1-1-0.dll			Jump to dropped file
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-crt-math-l1-1-0.dll			Jump to dropped file
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-crt-runtime-l1-1-0.dll			Jump to dropped file
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-crt-locale-l1-1-0.dll			Jump to dropped file
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-core-timezone-l1-1-0.dll			Jump to dropped file
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-core-memory-l1-1-0.dll			Jump to dropped file
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI8242\_ctypes.pyd			Jump to dropped file
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-core-debug-l1-1-0.dll			Jump to dropped file
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-core-synch-l1-2-0.dll			Jump to dropped file
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-core-handle-l1-1-0.dll			Jump to dropped file
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-core-file-l1-2-0.dll			Jump to dropped file
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-core-sysinfo-l1-1-0.dll			Jump to dropped file
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-core-libraryloader-l1-1-0.dll			Jump to dropped file
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI8242\select.pyd			Jump to dropped file
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-crt-filesystem-l1-1-0.dll			Jump to dropped file
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-crt-time-l1-1-0.dll			Jump to dropped file
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-core-localization-l1-2-0.dll			Jump to dropped file
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-crt-convert-l1-1-0.dll			Jump to dropped file
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI8242\_socket.pyd			Jump to dropped file
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-core-datetime-l1-1-0.dll			Jump to dropped file
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-core-interlocked-l1-1-0.dll			Jump to dropped file
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI8242\_bz2.pyd			Jump to dropped file
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-crt-utility-l1-1-0.dll			Jump to dropped file
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-core-namedpipe-l1-1-0.dll			Jump to dropped file
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-core-synch-l1-1-0.dll			Jump to dropped file
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-core-util-l1-1-0.dll			Jump to dropped file
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI8242\libcrypto-1_1.dll			Jump to dropped file
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-core-file-l1-1-0.dll			Jump to dropped file
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-crt-heap-l1-1-0.dll			Jump to dropped file
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-core-processthreads-l1-1-0.dll			Jump to dropped file
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-core-processenvironment-l1-1-0.dll			Jump to dropped file
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-crt-process-l1-1-0.dll			Jump to dropped file
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-core-file-l2-1-0.dll			Jump to dropped file
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-core-console-l1-1-0.dll			Jump to dropped file
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-core-string-l1-1-0.dll			Jump to dropped file
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-crt-conio-l1-1-0.dll			Jump to dropped file
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI8242\_lzma.pyd			Jump to dropped file
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-core-rtlsupport-l1-1-0.dll			Jump to dropped file
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI8242\python38.dll			Jump to dropped file
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-core-heap-l1-1-0.dll			Jump to dropped file
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-crt-environment-l1-1-0.dll			Jump to dropped file
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-core-profile-l1-1-0.dll			Jump to dropped file
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-core-processthreads-l1-1-1.dll			Jump to dropped file
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI8242\_hashlib.pyd			Jump to dropped file
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-crt-stdio-l1-1-0.dll			Jump to dropped file
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI8242\unicodedata.pyd			Jump to dropped file
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-crt-string-l1-1-0.dll			Jump to dropped file

Source: C:\Users\user\Desktop\2a2d6bO44t.exe

Check user administrative privileges: GetTokenInformation,DecisionNodes

Source: C:\Users\user\Desktop\2a2d6bO44t.exe

API coverage: 1.8 %

Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 0_2_00007FF733F685A0 FindFirstFileExW,FindClose,		0_2_00007FF733F685A0
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 0_2_00007FF733F679B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,		0_2_00007FF733F679B0
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 0_2_00007FF733F80B84 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,		0_2_00007FF733F80B84
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 1_2_00007FF733F685A0 FindFirstFileExW,FindClose,		1_2_00007FF733F685A0
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 1_2_00007FF733F679B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,		1_2_00007FF733F679B0
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 1_2_00007FF733F80B84 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,		1_2_00007FF733F80B84
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 1_2_00007FFE013F3280 FindFirstFileExW,FindNextFileW,FindClose,		1_2_00007FFE013F3280
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 1_2_00007FFE013F303C FindFirstFileExW,FindNextFileW,FindClose,		1_2_00007FFE013F303C

Source: C:\Users\user\Desktop\2a2d6bO44t.exe

Code function: 1_2_00007FFE133401A4 GetSystemInfo,VirtualAlloc,

1_2_00007FFE133401A4

Anti Debugging

Source: C:\Users\user\Desktop\2a2d6bO44t.exe

Code function: 0_2_00007FF733F79924 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_00007FF733F79924

