Windows Analysis Report
datasett.exe

Overview

General Information

Sample name:	datasett.exe
Analysis ID:	1580468
MD5:	3a90d6fa7c4cccd6ec03eb0667807b5b
SHA1:	3c88e16a010d5b464be251107bfb17de08daa445
SHA256:	339b04f57ff45915e7eb52ec9dca9bc85375a13028ade3d310a357fb79c4e5b0
Tags:	exesolvolume-funuser-aachum
Infos:

Detection

Score:	76
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for submitted file

AI detected suspicious sample

Contains functionality to infect the boot sector

Found pyInstaller with non standard icon

Potentially malicious time measurement code found

Uses schtasks.exe or at.exe to add and modify task schedules

Binary contains a suspicious time stamp

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to communicate with device drivers

Contains functionality to dynamically determine API calls

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to retrieve information about pressed keystrokes

Contains functionality to shutdown / reboot the system

Contains functionality to simulate keystroke presses

Contains functionality to simulate mouse events

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Drops PE files

Drops files with a non-matching file extension (content does not match file extension)

Extensive use of GetProcAddress (often used to hide API calls)

Found dropped PE file which has not been started or loaded

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

IP address seen in connection with other malware

May check the online IP address of the machine

May use bcdedit to modify the Windows boot settings

PE file contains an invalid checksum

PE file contains executable resources (Code or Archives)

PE file contains more sections than normal

PE file contains sections with non-standard names

PE file does not import any functions

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Classification

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: datasett.exe

Avira: detected

Multi AV Scanner detection for submitted file

Source: datasett.exe

ReversingLabs: Detection: 34%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 99.2% probability

Uses Microsoft's Enhanced Cryptographic Provider

Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_61B21CC0 PyCMethod_New,CryptAcquireContextA,CryptAcquireContextA,CryptAcquireContextA,CryptGenRandom,CryptReleaseContext,clock,clock,clock,clock,CryptReleaseContext,	1_2_61B21CC0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_61B21CC0 PyCMethod_New,CryptAcquireContextA,CryptAcquireContextA,CryptAcquireContextA,CryptGenRandom,CryptReleaseContext,clock,clock,clock,clock,CryptReleaseContext,	6_2_61B21CC0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE013461A0 ERR_put_error,CRYPTO_free,ERR_put_error,BUF_MEM_free,EVP_MD_CTX_free,X509_free,X509_VERIFY_PARAM_move_peername,CRYPTO_free,	6_2_00007FFE013461A0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE0133E1B0 CRYPTO_THREAD_run_once,	6_2_00007FFE0133E1B0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01360160 CRYPTO_memdup,CRYPTO_memdup,CRYPTO_memdup,CRYPTO_free,CRYPTO_free,CRYPTO_free,	6_2_00007FFE01360160
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01322365 CRYPTO_free,CRYPTO_malloc,ERR_put_error,memcpy,	6_2_00007FFE01322365
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01338210 EVP_PKEY_CTX_new,EVP_PKEY_derive_init,EVP_PKEY_derive_set_peer,EVP_PKEY_derive,CRYPTO_malloc,EVP_PKEY_derive,CRYPTO_clear_free,EVP_PKEY_CTX_free,	6_2_00007FFE01338210
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE0132E220 CRYPTO_malloc,	6_2_00007FFE0132E220
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE0135A1E0 CRYPTO_memcmp,	6_2_00007FFE0135A1E0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE013361F0 CRYPTO_free,	6_2_00007FFE013361F0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE0137C080 CRYPTO_memcmp,	6_2_00007FFE0137C080
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE013240AA BIO_get_data,BIO_get_init,BIO_clear_flags,BIO_set_init,CRYPTO_free,CRYPTO_zalloc,ERR_put_error,BIO_set_init,BIO_clear_flags,BIO_get_data,BIO_set_shutdown,BIO_push,BIO_set_next,BIO_up_ref,BIO_set_init,	6_2_00007FFE013240AA
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE013360B8 CRYPTO_free,CRYPTO_strdup,	6_2_00007FFE013360B8
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE0133C070 CRYPTO_zalloc,ERR_put_error,CRYPTO_THREAD_lock_new,ERR_put_error,CRYPTO_free,	6_2_00007FFE0133C070
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01322216 CRYPTO_malloc,ERR_put_error,memcpy,CRYPTO_free,CRYPTO_free,	6_2_00007FFE01322216
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01321050 EVP_PKEY_free,BN_num_bits,BN_bn2bin,EVP_PKEY_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,CRYPTO_clear_free,CRYPTO_clear_free,	6_2_00007FFE01321050
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE013221BC _time64,CRYPTO_free,CRYPTO_malloc,EVP_sha256,EVP_Digest,EVP_MD_size,CRYPTO_free,CRYPTO_free,	6_2_00007FFE013221BC
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01321E79 CRYPTO_free,CRYPTO_malloc,	6_2_00007FFE01321E79
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE013215C8 EVP_MD_CTX_new,EVP_PKEY_size,CRYPTO_malloc,EVP_DigestSignInit,RSA_pkey_ctx_ctrl,RSA_pkey_ctx_ctrl,EVP_DigestUpdate,EVP_DigestSignFinal,EVP_DigestSign,BUF_reverse,CRYPTO_free,EVP_MD_CTX_free,CRYPTO_free,EVP_MD_CTX_free,	6_2_00007FFE013215C8
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01370350 CRYPTO_free,CRYPTO_free,CRYPTO_strndup,	6_2_00007FFE01370350
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE013222C0 CRYPTO_zalloc,CRYPTO_zalloc,OBJ_nid2sn,EVP_get_digestbyname,CRYPTO_free,CRYPTO_free,ERR_put_error,	6_2_00007FFE013222C0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01328410 CRYPTO_zalloc,ERR_put_error,	6_2_00007FFE01328410
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01321BC7 CRYPTO_strdup,CRYPTO_free,	6_2_00007FFE01321BC7
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01360430 CRYPTO_free,CRYPTO_free,	6_2_00007FFE01360430
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01321FB9 CRYPTO_free,	6_2_00007FFE01321FB9
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01321131 CRYPTO_free,	6_2_00007FFE01321131
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01380250 EVP_PKEY_get0_RSA,RSA_size,CRYPTO_malloc,RAND_priv_bytes,CRYPTO_free,	6_2_00007FFE01380250
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01321CB7 CRYPTO_clear_free,	6_2_00007FFE01321CB7
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01321523 CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,	6_2_00007FFE01321523
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01342310 CRYPTO_free,CRYPTO_free,OPENSSL_sk_pop_free,CRYPTO_free,	6_2_00007FFE01342310
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE0136833B CRYPTO_clear_free,	6_2_00007FFE0136833B
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01321B7C CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,	6_2_00007FFE01321B7C
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01321AC3 CRYPTO_malloc,ERR_put_error,CRYPTO_free,	6_2_00007FFE01321AC3
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01388570 CRYPTO_free,CRYPTO_malloc,ERR_put_error,	6_2_00007FFE01388570
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01354630 CRYPTO_THREAD_write_lock,OPENSSL_LH_retrieve,OPENSSL_LH_delete,CRYPTO_THREAD_unlock,	6_2_00007FFE01354630
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01324487 CRYPTO_zalloc,ERR_put_error,BIO_set_init,BIO_set_data,BIO_clear_flags,	6_2_00007FFE01324487
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01321F0F CRYPTO_free,	6_2_00007FFE01321F0F
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE0132135C memcpy,CRYPTO_THREAD_read_lock,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,	6_2_00007FFE0132135C
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE0135A460 CRYPTO_free,CRYPTO_memdup,	6_2_00007FFE0135A460
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01321762 ERR_put_error,CRYPTO_realloc,CRYPTO_realloc,ERR_put_error,	6_2_00007FFE01321762
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE013284C0 CRYPTO_zalloc,ERR_put_error,BUF_MEM_grow,	6_2_00007FFE013284C0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE0132240F CRYPTO_free,BIO_clear_flags,BIO_set_flags,BIO_snprintf,ERR_add_error_data,memcpy,	6_2_00007FFE0132240F
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01321F32 CRYPTO_free,CRYPTO_malloc,RAND_bytes,	6_2_00007FFE01321F32
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE0134C790 CRYPTO_zalloc,CRYPTO_zalloc,OBJ_nid2sn,EVP_get_digestbyname,CRYPTO_free,CRYPTO_free,ERR_put_error,	6_2_00007FFE0134C790
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE013727B0 EVP_CIPHER_CTX_free,EVP_MD_CTX_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,memcpy,	6_2_00007FFE013727B0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01380760 BN_bin2bn,BN_ucmp,BN_is_zero,CRYPTO_free,CRYPTO_strdup,	6_2_00007FFE01380760
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01321BDB EVP_MD_size,RAND_bytes,_time64,CRYPTO_free,CRYPTO_memdup,	6_2_00007FFE01321BDB
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE0132214E CRYPTO_free,CRYPTO_free,CRYPTO_free_ex_data,OPENSSL_LH_free,X509_STORE_free,CTLOG_STORE_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OPENSSL_sk_free,ENGINE_finish,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_secure_free,CRYPTO_THREAD_lock_free,CRYPTO_free,	6_2_00007FFE0132214E
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01321393 OPENSSL_sk_new_null,d2i_X509,CRYPTO_free,OPENSSL_sk_push,CRYPTO_free,ERR_clear_error,OPENSSL_sk_value,X509_get0_pubkey,X509_free,X509_up_ref,X509_free,OPENSSL_sk_pop_free,	6_2_00007FFE01321393
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE013787F0 CRYPTO_memcmp,	6_2_00007FFE013787F0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE0132132A CRYPTO_THREAD_read_lock,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,memset,	6_2_00007FFE0132132A
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE0135A680 EVP_PKEY_get1_tls_encodedpoint,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,	6_2_00007FFE0135A680
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01322225 CRYPTO_free,	6_2_00007FFE01322225
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE013246B0 BIO_get_data,BIO_get_shutdown,BIO_get_init,BIO_clear_flags,BIO_set_init,CRYPTO_free,	6_2_00007FFE013246B0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE0132101E CRYPTO_free,CRYPTO_free,	6_2_00007FFE0132101E
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01321C03 CRYPTO_malloc,memset,memcpy,memcpy,CRYPTO_clear_free,CRYPTO_clear_free,CRYPTO_clear_free,CRYPTO_clear_free,OPENSSL_cleanse,	6_2_00007FFE01321C03
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE013606C0 CRYPTO_memcmp,	6_2_00007FFE013606C0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01321DBB BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,CRYPTO_strdup,CRYPTO_strdup,ERR_put_error,CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,	6_2_00007FFE01321DBB
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01328980 CRYPTO_free,	6_2_00007FFE01328980
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01321FCD CRYPTO_malloc,ERR_put_error,CRYPTO_free,CRYPTO_free,CRYPTO_free,	6_2_00007FFE01321FCD
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01368947 CRYPTO_malloc,	6_2_00007FFE01368947
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01380950 OPENSSL_sk_new_null,d2i_X509,CRYPTO_free,CRYPTO_memcmp,OPENSSL_sk_push,OPENSSL_sk_num,CRYPTO_free,X509_free,OPENSSL_sk_pop_free,OPENSSL_sk_value,X509_get0_pubkey,X509_free,OPENSSL_sk_shift,OPENSSL_sk_pop_free,	6_2_00007FFE01380950
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE0134CA20 ERR_put_error,CRYPTO_realloc,CRYPTO_realloc,ERR_put_error,	6_2_00007FFE0134CA20
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE013609E0 CRYPTO_free,CRYPTO_memdup,	6_2_00007FFE013609E0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE0133A9F0 CRYPTO_THREAD_run_once,	6_2_00007FFE0133A9F0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE0133C8B0 OPENSSL_sk_num,X509_STORE_CTX_new,ERR_put_error,OPENSSL_sk_value,X509_STORE_CTX_init,ERR_put_error,X509_STORE_CTX_free,X509_STORE_CTX_set_flags,CRYPTO_THREAD_run_once,X509_STORE_CTX_set_ex_data,OPENSSL_sk_num,X509_STORE_CTX_set0_dane,X509_STORE_CTX_set_default,X509_VERIFY_PARAM_set1,X509_STORE_CTX_set_verify_cb,X509_verify_cert,X509_STORE_CTX_get_error,OPENSSL_sk_pop_free,X509_STORE_CTX_get0_chain,X509_STORE_CTX_get1_chain,ERR_put_error,X509_VERIFY_PARAM_move_peername,X509_STORE_CTX_free,	6_2_00007FFE0133C8B0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01321D5C CRYPTO_clear_free,	6_2_00007FFE01321D5C
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01322464 CRYPTO_malloc,memcpy,	6_2_00007FFE01322464
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE0134C930 CRYPTO_free,CRYPTO_free,	6_2_00007FFE0134C930
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01378BA0 CRYPTO_free,CRYPTO_memdup,	6_2_00007FFE01378BA0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01321479 CRYPTO_free,CRYPTO_free,CRYPTO_memdup,	6_2_00007FFE01321479
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE0132163B CRYPTO_free,CRYPTO_malloc,	6_2_00007FFE0132163B
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01321195 CRYPTO_malloc,ERR_put_error,memcpy,CRYPTO_free,CRYPTO_free,	6_2_00007FFE01321195
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE0136CB60 EVP_CIPHER_CTX_free,CRYPTO_free,CRYPTO_free,	6_2_00007FFE0136CB60
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01322306 CRYPTO_memcmp,memchr,CRYPTO_free,CRYPTO_free,CRYPTO_strndup,	6_2_00007FFE01322306
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01321924 BN_copy,BN_free,BN_dup,BN_copy,BN_free,BN_dup,BN_copy,BN_free,BN_dup,BN_copy,BN_free,CRYPTO_free,CRYPTO_strdup,	6_2_00007FFE01321924
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01321078 CRYPTO_free,	6_2_00007FFE01321078
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01360BD0 CRYPTO_free,CRYPTO_strndup,	6_2_00007FFE01360BD0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE0134CBE0 ERR_put_error,ERR_put_error,ERR_put_error,EVP_MD_size,ERR_put_error,ERR_put_error,ERR_put_error,CRYPTO_zalloc,CRYPTO_malloc,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_put_error,memcpy,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_insert,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_put_error,EVP_PKEY_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,d2i_X509,X509_get0_pubkey,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,X509_free,OPENSSL_sk_new_null,OPENSSL_sk_push,ERR_put_error,X509_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_put_error,ERR_put_error,	6_2_00007FFE0134CBE0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01354A90 CRYPTO_zalloc,ERR_put_error,_time64,CRYPTO_THREAD_lock_new,ERR_put_error,CRYPTO_free,CRYPTO_new_ex_data,CRYPTO_THREAD_lock_free,CRYPTO_THREAD_read_lock,CRYPTO_THREAD_read_lock,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,memset,CRYPTO_free_ex_data,OPENSSL_cleanse,OPENSSL_cleanse,X509_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_clear_free,memcpy,	6_2_00007FFE01354A90
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01358A60 CRYPTO_zalloc,CRYPTO_free,	6_2_00007FFE01358A60
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE0136AB30 EVP_PKEY_get1_tls_encodedpoint,CRYPTO_free,EVP_PKEY_free,	6_2_00007FFE0136AB30

Source: datasett.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE

Source:	Binary string: D:\_w\1\b\bin\amd64\_decimal.pdb## source: _decimal.pyd.0.dr
Source:	Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-39\Release\win32event.pdb source: datasett.exe, 00000000.00000003.1673033158.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2916641506.00007FFE11BB5000.00000002.00000001.01000000.00000016.sdmp, datasett.exe, 00000005.00000003.1727990973.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1760479789.00007FFE0C0A5000.00000002.00000001.01000000.0000002C.sdmp
Source:	Binary string: D:\_w\1\b\bin\amd64\_lzma.pdbMM source: datasett.exe, 00000000.00000003.1668275108.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2916066006.00007FFE0EB5D000.00000002.00000001.01000000.00000014.sdmp, datasett.exe, 00000005.00000003.1721207686.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1759850177.00007FFE0074D000.00000002.00000001.01000000.0000002A.sdmp, _lzma.pyd.5.dr
Source:	Binary string: D:\_w\1\b\bin\amd64\select.pdb source: datasett.exe, 00000000.00000003.1672434725.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2917570393.00007FFE148E4000.00000002.00000001.01000000.0000000A.sdmp, datasett.exe, 00000005.00000003.1727282533.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1761926164.00007FFE11074000.00000002.00000001.01000000.00000020.sdmp, select.pyd.5.dr, select.pyd.0.dr
Source:	Binary string: D:\_w\1\b\bin\amd64\_uuid.pdb source: datasett.exe, 00000000.00000003.1668777531.000002CBEB845000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2917028198.00007FFE120C3000.00000002.00000001.01000000.00000015.sdmp, datasett.exe, 00000005.00000003.1722333278.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1760668819.00007FFE0CF83000.00000002.00000001.01000000.0000002B.sdmp, _uuid.pyd.0.dr
Source:	Binary string: MSTTSLoc.pdbGCTL source: MSTTSLoc.dll.0.dr
Source:	Binary string: D:\_w\1\b\libssl-1_1.pdb source: datasett.exe, 00000001.00000002.2915687874.00007FFE01445000.00000002.00000001.01000000.0000000D.sdmp, datasett.exe, 00000006.00000002.1760119655.00007FFE01395000.00000002.00000001.01000000.00000023.sdmp
Source:	Binary string: D:\_w\1\b\bin\amd64\_bz2.pdb source: datasett.exe, 00000000.00000003.1667482511.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2916312250.00007FFE1030E000.00000002.00000001.01000000.00000013.sdmp, datasett.exe, 00000005.00000003.1716730085.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1760283252.00007FFE014CE000.00000002.00000001.01000000.00000029.sdmp
Source:	Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: datasett.exe, 00000001.00000002.2914870560.00007FFDFB20F000.00000002.00000001.01000000.0000000C.sdmp, datasett.exe, 00000006.00000002.1758697606.00007FFDFA91F000.00000002.00000001.01000000.00000022.sdmp
Source:	Binary string: SpeechUX.pdb source: SpeechUX.dll.5.dr
Source:	Binary string: D:\_w\1\b\bin\amd64\_queue.pdb source: datasett.exe, 00000000.00000003.1668412980.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2917339362.00007FFE130C3000.00000002.00000001.01000000.0000000F.sdmp, datasett.exe, 00000005.00000003.1721765801.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1761741700.00007FFE10233000.00000002.00000001.01000000.00000025.sdmp
Source:	Binary string: D:\_w\1\b\bin\amd64\_ssl.pdb source: datasett.exe, 00000001.00000002.2916407431.00007FFE1150D000.00000002.00000001.01000000.0000000B.sdmp, datasett.exe, 00000006.00000002.1760767373.00007FFE0CF9D000.00000002.00000001.01000000.00000021.sdmp, _ssl.pyd.5.dr
Source:	Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-39\Release\win32api.pdb!! source: datasett.exe, 00000001.00000002.2915837657.00007FFE0E143000.00000002.00000001.01000000.00000019.sdmp, datasett.exe, 00000006.00000002.1759648415.00007FFE00183000.00000002.00000001.01000000.0000002F.sdmp, win32api.pyd.0.dr, win32api.pyd.5.dr
Source:	Binary string: D:\_w\1\b\bin\amd64\_hashlib.pdb source: datasett.exe, 00000000.00000003.1668128706.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2916749884.00007FFE11EA7000.00000002.00000001.01000000.0000000E.sdmp, datasett.exe, 00000005.00000003.1720689626.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1760572192.00007FFE0C0B7000.00000002.00000001.01000000.00000024.sdmp
Source:	Binary string: SpTip.pdbGCTL source: datasett.exe, 00000000.00000003.1675507745.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1730534935.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\a01\_work\4\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: datasett.exe, 00000000.00000003.1667361976.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2916545747.00007FFE117E5000.00000002.00000001.01000000.00000018.sdmp, datasett.exe, 00000005.00000003.1716634961.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1760381109.00007FFE0B2C5000.00000002.00000001.01000000.0000002E.sdmp
Source:	Binary string: D:\_w\1\b\bin\amd64\_lzma.pdb source: datasett.exe, 00000000.00000003.1668275108.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2916066006.00007FFE0EB5D000.00000002.00000001.01000000.00000014.sdmp, datasett.exe, 00000005.00000003.1721207686.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1759850177.00007FFE0074D000.00000002.00000001.01000000.0000002A.sdmp, _lzma.pyd.5.dr
Source:	Binary string: in32event.pdb source: datasett.exe
Source:	Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1n 15 Mar 2022built on: Tue Mar 15 18:32:50 2022 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: datasett.exe, 00000001.00000002.2914870560.00007FFDFB20F000.00000002.00000001.01000000.0000000C.sdmp, datasett.exe, 00000006.00000002.1758697606.00007FFDFA91F000.00000002.00000001.01000000.00000022.sdmp
Source:	Binary string: d:\a01\_work\4\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: datasett.exe, 00000000.00000003.1667214039.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2917766399.00007FFE1A481000.00000002.00000001.01000000.00000005.sdmp, datasett.exe, 00000005.00000003.1716510320.000001D3521D3000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1761534002.00007FFE101E1000.00000002.00000001.01000000.0000001B.sdmp
Source:	Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-39\Release\pywintypes.pdb** source: datasett.exe, 00000001.00000002.2915941722.00007FFE0E170000.00000002.00000001.01000000.00000017.sdmp, datasett.exe, 00000006.00000002.1759754239.00007FFE001B0000.00000002.00000001.01000000.0000002D.sdmp
Source:	Binary string: SpeechUX.pdbGCTL source: SpeechUX.dll.5.dr
Source:	Binary string: MSTTSLoc.pdb source: MSTTSLoc.dll.0.dr
Source:	Binary string: D:\_w\1\b\bin\amd64\_ctypes.pdb source: datasett.exe, 00000001.00000002.2916894677.00007FFE11ED1000.00000002.00000001.01000000.00000006.sdmp, datasett.exe, 00000006.00000002.1760911705.00007FFE0CFD1000.00000002.00000001.01000000.0000001C.sdmp, _ctypes.pyd.5.dr
Source:	Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-39\Release\win32api.pdb source: datasett.exe, 00000001.00000002.2915837657.00007FFE0E143000.00000002.00000001.01000000.00000019.sdmp, datasett.exe, 00000006.00000002.1759648415.00007FFE00183000.00000002.00000001.01000000.0000002F.sdmp, win32api.pyd.0.dr, win32api.pyd.5.dr
Source:	Binary string: D:\_w\1\b\libssl-1_1.pdb@@ source: datasett.exe, 00000001.00000002.2915687874.00007FFE01445000.00000002.00000001.01000000.0000000D.sdmp, datasett.exe, 00000006.00000002.1760119655.00007FFE01395000.00000002.00000001.01000000.00000023.sdmp
Source:	Binary string: SpeechUXPS.pdbGCTL source: datasett.exe, 00000000.00000003.1676047096.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1731666439.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\_w\1\b\bin\amd64\_socket.pdb source: datasett.exe, 00000000.00000003.1668493540.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2917454297.00007FFE13309000.00000002.00000001.01000000.00000009.sdmp, datasett.exe, 00000005.00000003.1721954880.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1761102081.00007FFE0EB29000.00000002.00000001.01000000.0000001F.sdmp, _socket.pyd.5.dr, _socket.pyd.0.dr
Source:	Binary string: SpTip.pdb source: datasett.exe, 00000000.00000003.1675507745.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1730534935.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-39\Release\pywintypes.pdb source: datasett.exe, 00000001.00000002.2915941722.00007FFE0E170000.00000002.00000001.01000000.00000017.sdmp, datasett.exe, 00000006.00000002.1759754239.00007FFE001B0000.00000002.00000001.01000000.0000002D.sdmp
Source:	Binary string: D:\_w\1\b\bin\amd64\_decimal.pdb source: _decimal.pyd.0.dr
Source:	Binary string: D:\_w\1\b\bin\amd64\unicodedata.pdb source: datasett.exe, 00000000.00000003.1672614789.000002CBEB84F000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2914286336.00007FFDFAFAB000.00000002.00000001.01000000.00000012.sdmp, datasett.exe, 00000005.00000003.1727515209.000001D3521DE000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1759427402.00007FFDFBABB000.00000002.00000001.01000000.00000028.sdmp
Source:	Binary string: D:\_w\1\b\bin\amd64\python39.pdb source: datasett.exe, 00000001.00000002.2915271158.00007FFDFB643000.00000002.00000001.01000000.00000004.sdmp, datasett.exe, 00000006.00000002.1759072943.00007FFDFAD53000.00000002.00000001.01000000.0000001A.sdmp
Source:	Binary string: SpeechUXPS.pdb source: datasett.exe, 00000000.00000003.1676047096.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1731666439.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\_w\1\b\libcrypto-1_1.pdb source: datasett.exe, 00000001.00000002.2914870560.00007FFDFB291000.00000002.00000001.01000000.0000000C.sdmp, datasett.exe, 00000006.00000002.1758697606.00007FFDFA9A1000.00000002.00000001.01000000.00000022.sdmp

Source: C:\Users\user\Desktop\datasett.exe	Code function: 0_2_00007FF7996909B4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,	0_2_00007FF7996909B4
Source: C:\Users\user\Desktop\datasett.exe	Code function: 0_2_00007FF799686714 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,	0_2_00007FF799686714
Source: C:\Users\user\Desktop\datasett.exe	Code function: 0_2_00007FF799686714 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,	0_2_00007FF799686714
Source: C:\Users\user\Desktop\datasett.exe	Code function: 0_2_00007FF799677820 FindFirstFileExW,FindClose,	0_2_00007FF799677820
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FF7996909B4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,	1_2_00007FF7996909B4
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FF799686714 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,	1_2_00007FF799686714
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FF799686714 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,	1_2_00007FF799686714
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FF799677820 FindFirstFileExW,FindClose,	1_2_00007FF799677820
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D3229 _errno,malloc,_errno,memset,MultiByteToWideChar,GetLastError,MultiByteToWideChar,MultiByteToWideChar,free,_errno,FindFirstFileW,_errno,FindNextFileW,WideCharToMultiByte,	6_2_00007FFDFA6D3229
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE00173740 _PyArg_ParseTuple_SizeT,?PyWinObject_AsWCHAR@@YAHPEAU_object@@PEAPEA_WHPEAK@Z,PyList_New,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,FindFirstFileW,GetLastError,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,?PyObject_FromWIN32_FIND_DATAW@@YAPEAU_object@@PEAU_WIN32_FIND_DATAW@@@Z,PyList_Append,_Py_Dealloc,FindNextFileW,GetLastError,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,FindClose,_Py_Dealloc,	6_2_00007FFE00173740

Source: C:\Users\user\Desktop\datasett.exe

Code function: 6_2_00007FFE001755D0 _PyArg_ParseTuple_SizeT,GetLogicalDriveStringsW,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,GetLogicalDriveStringsW,?PyWinObject_FromOLECHAR@@YAPEAU_object@@PEB_W_J@Z,

6_2_00007FFE001755D0

IP address seen in connection with other malware

Source: Joe Sandbox View

IP Address: 104.26.3.46 104.26.3.46

May check the online IP address of the machine

Source: unknown

DNS query: name: iplogger.org

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: C:\Users\user\Desktop\datasett.exe

Code function: 1_2_61B13000 WSAStartup,gethostbyname,socket,setsockopt,setsockopt,setsockopt,htons,sendto,sendto,recvfrom,recvfrom,ntohl,ntohl,ntohl,closesocket,WSACleanup,WSAGetLastError,closesocket,WSACleanup,SetLastError,WSAGetLastError,WSACleanup,SetLastError,

1_2_61B13000

Source: global traffic

DNS traffic detected: DNS query: iplogger.org

Source: datasett.exe, 00000001.00000002.2913572705.000001CA11710000.00000004.00001000.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1746646839.0000028850A1F000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1757882425.0000028850D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://.../back.jpeg
Source: datasett.exe, 00000000.00000003.1667992268.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668777531.000002CBEB852000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672614789.000002CBEB84F000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668412980.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1671352104.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668493540.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1667482511.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668598107.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668275108.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672434725.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1670119905.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668128706.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668412980.000002CBEB851000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669320414.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1667583401.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669320414.000002CBEB852000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672614789.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669998758.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668777531.000002CBEB845000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1725566995.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1724313754.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: datasett.exe, 00000000.00000003.1669998758.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1724156433.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: datasett.exe, 00000000.00000003.1667992268.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668777531.000002CBEB852000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672614789.000002CBEB84F000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668412980.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1671352104.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668493540.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1667482511.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668598107.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668275108.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672434725.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1670119905.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668128706.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668412980.000002CBEB851000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669320414.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1667583401.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669320414.000002CBEB852000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672614789.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668777531.000002CBEB845000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1725566995.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1724313754.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1723056484.000001D3521E2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: datasett.exe, 00000000.00000003.1667992268.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668412980.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1671352104.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668493540.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1667482511.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668598107.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668275108.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672434725.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1670119905.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668128706.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669320414.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1667583401.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669320414.000002CBEB852000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672614789.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668777531.000002CBEB845000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1725566995.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1724313754.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1723056484.000001D3521E2000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1716730085.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1718158484.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1727515209.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: datasett.exe, 00000000.00000003.1667992268.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668412980.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1671352104.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668493540.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1667482511.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668598107.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668275108.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672434725.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1670119905.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668128706.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1667583401.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669320414.000002CBEB852000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672614789.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672434725.000002CBEB855000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668777531.000002CBEB845000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1725566995.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1724313754.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1723056484.000001D3521E2000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1727282533.000001D3521E4000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1716730085.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1718158484.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: datasett.exe, 00000001.00000002.2912643746.000001CA10F31000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2913343331.000001CA113D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.certigna.fr/certignarootca.crl01
Source: datasett.exe, 00000001.00000002.2912355486.000001CA10AE3000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2913343331.000001CA113A0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: datasett.exe, 00000001.00000002.2912643746.000001CA10F31000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl
Source: datasett.exe, 00000001.00000002.2913343331.000001CA113D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl
Source: datasett.exe, 00000001.00000002.2913343331.000001CA113D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl$hxw
Source: datasett.exe, 00000001.00000002.2912643746.000001CA10F31000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl0
Source: datasett.exe, 00000001.00000002.2912355486.000001CA10A40000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/SGCA.crl
Source: datasett.exe, 00000001.00000002.2912643746.000001CA10D90000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/SGCA.crl0
Source: datasett.exe, 00000001.00000002.2912355486.000001CA10A40000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/STCA.crl
Source: datasett.exe, 00000001.00000002.2912643746.000001CA10D90000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/STCA.crl0
Source: datasett.exe, 00000000.00000003.1669998758.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1724156433.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: datasett.exe, 00000001.00000002.2912355486.000001CA10A40000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl
Source: datasett.exe, 00000001.00000002.2912643746.000001CA10F31000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
Source: datasett.exe, 00000001.00000002.2912355486.000001CA10A40000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crlerr
Source: datasett.exe, 00000000.00000003.1669998758.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1724156433.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: datasett.exe, 00000000.00000003.1667992268.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668777531.000002CBEB852000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672614789.000002CBEB84F000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668412980.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1671352104.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668493540.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1667482511.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668598107.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668275108.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672434725.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1670119905.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668128706.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668412980.000002CBEB851000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669320414.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1667583401.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669320414.000002CBEB852000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672614789.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668777531.000002CBEB845000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1725566995.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1724313754.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1723056484.000001D3521E2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: datasett.exe, 00000000.00000003.1667992268.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668412980.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1671352104.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668493540.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1667482511.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668598107.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668275108.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672434725.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1670119905.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668128706.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669320414.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1667583401.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669320414.000002CBEB852000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672614789.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672434725.000002CBEB855000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668777531.000002CBEB845000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1725566995.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1724313754.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1723056484.000001D3521E2000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1727282533.000001D3521E4000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1716730085.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: datasett.exe, 00000000.00000003.1667992268.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668412980.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1671352104.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668493540.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1667482511.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668598107.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668275108.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672434725.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1670119905.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668128706.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1667583401.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669320414.000002CBEB852000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672614789.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672434725.000002CBEB855000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668777531.000002CBEB845000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1725566995.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1724313754.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1723056484.000001D3521E2000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1727282533.000001D3521E4000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1716730085.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1718158484.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: datasett.exe, 00000000.00000003.1669998758.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1724156433.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: datasett.exe, 00000000.00000003.1667992268.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668777531.000002CBEB852000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672614789.000002CBEB84F000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668412980.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1671352104.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668493540.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1667482511.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668598107.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668275108.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672434725.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1670119905.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668128706.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668412980.000002CBEB851000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669320414.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1667583401.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669320414.000002CBEB852000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672614789.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668777531.000002CBEB845000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1725566995.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1724313754.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1723056484.000001D3521E2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: datasett.exe, 00000000.00000003.1667992268.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668777531.000002CBEB852000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672614789.000002CBEB84F000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668412980.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1671352104.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668493540.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1667482511.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668598107.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668275108.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672434725.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1670119905.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668128706.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668412980.000002CBEB851000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669320414.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1667583401.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669320414.000002CBEB852000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672614789.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669998758.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668777531.000002CBEB845000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1725566995.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1724313754.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: datasett.exe, 00000000.00000003.1668275108.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1721207686.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSign
Source: datasett.exe, 00000000.00000003.1667992268.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1671352104.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668493540.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1667482511.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668598107.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672434725.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1670119905.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668128706.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669320414.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1667583401.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669320414.000002CBEB852000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672614789.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672434725.000002CBEB855000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668777531.000002CBEB845000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1725566995.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1724313754.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1723056484.000001D3521E2000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1727282533.000001D3521E4000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1716730085.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1718158484.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1727515209.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: datasett.exe, 00000000.00000003.1669998758.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1724156433.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: datasett.exe, 00000000.00000003.1667992268.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668777531.000002CBEB852000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672614789.000002CBEB84F000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668412980.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1671352104.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668493540.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1667482511.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668598107.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668275108.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672434725.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1670119905.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668128706.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668412980.000002CBEB851000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669320414.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1667583401.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669320414.000002CBEB852000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672614789.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668777531.000002CBEB845000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1725566995.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1724313754.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1723056484.000001D3521E2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: datasett.exe, 00000001.00000002.2913296015.000001CA112C0000.00000004.00001000.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1757849481.0000028850CE0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://curl.haxx.se/rfc/cookie_spec.html
Source: datasett.exe, 00000001.00000002.2912643746.000001CA10D90000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1755830091.000002884E312000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1753785930.000002884E30E000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1753458207.000002884E30D000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1754788827.000002884E311000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://google.com/
Source: datasett.exe, 00000001.00000002.2912355486.000001CA10AE3000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1757216796.00000288508C0000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752290953.00000288508BE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://google.com/mail/
Source: datasett.exe, 00000001.00000002.2912355486.000001CA10AE3000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2912643746.000001CA10D90000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1755081662.0000028850539000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1746858969.00000288504DD000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1755383513.0000028850539000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1753649523.000002885088E000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1756677827.0000028850539000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752944599.0000028850874000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752759804.0000028850537000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535
Source: datasett.exe, 00000006.00000003.1754572349.00000288508EB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://json.org
Source: datasett.exe, 00000001.00000002.2913343331.000001CA113D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.accv.es
Source: datasett.exe, 00000001.00000002.2913343331.000001CA113D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.accv.es0
Source: datasett.exe, 00000001.00000002.2913343331.000001CA113D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.accv.ese
Source: datasett.exe, 00000000.00000003.1670119905.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1724313754.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digi
Source: datasett.exe, 00000000.00000003.1667992268.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668412980.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1671352104.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668493540.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1667482511.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668598107.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668275108.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672434725.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1670119905.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668128706.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669320414.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1667583401.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669320414.000002CBEB852000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672614789.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668777531.000002CBEB845000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1725566995.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1724313754.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1723056484.000001D3521E2000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1716730085.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1718158484.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1727515209.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: datasett.exe, 00000000.00000003.1667992268.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668412980.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1671352104.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668493540.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1667482511.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668598107.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668275108.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672434725.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1670119905.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668128706.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1667583401.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669320414.000002CBEB852000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672614789.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672434725.000002CBEB855000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668777531.000002CBEB845000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1725566995.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1724313754.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1723056484.000001D3521E2000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1727282533.000001D3521E4000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1716730085.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1718158484.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0A
Source: datasett.exe, 00000000.00000003.1667992268.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668777531.000002CBEB852000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672614789.000002CBEB84F000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668412980.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1671352104.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668493540.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1667482511.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668598107.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668275108.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672434725.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1670119905.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668128706.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668412980.000002CBEB851000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669320414.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1667583401.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669320414.000002CBEB852000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672614789.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669998758.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668777531.000002CBEB845000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1725566995.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1724313754.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0C
Source: datasett.exe, 00000000.00000003.1669998758.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1724156433.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0N
Source: datasett.exe, 00000000.00000003.1667992268.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668777531.000002CBEB852000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672614789.000002CBEB84F000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668412980.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1671352104.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668493540.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1667482511.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668598107.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668275108.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672434725.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1670119905.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668128706.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668412980.000002CBEB851000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669320414.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1667583401.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669320414.000002CBEB852000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672614789.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668777531.000002CBEB845000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1725566995.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1724313754.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1723056484.000001D3521E2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0O
Source: datasett.exe, 00000000.00000003.1670119905.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1724313754.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digif
Source: datasett.exe, 00000000.00000003.1669998758.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1724156433.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.thawte.com0
Source: datasett.exe, 00000001.00000002.2912643746.000001CA10F31000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2912643746.000001CA10E85000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://repository.swisssign.com/
Source: datasett.exe, 00000001.00000002.2912643746.000001CA10E85000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://repository.swisssign.com/a
Source: datasett.exe, 00000001.00000002.2913193358.000001CA111D0000.00000004.00001000.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1757764425.0000028850BF0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://tools.ietf.org/html/rfc6125#section-6.4.3
Source: datasett.exe, 00000000.00000003.1669998758.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1724156433.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: datasett.exe, 00000000.00000003.1669998758.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1724156433.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: datasett.exe, 00000000.00000003.1669998758.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1724156433.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: datasett.exe, 00000001.00000002.2913343331.000001CA113D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
Source: datasett.exe, 00000001.00000002.2912355486.000001CA10AE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl
Source: datasett.exe, 00000001.00000002.2913343331.000001CA113D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
Source: datasett.exe, 00000001.00000002.2913343331.000001CA113D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/legislacion_c.htm
Source: datasett.exe, 00000001.00000002.2913343331.000001CA113D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/legislacion_c.htm0U
Source: datasett.exe, 00000001.00000002.2913343331.000001CA113D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/legislacion_c.htm9hxj
Source: datasett.exe, 00000001.00000002.2913343331.000001CA113D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es00
Source: datasett.exe, 00000001.00000002.2912643746.000001CA10F31000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2913343331.000001CA113D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.cert.fnmt.es/dpcs/
Source: datasett.exe, 00000001.00000002.2912643746.000001CA10F31000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.cert.fnmt.es/dpcs/A
Source: datasett.exe, 00000000.00000003.1667992268.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668777531.000002CBEB852000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672614789.000002CBEB84F000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668412980.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1671352104.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668493540.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1667482511.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668598107.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668275108.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672434725.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1670119905.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668128706.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668412980.000002CBEB851000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669320414.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1667583401.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669320414.000002CBEB852000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672614789.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668777531.000002CBEB845000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1725566995.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1724313754.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1723056484.000001D3521E2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.digicert.com/CPS0
Source: datasett.exe, 00000001.00000002.2911883602.000001CA0EA2E000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2913343331.000001CA113D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.firmaprofesional.com/cps0
Source: datasett.exe, 00000001.00000002.2911883602.000001CA0EA2E000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1755318713.0000028850540000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1746858969.00000288504DD000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1756677827.0000028850541000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1753339807.000002885053F000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752759804.0000028850537000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6
Source: datasett.exe, 00000001.00000002.2912643746.000001CA10F31000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.quovadisglobal.com/cps
Source: datasett.exe, 00000001.00000002.2912643746.000001CA10F31000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.quovadisglobal.com/cps0
Source: datasett.exe, 00000006.00000003.1754037534.0000028850461000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1754075017.0000028850465000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1754502410.000002885046D000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1754328484.0000028850466000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1756488404.0000028850470000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.robotstxt.org/norobots-rfc.txt
Source: datasett.exe, 00000001.00000002.2913343331.000001CA113A0000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1757339264.0000028850934000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752290953.0000028850924000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1753139716.0000028850932000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1755344880.0000028850934000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1751520665.0000028850915000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://wwwsearch.sf.net/):
Source: datasett.exe, 00000001.00000002.2912481776.000001CA10B80000.00000004.00001000.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1756812067.00000288505A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.ipify.org?format=json
Source: datasett.exe, 00000001.00000002.2912481776.000001CA10B80000.00000004.00001000.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1756812067.00000288505A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.telegram.org/bot
Source: datasett.exe, 00000001.00000002.2913023346.000001CA11070000.00000004.00001000.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1757610535.0000028850A90000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://foss.heptapod.net/pypy/pypy/-/issues/3539
Source: datasett.exe, 00000001.00000002.2912643746.000001CA10D90000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1757421956.0000028850946000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1751322552.000002885095E000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752290953.0000028850944000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752786045.0000028850945000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1753256581.0000028850946000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Ousret/charset_normalizer
Source: datasett.exe, 00000001.00000003.1685920181.000001CA0EAB7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1684134076.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680524631.000001CA0EAA9000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680369460.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1683770842.000001CA0EAA9000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680369460.000001CA0EAA9000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680315220.000001CA0EADF000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1683979233.000001CA0EAA9000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680192150.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2911883602.000001CA0EA2E000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1684134076.000001CA0EAA9000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680524631.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1683770842.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680684974.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680328707.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1683979233.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2912355486.000001CA10A40000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1683478506.000001CA0EAA9000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680684974.000001CA0EAA9000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1683478506.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1754037534.0000028850461000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
Source: datasett.exe, datasett.exe, 00000006.00000002.1759792495.00007FFE001C1000.00000002.00000001.01000000.0000002D.sdmp, datasett.exe, 00000006.00000002.1760517859.00007FFE0C0A9000.00000002.00000001.01000000.0000002C.sdmp, datasett.exe, 00000006.00000002.1759686551.00007FFE00191000.00000002.00000001.01000000.0000002F.sdmp, win32api.pyd.0.dr, win32api.pyd.5.dr	String found in binary or memory: https://github.com/mhammond/pywin32
Source: datasett.exe, 00000001.00000003.1685920181.000001CA0EAB7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1684134076.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680369460.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680192150.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680524631.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1683770842.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680684974.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2912089151.000001CA102F0000.00000004.00001000.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680328707.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1683979233.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1683478506.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1756225617.0000028850060000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
Source: datasett.exe, 00000006.00000003.1754601960.000002884E349000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
Source: datasett.exe, 00000001.00000003.1685920181.000001CA0EAB7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1684134076.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680524631.000001CA0EAA9000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680369460.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1683770842.000001CA0EAA9000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680369460.000001CA0EAA9000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680315220.000001CA0EADF000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1683979233.000001CA0EAA9000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680192150.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2911883602.000001CA0EA2E000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1684134076.000001CA0EAA9000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680524631.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1683770842.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680684974.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680328707.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1683979233.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2912355486.000001CA10A40000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1683478506.000001CA0EAA9000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680684974.000001CA0EAA9000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1683478506.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1754037534.0000028850461000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
Source: datasett.exe, 00000001.00000003.1685920181.000001CA0EAB7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1684134076.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680524631.000001CA0EAA9000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680369460.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1683770842.000001CA0EAA9000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680369460.000001CA0EAA9000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680315220.000001CA0EADF000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1683979233.000001CA0EAA9000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680192150.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2911883602.000001CA0EA2E000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1684134076.000001CA0EAA9000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680524631.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1683770842.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680684974.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680328707.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1683979233.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2912355486.000001CA10A40000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1683478506.000001CA0EAA9000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680684974.000001CA0EAA9000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1683478506.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1754037534.0000028850461000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
Source: datasett.exe, 00000001.00000002.2913023346.000001CA11070000.00000004.00001000.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1757610535.0000028850A90000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963
Source: datasett.exe, 00000001.00000002.2911883602.000001CA0EA2E000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1754014840.00000288508C6000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752290953.00000288508BE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.
Source: datasett.exe, 00000001.00000002.2913229256.000001CA11220000.00000004.00001000.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1757421956.0000028850946000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752290953.0000028850944000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1751322552.0000028850955000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752786045.0000028850945000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1753256581.0000028850946000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1757792500.0000028850C40000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/urllib3/urllib3/issues/2920
Source: datasett.exe, 00000006.00000002.1757792500.0000028850C40000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/urllib3/urllib3/issues/2920p
Source: datasett.exe, 00000006.00000003.1753256581.0000028850946000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752439883.000002884E347000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752290953.00000288508BE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://google.com/
Source: datasett.exe, 00000001.00000002.2912355486.000001CA10AE3000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2912643746.000001CA10D90000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1757421956.0000028850946000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1755060297.00000288508C7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1751322552.0000028850944000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752290953.0000028850944000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1751322552.0000028850955000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1754014840.00000288508C6000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752786045.0000028850945000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1753256581.0000028850946000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752290953.00000288508BE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://google.com/mail
Source: datasett.exe, 00000006.00000003.1754433045.000002884E3C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://google.com/mail/
Source: datasett.exe, 00000001.00000002.2912643746.000001CA10D90000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752494608.00000288508E2000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1754249502.00000288508EB000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752863410.00000288508EA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752290953.00000288508BE000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1754770494.00000288508F6000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1754572349.00000288508EB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/
Source: datasett.exe, 00000006.00000003.1752439883.000002884E347000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://httpbin.org/
Source: datasett.exe, 00000006.00000002.1758008992.0000028850DD0000.00000004.00001000.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1756488404.0000028850470000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752290953.00000288508BE000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752999911.00000288504DD000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1754572349.00000288508EB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://httpbin.org/get
Source: datasett.exe, 00000001.00000002.2911883602.000001CA0EA2E000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1755865343.000002884E32B000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1753742679.000002884E325000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1754885711.000002884E32A000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1753458207.000002884E30D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://httpbin.org/post
Source: datasett.exe, 00000001.00000002.2912481776.000001CA10B80000.00000004.00001000.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1756812067.00000288505A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://ipinfo.io/
Source: datasett.exe, 00000001.00000002.2912481776.000001CA10B80000.00000004.00001000.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1756812067.00000288505A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://iplogger.org/Drop8VbLink
Source: datasett.exe, 00000006.00000002.1756885684.00000288505F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://iplogger.org/Drop8otstuk
Source: datasett.exe, 00000001.00000003.1685920181.000001CA0EAB7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1686004054.000001CA0EAF2000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2912355486.000001CA10A40000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752494608.00000288508E2000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1754249502.00000288508EB000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752863410.00000288508EA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1754753546.00000288508FE000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1743252369.000002884E3C0000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752290953.00000288508BE000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1743133519.000002884E3BC000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1754572349.00000288508EB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mahler:8092/site-updates.py
Source: datasett.exe, 00000001.00000002.2912481776.000001CA10B80000.00000004.00001000.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1756812067.00000288505A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://pastebin.com/raw/C1vS7y2X
Source: datasett.exe, 00000001.00000002.2912481776.000001CA10B80000.00000004.00001000.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1756812067.00000288505A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://pastebin.com/raw/fn5bRN1F
Source: datasett.exe, 00000001.00000002.2912481776.000001CA10B80000.00000004.00001000.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1756812067.00000288505A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://pastebin.com/raw/uUbM2VAB
Source: datasett.exe, 00000001.00000002.2912481776.000001CA10B80000.00000004.00001000.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1756812067.00000288505A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://pastebin.com/raw/uUbM2VAB__path__
Source: datasett.exe, 00000006.00000002.1759072943.00007FFDFAD53000.00000002.00000001.01000000.0000001A.sdmp	String found in binary or memory: https://python.org/dev/peps/pep-0263/
Source: datasett.exe, 00000006.00000002.1758039593.0000028850E10000.00000004.00001000.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1755865343.000002884E32B000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1753742679.000002884E325000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1754885711.000002884E32A000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1753458207.000002884E30D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://requests.readthedocs.io
Source: datasett.exe, 00000001.00000002.2911883602.000001CA0EA2E000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1753093881.000002884E39C000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752439883.000002884E347000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1753503603.000002884E3A2000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1753676136.000002884E3AE000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1756028776.000002884E3B3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc2388#section-4.4
Source: datasett.exe, 00000001.00000002.2912355486.000001CA10AE3000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2912643746.000001CA10D90000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1757421956.0000028850946000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1751322552.0000028850944000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1753093881.000002884E39C000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752290953.0000028850944000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1751322552.0000028850955000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752786045.0000028850945000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1753256581.0000028850946000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752439883.000002884E347000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://twitter.com/
Source: datasett.exe, 00000001.00000002.2913193358.000001CA111D0000.00000004.00001000.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1757764425.0000028850BF0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxy
Source: datasett.exe, 00000001.00000002.2913158600.000001CA11190000.00000004.00001000.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1757734662.0000028850BB0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings
Source: datasett.exe, 00000001.00000002.2913158600.000001CA11190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warningspf
Source: datasett.exe, 00000000.00000003.1667992268.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668777531.000002CBEB852000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672614789.000002CBEB84F000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668412980.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1671352104.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668493540.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1667482511.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668598107.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668275108.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672434725.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1670119905.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668128706.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668412980.000002CBEB851000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669320414.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1667583401.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669320414.000002CBEB852000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672614789.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669998758.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668777531.000002CBEB845000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1725566995.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1724313754.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.digicert.com/CPS0
Source: datasett.exe, 00000000.00000003.1670119905.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2915055494.00007FFDFB307000.00000002.00000001.01000000.0000000C.sdmp, datasett.exe, 00000001.00000002.2915732229.00007FFE0147A000.00000002.00000001.01000000.0000000D.sdmp, datasett.exe, 00000005.00000003.1724313754.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1758860580.00007FFDFAA17000.00000002.00000001.01000000.00000022.sdmp, datasett.exe, 00000006.00000002.1760185978.00007FFE013CA000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: https://www.openssl.org/H
Source: datasett.exe, 00000001.00000002.2911883602.000001CA0EA2E000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1755865343.000002884E32B000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1753742679.000002884E325000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1754885711.000002884E32A000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1753458207.000002884E30D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.python.org
Source: datasett.exe, 00000001.00000003.1685920181.000001CA0EAB7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1686004054.000001CA0EAF2000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2912355486.000001CA10A40000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752494608.00000288508E2000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1754249502.00000288508EB000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752863410.00000288508EA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1754753546.00000288508FE000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1743252369.000002884E3C0000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752290953.00000288508BE000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1743133519.000002884E3BC000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1754572349.00000288508EB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.python.org/
Source: datasett.exe, 00000000.00000003.1678160567.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2912516810.000001CA10BD0000.00000004.00001000.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1736245775.000001D3521D8000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1756885684.00000288505F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.python.org/dev/peps/pep-0205/
Source: datasett.exe, 00000001.00000003.1684836609.000001CA0EAF8000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2912253685.000001CA10880000.00000004.00001000.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1684777469.000001CA0EAEC000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1684695963.000001CA0EAEC000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1684754877.000001CA0EAF8000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1742795678.000002884E3B6000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1756347653.00000288502A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.python.org/download/releases/2.3/mro/.
Source: datasett.exe, 00000001.00000002.2913343331.000001CA113D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wwww.certigna.fr/autorites/
Source: datasett.exe, 00000001.00000002.2912643746.000001CA10F31000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2913343331.000001CA113D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wwww.certigna.fr/autorites/0m
Source: datasett.exe, 00000001.00000002.2912355486.000001CA10AE3000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2912643746.000001CA10D90000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1757421956.0000028850946000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1755060297.00000288508C7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1751322552.0000028850944000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752290953.0000028850944000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1751322552.0000028850955000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1754014840.00000288508C6000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752786045.0000028850945000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1753256581.0000028850946000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752290953.00000288508BE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://yahoo.com/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443

Contains functionality to retrieve information about pressed keystrokes

Source: C:\Users\user\Desktop\datasett.exe

Code function: 6_2_00007FFE00175140 _PyArg_ParseTuple_SizeT,PyEval_SaveThread,GetKeyboardState,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,PyBytes_FromStringAndSize,

6_2_00007FFE00175140

Contains functionality to call native functions

Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_61B13000 WSAStartup,gethostbyname,socket,setsockopt,setsockopt,setsockopt,htons,sendto,sendto,recvfrom,recvfrom,ntohl,ntohl,ntohl,closesocket,WSACleanup,WSAGetLastError,closesocket,WSACleanup,SetLastError,WSAGetLastError,WSACleanup,SetLastError,		1_2_61B13000
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_61B13000 WSAStartup,gethostbyname,socket,setsockopt,setsockopt,setsockopt,htons,sendto,sendto,recvfrom,recvfrom,ntohl,ntohl,ntohl,closesocket,WSACleanup,WSAGetLastError,closesocket,WSACleanup,SetLastError,WSAGetLastError,WSACleanup,SetLastError,		6_2_61B13000

Contains functionality to communicate with device drivers

Source: C:\Users\user\Desktop\datasett.exe

Code function: 1_2_61B9F1F8: DeviceIoControl,

1_2_61B9F1F8

Contains functionality to shutdown / reboot the system

Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE00175AC0 _PyArg_ParseTuple_SizeT,PyEval_SaveThread,ExitWindowsEx,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,_Py_NoneStruct,_Py_NoneStruct,		6_2_00007FFE00175AC0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE00175B60 _PyArg_ParseTuple_SizeT,PyEval_SaveThread,ExitWindowsEx,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,_Py_NoneStruct,_Py_NoneStruct,		6_2_00007FFE00175B60

Detected potential crypto function

Source: C:\Users\user\Desktop\datasett.exe	Code function: 0_2_00007FF79968FA08	0_2_00007FF79968FA08
Source: C:\Users\user\Desktop\datasett.exe	Code function: 0_2_00007FF799694E20	0_2_00007FF799694E20
Source: C:\Users\user\Desktop\datasett.exe	Code function: 0_2_00007FF799695D6C	0_2_00007FF799695D6C
Source: C:\Users\user\Desktop\datasett.exe	Code function: 0_2_00007FF799676780	0_2_00007FF799676780
Source: C:\Users\user\Desktop\datasett.exe	Code function: 0_2_00007FF7996931CC	0_2_00007FF7996931CC
Source: C:\Users\user\Desktop\datasett.exe	Code function: 0_2_00007FF7996811C0	0_2_00007FF7996811C0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 0_2_00007FF7996909B4	0_2_00007FF7996909B4
Source: C:\Users\user\Desktop\datasett.exe	Code function: 0_2_00007FF7996809A0	0_2_00007FF7996809A0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 0_2_00007FF799671B90	0_2_00007FF799671B90
Source: C:\Users\user\Desktop\datasett.exe	Code function: 0_2_00007FF799698B68	0_2_00007FF799698B68
Source: C:\Users\user\Desktop\datasett.exe	Code function: 0_2_00007FF79968CC04	0_2_00007FF79968CC04
Source: C:\Users\user\Desktop\datasett.exe	Code function: 0_2_00007FF799682C04	0_2_00007FF799682C04
Source: C:\Users\user\Desktop\datasett.exe	Code function: 0_2_00007FF7996813C4	0_2_00007FF7996813C4
Source: C:\Users\user\Desktop\datasett.exe	Code function: 0_2_00007FF799688BA0	0_2_00007FF799688BA0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 0_2_00007FF799680BA4	0_2_00007FF799680BA4
Source: C:\Users\user\Desktop\datasett.exe	Code function: 0_2_00007FF799681E70	0_2_00007FF799681E70
Source: C:\Users\user\Desktop\datasett.exe	Code function: 0_2_00007FF799686714	0_2_00007FF799686714
Source: C:\Users\user\Desktop\datasett.exe	Code function: 0_2_00007FF79968FA08	0_2_00007FF79968FA08
Source: C:\Users\user\Desktop\datasett.exe	Code function: 0_2_00007FF799686560	0_2_00007FF799686560
Source: C:\Users\user\Desktop\datasett.exe	Code function: 0_2_00007FF799692D30	0_2_00007FF799692D30
Source: C:\Users\user\Desktop\datasett.exe	Code function: 0_2_00007FF799680DB0	0_2_00007FF799680DB0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 0_2_00007FF799686714	0_2_00007FF799686714
Source: C:\Users\user\Desktop\datasett.exe	Code function: 0_2_00007FF799695820	0_2_00007FF799695820
Source: C:\Users\user\Desktop\datasett.exe	Code function: 0_2_00007FF79968D098	0_2_00007FF79968D098
Source: C:\Users\user\Desktop\datasett.exe	Code function: 0_2_00007FF79969509C	0_2_00007FF79969509C
Source: C:\Users\user\Desktop\datasett.exe	Code function: 0_2_00007FF7996780A0	0_2_00007FF7996780A0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 0_2_00007FF799684F50	0_2_00007FF799684F50
Source: C:\Users\user\Desktop\datasett.exe	Code function: 0_2_00007FF79968D718	0_2_00007FF79968D718
Source: C:\Users\user\Desktop\datasett.exe	Code function: 0_2_00007FF799682800	0_2_00007FF799682800
Source: C:\Users\user\Desktop\datasett.exe	Code function: 0_2_00007FF799680FB4	0_2_00007FF799680FB4
Source: C:\Users\user\Desktop\datasett.exe	Code function: 0_2_00007FF799686F98	0_2_00007FF799686F98
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_61B04A60	1_2_61B04A60
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_61B05E70	1_2_61B05E70
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_61B3F1E2	1_2_61B3F1E2
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_61B25120	1_2_61B25120
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_61B16080	1_2_61B16080
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_61B21010	1_2_61B21010
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_61B5E310	1_2_61B5E310
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_61B56350	1_2_61B56350
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_61B46340	1_2_61B46340
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_61B0B290	1_2_61B0B290
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_61B07220	1_2_61B07220
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_61B7C5C0	1_2_61B7C5C0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_61B54530	1_2_61B54530
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_61B25510	1_2_61B25510
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_61B3F570	1_2_61B3F570
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_61B15400	1_2_61B15400
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_61B09710	1_2_61B09710
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_61B65690	1_2_61B65690
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_61B7E660	1_2_61B7E660
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_61B28900	1_2_61B28900
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_61B19960	1_2_61B19960
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_61B2B8D0	1_2_61B2B8D0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_61B55830	1_2_61B55830
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_61B10820	1_2_61B10820
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_61B06BA0	1_2_61B06BA0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_61B7CB90	1_2_61B7CB90
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_61B2BB50	1_2_61B2BB50
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_61B13B40	1_2_61B13B40
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_61B64A90	1_2_61B64A90
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_61B25A00	1_2_61B25A00
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_61B26A60	1_2_61B26A60
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_61B53D70	1_2_61B53D70
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_61B02D60	1_2_61B02D60
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_61B13CC0	1_2_61B13CC0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_61B14C20	1_2_61B14C20
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_61B56FC0	1_2_61B56FC0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_61B64F70	1_2_61B64F70
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_61B23F60	1_2_61B23F60
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_61B29F40	1_2_61B29F40
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_61B26E80	1_2_61B26E80
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_61B54E15	1_2_61B54E15
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_61B21E40	1_2_61B21E40
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FF799695D6C	1_2_00007FF799695D6C
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FF79968FA08	1_2_00007FF79968FA08
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FF7996931CC	1_2_00007FF7996931CC
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FF7996811C0	1_2_00007FF7996811C0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FF7996909B4	1_2_00007FF7996909B4
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FF7996809A0	1_2_00007FF7996809A0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FF799671B90	1_2_00007FF799671B90
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FF799698B68	1_2_00007FF799698B68
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FF79968CC04	1_2_00007FF79968CC04
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FF799682C04	1_2_00007FF799682C04
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FF7996813C4	1_2_00007FF7996813C4
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FF799688BA0	1_2_00007FF799688BA0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FF799680BA4	1_2_00007FF799680BA4
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FF799681E70	1_2_00007FF799681E70
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FF799694E20	1_2_00007FF799694E20
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FF799686714	1_2_00007FF799686714
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FF79968FA08	1_2_00007FF79968FA08
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FF799686560	1_2_00007FF799686560
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FF799692D30	1_2_00007FF799692D30
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FF799680DB0	1_2_00007FF799680DB0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FF799686714	1_2_00007FF799686714
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FF799695820	1_2_00007FF799695820
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FF79968D098	1_2_00007FF79968D098
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FF79969509C	1_2_00007FF79969509C
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FF7996780A0	1_2_00007FF7996780A0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FF799676780	1_2_00007FF799676780
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FF799684F50	1_2_00007FF799684F50
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FF79968D718	1_2_00007FF79968D718
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FF799682800	1_2_00007FF799682800
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FF799680FB4	1_2_00007FF799680FB4
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FF799686F98	1_2_00007FF799686F98
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAEA12C0	1_2_00007FFDFAEA12C0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAEA1890	1_2_00007FFDFAEA1890
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFB163B80	1_2_00007FFDFB163B80
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFB177BC0	1_2_00007FFDFB177BC0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC6A87	1_2_00007FFDFAFC6A87
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC655F	1_2_00007FFDFAFC655F
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC60A0	1_2_00007FFDFAFC60A0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFB02FA00	1_2_00007FFDFB02FA00
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC4165	1_2_00007FFDFAFC4165
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC3FDA	1_2_00007FFDFAFC3FDA
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC22E8	1_2_00007FFDFAFC22E8
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC21B7	1_2_00007FFDFAFC21B7
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC2766	1_2_00007FFDFAFC2766
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFB0F0010	1_2_00007FFDFB0F0010
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC32E7	1_2_00007FFDFAFC32E7
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFDBF20	1_2_00007FFDFAFDBF20
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC2289	1_2_00007FFDFAFC2289
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFDBD60	1_2_00007FFDFAFDBD60
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFB0F7CD0	1_2_00007FFDFB0F7CD0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC30C1	1_2_00007FFDFAFC30C1
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC6EF1	1_2_00007FFDFAFC6EF1
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC5D8A	1_2_00007FFDFAFC5D8A
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC29CD	1_2_00007FFDFAFC29CD
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC6CBC	1_2_00007FFDFAFC6CBC
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC114F	1_2_00007FFDFAFC114F
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFDF200	1_2_00007FFDFAFDF200
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFB0FB200	1_2_00007FFDFB0FB200
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFDF060	1_2_00007FFDFAFDF060
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC213F	1_2_00007FFDFAFC213F
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC704A	1_2_00007FFDFAFC704A
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFB1FF7D0	1_2_00007FFDFB1FF7D0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC1EA1	1_2_00007FFDFAFC1EA1
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC6F28	1_2_00007FFDFAFC6F28
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFEB850	1_2_00007FFDFAFEB850
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFEB4C0	1_2_00007FFDFAFEB4C0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFB0F74F0	1_2_00007FFDFB0F74F0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC5169	1_2_00007FFDFAFC5169
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC3B93	1_2_00007FFDFAFC3B93
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFB162C40	1_2_00007FFDFB162C40
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC60DC	1_2_00007FFDFAFC60DC
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC4E4E	1_2_00007FFDFAFC4E4E
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC5E25	1_2_00007FFDFAFC5E25
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFB14E870	1_2_00007FFDFB14E870
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC23F1	1_2_00007FFDFAFC23F1
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC4633	1_2_00007FFDFAFC4633
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC72C5	1_2_00007FFDFAFC72C5
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFB0A2EB0	1_2_00007FFDFB0A2EB0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFDEF00	1_2_00007FFDFAFDEF00
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC1B22	1_2_00007FFDFAFC1B22
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC4D04	1_2_00007FFDFAFC4D04
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC5DA3	1_2_00007FFDFAFC5DA3
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC5B0F	1_2_00007FFDFAFC5B0F
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC3486	1_2_00007FFDFAFC3486
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFB0F6310	1_2_00007FFDFB0F6310
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC57D1	1_2_00007FFDFAFC57D1
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC4746	1_2_00007FFDFAFC4746
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC378D	1_2_00007FFDFAFC378D
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC4359	1_2_00007FFDFAFC4359
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC1B31	1_2_00007FFDFAFC1B31
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC6FFF	1_2_00007FFDFAFC6FFF
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC1CC1	1_2_00007FFDFAFC1CC1
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFB0F2850	1_2_00007FFDFB0F2850
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC1A4B	1_2_00007FFDFAFC1A4B
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC5A60	1_2_00007FFDFAFC5A60
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC707C	1_2_00007FFDFAFC707C
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC3693	1_2_00007FFDFAFC3693
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFB179B90	1_2_00007FFDFB179B90
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC50AB	1_2_00007FFDFAFC50AB
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC35FD	1_2_00007FFDFAFC35FD
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFB161AD0	1_2_00007FFDFB161AD0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC59F7	1_2_00007FFDFAFC59F7
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC4F3E	1_2_00007FFDFAFC4F3E
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC638E	1_2_00007FFDFAFC638E
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC2135	1_2_00007FFDFAFC2135
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC53C1	1_2_00007FFDFAFC53C1
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC4AC5	1_2_00007FFDFAFC4AC5
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC54CF	1_2_00007FFDFAFC54CF
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC216C	1_2_00007FFDFAFC216C
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFB0F6010	1_2_00007FFDFB0F6010
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC72AC	1_2_00007FFDFAFC72AC
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC1622	1_2_00007FFDFAFC1622
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC2D0B	1_2_00007FFDFAFC2D0B
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC3BA2	1_2_00007FFDFAFC3BA2
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC736A	1_2_00007FFDFAFC736A
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC7257	1_2_00007FFDFAFC7257
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC1D83	1_2_00007FFDFAFC1D83
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC2982	1_2_00007FFDFAFC2982
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC1CFD	1_2_00007FFDFAFC1CFD
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC266C	1_2_00007FFDFAFC266C
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC3832	1_2_00007FFDFAFC3832
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC3A85	1_2_00007FFDFAFC3A85
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFB1793C0	1_2_00007FFDFB1793C0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC710D	1_2_00007FFDFAFC710D
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC53A8	1_2_00007FFDFAFC53A8
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFDD260	1_2_00007FFDFAFDD260
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC68CA	1_2_00007FFDFAFC68CA
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_61B04A60	6_2_61B04A60
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_61B05E70	6_2_61B05E70
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_61B3F1E2	6_2_61B3F1E2
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_61B25120	6_2_61B25120
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_61B16080	6_2_61B16080
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_61B21010	6_2_61B21010
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_61B5E310	6_2_61B5E310
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_61B56350	6_2_61B56350
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_61B46340	6_2_61B46340
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_61B0B290	6_2_61B0B290
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_61B07220	6_2_61B07220
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_61B7C5C0	6_2_61B7C5C0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_61B54530	6_2_61B54530
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_61B25510	6_2_61B25510
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_61B3F570	6_2_61B3F570
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_61B15400	6_2_61B15400
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_61B09710	6_2_61B09710
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_61B65690	6_2_61B65690
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_61B7E660	6_2_61B7E660
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_61B28900	6_2_61B28900
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_61B19960	6_2_61B19960
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_61B2B8D0	6_2_61B2B8D0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_61B55830	6_2_61B55830
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_61B10820	6_2_61B10820
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_61B06BA0	6_2_61B06BA0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_61B7CB90	6_2_61B7CB90
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_61B2BB50	6_2_61B2BB50
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_61B13B40	6_2_61B13B40
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_61B64A90	6_2_61B64A90
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_61B25A00	6_2_61B25A00
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_61B26A60	6_2_61B26A60
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_61B53D70	6_2_61B53D70
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_61B02D60	6_2_61B02D60
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_61B13CC0	6_2_61B13CC0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_61B14C20	6_2_61B14C20
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_61B56FC0	6_2_61B56FC0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_61B64F70	6_2_61B64F70
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_61B23F60	6_2_61B23F60
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_61B29F40	6_2_61B29F40
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_61B26E80	6_2_61B26E80
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_61B54E15	6_2_61B54E15
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_61B21E40	6_2_61B21E40
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D6A87	6_2_00007FFDFA6D6A87
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D655F	6_2_00007FFDFA6D655F
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA873B80	6_2_00007FFDFA873B80
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA887BC0	6_2_00007FFDFA887BC0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D22E8	6_2_00007FFDFA6D22E8
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D21B7	6_2_00007FFDFA6D21B7
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA73FA00	6_2_00007FFDFA73FA00
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D3FDA	6_2_00007FFDFA6D3FDA
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D60A0	6_2_00007FFDFA6D60A0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D4165	6_2_00007FFDFA6D4165
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D2289	6_2_00007FFDFA6D2289
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6EBF20	6_2_00007FFDFA6EBF20
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D32E7	6_2_00007FFDFA6D32E7
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA800010	6_2_00007FFDFA800010
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D2766	6_2_00007FFDFA6D2766
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D30C1	6_2_00007FFDFA6D30C1
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA807CD0	6_2_00007FFDFA807CD0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6EBD60	6_2_00007FFDFA6EBD60
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D6CBC	6_2_00007FFDFA6D6CBC
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D29CD	6_2_00007FFDFA6D29CD
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D5D8A	6_2_00007FFDFA6D5D8A
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D6EF1	6_2_00007FFDFA6D6EF1
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6EF060	6_2_00007FFDFA6EF060
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D213F	6_2_00007FFDFA6D213F
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA80B200	6_2_00007FFDFA80B200
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D114F	6_2_00007FFDFA6D114F
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6EF200	6_2_00007FFDFA6EF200
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D1EA1	6_2_00007FFDFA6D1EA1
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D6F28	6_2_00007FFDFA6D6F28
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6FB850	6_2_00007FFDFA6FB850
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D704A	6_2_00007FFDFA6D704A
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA90F7D0	6_2_00007FFDFA90F7D0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D3B93	6_2_00007FFDFA6D3B93
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6FB4C0	6_2_00007FFDFA6FB4C0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA8074F0	6_2_00007FFDFA8074F0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D5169	6_2_00007FFDFA6D5169
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA872C40	6_2_00007FFDFA872C40
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA85E870	6_2_00007FFDFA85E870
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D23F1	6_2_00007FFDFA6D23F1
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D5E25	6_2_00007FFDFA6D5E25
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D4E4E	6_2_00007FFDFA6D4E4E
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D60DC	6_2_00007FFDFA6D60DC
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D1B22	6_2_00007FFDFA6D1B22
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA7B2EB0	6_2_00007FFDFA7B2EB0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6EEF00	6_2_00007FFDFA6EEF00
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D72C5	6_2_00007FFDFA6D72C5
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D4633	6_2_00007FFDFA6D4633
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D5B0F	6_2_00007FFDFA6D5B0F
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D5DA3	6_2_00007FFDFA6D5DA3
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D4D04	6_2_00007FFDFA6D4D04
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA806310	6_2_00007FFDFA806310
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D3486	6_2_00007FFDFA6D3486
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D4746	6_2_00007FFDFA6D4746
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D378D	6_2_00007FFDFA6D378D
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D4359	6_2_00007FFDFA6D4359
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D1B31	6_2_00007FFDFA6D1B31
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D57D1	6_2_00007FFDFA6D57D1
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D1A4B	6_2_00007FFDFA6D1A4B
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D5A60	6_2_00007FFDFA6D5A60
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA802850	6_2_00007FFDFA802850
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D6FFF	6_2_00007FFDFA6D6FFF
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D1CC1	6_2_00007FFDFA6D1CC1
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D3693	6_2_00007FFDFA6D3693
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D707C	6_2_00007FFDFA6D707C
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA871AD0	6_2_00007FFDFA871AD0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D50AB	6_2_00007FFDFA6D50AB
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA889B90	6_2_00007FFDFA889B90
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D35FD	6_2_00007FFDFA6D35FD
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D4AC5	6_2_00007FFDFA6D4AC5
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D54CF	6_2_00007FFDFA6D54CF
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D216C	6_2_00007FFDFA6D216C
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D2135	6_2_00007FFDFA6D2135
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D53C1	6_2_00007FFDFA6D53C1
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D59F7	6_2_00007FFDFA6D59F7
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D4F3E	6_2_00007FFDFA6D4F3E
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D638E	6_2_00007FFDFA6D638E
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D3BA2	6_2_00007FFDFA6D3BA2
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D2D0B	6_2_00007FFDFA6D2D0B
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA806010	6_2_00007FFDFA806010
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D72AC	6_2_00007FFDFA6D72AC
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D1622	6_2_00007FFDFA6D1622
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D3A85	6_2_00007FFDFA6D3A85
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D1CFD	6_2_00007FFDFA6D1CFD
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D3832	6_2_00007FFDFA6D3832
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D266C	6_2_00007FFDFA6D266C
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D1D83	6_2_00007FFDFA6D1D83
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D736A	6_2_00007FFDFA6D736A
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D7257	6_2_00007FFDFA6D7257
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D2982	6_2_00007FFDFA6D2982
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6ED260	6_2_00007FFDFA6ED260
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D68CA	6_2_00007FFDFA6D68CA
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D710D	6_2_00007FFDFA6D710D
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D53A8	6_2_00007FFDFA6D53A8
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA8893C0	6_2_00007FFDFA8893C0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D3189	6_2_00007FFDFA6D3189
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D1F96	6_2_00007FFDFA6D1F96
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D144C	6_2_00007FFDFA6D144C
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA811170	6_2_00007FFDFA811170
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA7FD170	6_2_00007FFDFA7FD170
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6F5200	6_2_00007FFDFA6F5200
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D5510	6_2_00007FFDFA6D5510
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D3A8F	6_2_00007FFDFA6D3A8F
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D15C8	6_2_00007FFDFA6D15C8
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D54CA	6_2_00007FFDFA6D54CA
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D1299	6_2_00007FFDFA6D1299
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA8117A0	6_2_00007FFDFA8117A0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D6564	6_2_00007FFDFA6D6564
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D542F	6_2_00007FFDFA6D542F
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D560F	6_2_00007FFDFA6D560F
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D5F10	6_2_00007FFDFA6D5F10
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D44C6	6_2_00007FFDFA6D44C6
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D5BF0	6_2_00007FFDFA6D5BF0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D4287	6_2_00007FFDFA6D4287
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D5047	6_2_00007FFDFA6D5047
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D4B56	6_2_00007FFDFA6D4B56
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D11CC	6_2_00007FFDFA6D11CC
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D4C14	6_2_00007FFDFA6D4C14
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D6D5C	6_2_00007FFDFA6D6D5C
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D2D74	6_2_00007FFDFA6D2D74
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA884BC0	6_2_00007FFDFA884BC0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D2FCC	6_2_00007FFDFA6D2FCC
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D177B	6_2_00007FFDFA6D177B
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D22AC	6_2_00007FFDFA6D22AC
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D4A53	6_2_00007FFDFA6D4A53
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D275C	6_2_00007FFDFA6D275C
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D1140	6_2_00007FFDFA6D1140
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D10AA	6_2_00007FFDFA6D10AA
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D592F	6_2_00007FFDFA6D592F
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D1217	6_2_00007FFDFA6D1217
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D65A0	6_2_00007FFDFA6D65A0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D4403	6_2_00007FFDFA6D4403
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D362F	6_2_00007FFDFA6D362F
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D6EBF	6_2_00007FFDFA6D6EBF
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D26E9	6_2_00007FFDFA6D26E9
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D22FC	6_2_00007FFDFA6D22FC
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA810300	6_2_00007FFDFA810300
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D2E8C	6_2_00007FFDFA6D2E8C
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D1424	6_2_00007FFDFA6D1424
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D4101	6_2_00007FFDFA6D4101
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D5B73	6_2_00007FFDFA6D5B73
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D4C37	6_2_00007FFDFA6D4C37
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA780750	6_2_00007FFDFA780750
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D25EF	6_2_00007FFDFA6D25EF
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D69E7	6_2_00007FFDFA6D69E7
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D6C21	6_2_00007FFDFA6D6C21
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA7FC7D0	6_2_00007FFDFA7FC7D0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6EC480	6_2_00007FFDFA6EC480
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA888490	6_2_00007FFDFA888490
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D2C75	6_2_00007FFDFA6D2C75
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6EC620	6_2_00007FFDFA6EC620
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFB9B1890	6_2_00007FFDFB9B1890
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFB9B12C0	6_2_00007FFDFB9B12C0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE001745C0	6_2_00007FFE001745C0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE00173B20	6_2_00007FFE00173B20
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE00173740	6_2_00007FFE00173740
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE00737044	6_2_00007FFE00737044
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE00732470	6_2_00007FFE00732470
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE00731A00	6_2_00007FFE00731A00
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE00732EE0	6_2_00007FFE00732EE0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE00731B10	6_2_00007FFE00731B10
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE00735320	6_2_00007FFE00735320
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE0073F650	6_2_00007FFE0073F650
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE00731290	6_2_00007FFE00731290
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE00735C30	6_2_00007FFE00735C30
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE00738F80	6_2_00007FFE00738F80
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01300150	6_2_00007FFE01300150
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE012FC030	6_2_00007FFE012FC030
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE012F3A00	6_2_00007FFE012F3A00
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01380250	6_2_00007FFE01380250
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE0132256D	6_2_00007FFE0132256D
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01321BDB	6_2_00007FFE01321BDB
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE013220AE	6_2_00007FFE013220AE
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01380950	6_2_00007FFE01380950
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01326BA0	6_2_00007FFE01326BA0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01321537	6_2_00007FFE01321537

Found potential string decryption / allocating functions

Source: C:\Users\user\Desktop\datasett.exe	Code function: String function: 00007FFDFA6D4D68 appears 38 times
Source: C:\Users\user\Desktop\datasett.exe	Code function: String function: 00007FFDFA6D688E appears 31 times
Source: C:\Users\user\Desktop\datasett.exe	Code function: String function: 00007FFDFAFC4057 appears 531 times
Source: C:\Users\user\Desktop\datasett.exe	Code function: String function: 00007FFE0138D7E5 appears 42 times
Source: C:\Users\user\Desktop\datasett.exe	Code function: String function: 61B9EBF8 appears 112 times
Source: C:\Users\user\Desktop\datasett.exe	Code function: String function: 00007FFDFAFC24B9 appears 62 times
Source: C:\Users\user\Desktop\datasett.exe	Code function: String function: 00007FFDFAFC1EF1 appears 904 times
Source: C:\Users\user\Desktop\datasett.exe	Code function: String function: 00007FFE001AC0A0 appears 47 times
Source: C:\Users\user\Desktop\datasett.exe	Code function: String function: 00007FFDFA6D698D appears 49 times
Source: C:\Users\user\Desktop\datasett.exe	Code function: String function: 00007FFDFA6D300D appears 55 times
Source: C:\Users\user\Desktop\datasett.exe	Code function: String function: 00007FFDFAFC300D appears 50 times
Source: C:\Users\user\Desktop\datasett.exe	Code function: String function: 00007FFE012F3850 appears 51 times
Source: C:\Users\user\Desktop\datasett.exe	Code function: String function: 00007FFDFAFC698D appears 35 times
Source: C:\Users\user\Desktop\datasett.exe	Code function: String function: 00007FFDFA6D1EF1 appears 1581 times
Source: C:\Users\user\Desktop\datasett.exe	Code function: String function: 61B1B860 appears 450 times
Source: C:\Users\user\Desktop\datasett.exe	Code function: String function: 00007FFDFA6D24B9 appears 83 times
Source: C:\Users\user\Desktop\datasett.exe	Code function: String function: 00007FFDFA6D4057 appears 782 times
Source: C:\Users\user\Desktop\datasett.exe	Code function: String function: 00007FFDFAFC2A04 appears 95 times
Source: C:\Users\user\Desktop\datasett.exe	Code function: String function: 00007FFDFA6D2734 appears 511 times
Source: C:\Users\user\Desktop\datasett.exe	Code function: String function: 00007FFE0138D74F appears 63 times
Source: C:\Users\user\Desktop\datasett.exe	Code function: String function: 00007FFDFAFC483B appears 90 times
Source: C:\Users\user\Desktop\datasett.exe	Code function: String function: 00007FFE012F38C0 appears 96 times
Source: C:\Users\user\Desktop\datasett.exe	Code function: String function: 00007FFDFAFC2734 appears 357 times
Source: C:\Users\user\Desktop\datasett.exe	Code function: String function: 00007FFDFA6D2A04 appears 172 times
Source: C:\Users\user\Desktop\datasett.exe	Code function: String function: 00007FFE013212EE appears 216 times
Source: C:\Users\user\Desktop\datasett.exe	Code function: String function: 00007FFDFA6D483B appears 128 times
Source: C:\Users\user\Desktop\datasett.exe	Code function: String function: 61B9EC40 appears 94 times
Source: C:\Users\user\Desktop\datasett.exe	Code function: String function: 00007FF799672770 appears 82 times

PE file contains executable resources (Code or Archives)

Source: sapi.dll.0.dr	Static PE information: Resource name: DATA type: a.out little-endian 32-bit pure executable not stripped
Source: srloc.dll.0.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: SpeechUX.dll.mui.0.dr	Static PE information: Resource name: RT_STRING type: COM executable for DOS
Source: SpeechUXRes.dll.0.dr	Static PE information: Resource name: SRGRAMMARS type: COM executable for DOS
Source: SpeechUX.dll.mui0.0.dr	Static PE information: Resource name: RT_STRING type: COM executable for DOS
Source: unicodedata.pyd.0.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: SpeechUXRes.dll.5.dr	Static PE information: Resource name: SRGRAMMARS type: COM executable for DOS
Source: SpeechUX.dll.mui.5.dr	Static PE information: Resource name: RT_STRING type: COM executable for DOS
Source: sapi.dll.5.dr	Static PE information: Resource name: DATA type: a.out little-endian 32-bit pure executable not stripped
Source: srloc.dll.5.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: SpeechUX.dll.mui0.5.dr	Static PE information: Resource name: RT_STRING type: COM executable for DOS
Source: unicodedata.pyd.5.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS

PE file contains more sections than normal

Source: pyarmor_runtime.pyd.0.dr	Static PE information: Number of sections : 11 > 10
Source: pyarmor_runtime.pyd0.5.dr	Static PE information: Number of sections : 11 > 10
Source: pyarmor_runtime.pyd.5.dr	Static PE information: Number of sections : 11 > 10
Source: pyarmor_runtime.pyd0.0.dr	Static PE information: Number of sections : 11 > 10

PE file does not import any functions

Source: srloc.dll.mui.0.dr	Static PE information: No import functions for PE file found
Source: sapi.dll.mui.0.dr	Static PE information: No import functions for PE file found
Source: speechuxcpl.dll.mui0.0.dr	Static PE information: No import functions for PE file found
Source: SpeechUXRes.dll.0.dr	Static PE information: No import functions for PE file found
Source: speechuxcpl.dll.mui.5.dr	Static PE information: No import functions for PE file found
Source: SpeechUX.dll.mui0.5.dr	Static PE information: No import functions for PE file found
Source: sapi.dll.mui.5.dr	Static PE information: No import functions for PE file found
Source: SpeechUXWiz.exe.mui0.0.dr	Static PE information: No import functions for PE file found
Source: sapi.cpl.mui.5.dr	Static PE information: No import functions for PE file found
Source: srloc.dll.mui.5.dr	Static PE information: No import functions for PE file found
Source: SpeechUX.dll.mui0.0.dr	Static PE information: No import functions for PE file found
Source: SpeechUXWiz.exe.mui.0.dr	Static PE information: No import functions for PE file found
Source: SpeechUX.dll.mui.5.dr	Static PE information: No import functions for PE file found
Source: SpeechUXRes.dll.5.dr	Static PE information: No import functions for PE file found
Source: SpeechUX.dll.mui.0.dr	Static PE information: No import functions for PE file found
Source: sapi.cpl.mui.0.dr	Static PE information: No import functions for PE file found
Source: SpeechUXWiz.exe.mui.5.dr	Static PE information: No import functions for PE file found
Source: speechuxcpl.dll.mui0.5.dr	Static PE information: No import functions for PE file found
Source: SpeechUXWiz.exe.mui0.5.dr	Static PE information: No import functions for PE file found
Source: speechuxcpl.dll.mui.0.dr	Static PE information: No import functions for PE file found

Sample file is different than original file name gathered from version info

Source: datasett.exe	Binary or memory string: OriginalFilename vs datasett.exe
Source: datasett.exe, 00000000.00000003.1674020513.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamespsreng.dllj% vs datasett.exe
Source: datasett.exe, 00000000.00000003.1667992268.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_decimal.pyd. vs datasett.exe
Source: datasett.exe, 00000000.00000003.1672913711.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamewin32api.pyd0 vs datasett.exe
Source: datasett.exe, 00000000.00000003.1674699694.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamesrloc.dllj% vs datasett.exe
Source: datasett.exe, 00000000.00000002.2912010188.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameAlterVoiceStudio.exeD vs