Source: C:\Users\user\Desktop\2a2d6bO44t.exe

Code function: 0_2_00007FF733F82790 GetProcessHeap,

0_2_00007FF733F82790

Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 0_2_00007FF733F6C62C SetUnhandledExceptionFilter,		0_2_00007FF733F6C62C
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 0_2_00007FF733F79924 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,		0_2_00007FF733F79924
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 0_2_00007FF733F6BBC0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,		0_2_00007FF733F6BBC0
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 0_2_00007FF733F6C44C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,		0_2_00007FF733F6C44C
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 1_2_00007FF733F6C62C SetUnhandledExceptionFilter,		1_2_00007FF733F6C62C
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 1_2_00007FF733F79924 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,		1_2_00007FF733F79924
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 1_2_00007FF733F6BBC0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,		1_2_00007FF733F6BBC0
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 1_2_00007FF733F6C44C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,		1_2_00007FF733F6C44C
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 1_2_00007FFE013CA184 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,		1_2_00007FFE013CA184
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 1_2_00007FFE013F0F20 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,		1_2_00007FFE013F0F20
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 1_2_00007FFE13336810 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,		1_2_00007FFE13336810
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 1_2_00007FFE13335DF8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,		1_2_00007FFE13335DF8
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 1_2_00007FFE133369F8 SetUnhandledExceptionFilter,		1_2_00007FFE133369F8
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 1_2_00007FFE148E5054 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,		1_2_00007FFE148E5054
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 1_2_00007FFE148E4A34 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,		1_2_00007FFE148E4A34
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: 1_2_00007FFE1A45D414 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,		1_2_00007FFE1A45D414

HIPS / PFW / Operating System Protection Evasion

Source: C:\Users\user\Desktop\2a2d6bO44t.exe

Process created: C:\Users\user\Desktop\2a2d6bO44t.exe "C:\Users\user\Desktop\2a2d6bO44t.exe"

Jump to behavior

Language, Device and Operating System Detection

Source: C:\Users\user\Desktop\2a2d6bO44t.exe

Code function: 0_2_00007FF733F88880 cpuid

0_2_00007FF733F88880

Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: EnumSystemLocalesW,		1_2_00007FFE013EF35C
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: GetPrimaryLen,EnumSystemLocalesW,		1_2_00007FFE013EF3C4
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: EnterCriticalSection,EnumSystemLocalesW,LeaveCriticalSection,		1_2_00007FFE013ED2E0
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: GetPrimaryLen,EnumSystemLocalesW,		1_2_00007FFE013EF478
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,		1_2_00007FFE013EF8C0
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: GetProcAddress,GetLocaleInfoW,		1_2_00007FFE0139DC20
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,		1_2_00007FFE013EFA48

Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI8242\ucrtbase.dll VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI8242\base_library.zip VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI8242\base_library.zip VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI8242\base_library.zip VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI8242\base_library.zip VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI8242\base_library.zip VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI8242\base_library.zip VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI8242\base_library.zip VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI8242\base_library.zip VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI8242\base_library.zip VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI8242\base_library.zip VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI8242\base_library.zip VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI8242\base_library.zip VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI8242\base_library.zip VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI8242\base_library.zip VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI8242\base_library.zip VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI8242\base_library.zip VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI8242\base_library.zip VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI8242\base_library.zip VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI8242\base_library.zip VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI8242\base_library.zip VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI8242\base_library.zip VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI8242\base_library.zip VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI8242\base_library.zip VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI8242\base_library.zip VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI8242\base_library.zip VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI8242\base_library.zip VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI8242\base_library.zip VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI8242\base_library.zip VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI8242\base_library.zip VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Queries volume information: C:\Users\user\Desktop\2a2d6bO44t.exe VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Queries volume information: C:\Users\user\Desktop\2a2d6bO44t.exe VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI8242 VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI8242 VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI8242 VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI8242 VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI8242\_ctypes.pyd VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Queries volume information: C:\Users\user\Desktop\2a2d6bO44t.exe VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI8242 VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-core-console-l1-1-0.dll VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-core-datetime-l1-1-0.dll VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-core-file-l1-2-0.dll VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-crt-convert-l1-1-0.dll VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI8242\base_library.zip VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI8242\base_library.zip VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI8242\base_library.zip VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI8242\base_library.zip VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI8242\base_library.zip VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI8242\base_library.zip VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI8242\base_library.zip VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI8242\base_library.zip VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI8242\base_library.zip VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI8242\base_library.zip VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI8242\base_library.zip VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI8242\base_library.zip VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI8242\base_library.zip VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI8242\base_library.zip VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI8242\base_library.zip VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI8242\base_library.zip VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI8242\base_library.zip VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI8242\base_library.zip VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI8242\base_library.zip VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI8242\base_library.zip VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Queries volume information: C:\Users\user\Desktop\2a2d6bO44t.exe VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Queries volume information: C:\Users\user\Desktop\2a2d6bO44t.exe VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI8242\base_library.zip VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI8242\base_library.zip VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI8242 VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Queries volume information: C:\Users\user\Desktop VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Queries volume information: C:\Users\user\Desktop\BPMLNOBVSB VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Queries volume information: C:\Users\user\Desktop\MXPXCVPDVN VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Queries volume information: C:\Users\user\Desktop\UMMBDNEQBN VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Queries volume information: C:\Users\user\Documents VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Queries volume information: C:\Users\user\Documents\DVWHKMNFNN VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Queries volume information: C:\Users\user\Pictures\Camera Roll VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Queries volume information: C:\Users\user\Pictures VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Queries volume information: C:\Users\user\Videos VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\2a2d6bO44t.exe	Queries volume information: C:\Users\user\Downloads VolumeInformation			Jump to behavior

Source: C:\Users\user\Desktop\2a2d6bO44t.exe

Code function: 0_2_00007FF733F6C330 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_00007FF733F6C330

Source: C:\Users\user\Desktop\2a2d6bO44t.exe

Code function: 0_2_00007FF733F84F10 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,

0_2_00007FF733F84F10

Source: C:\Users\user\Desktop\2a2d6bO44t.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior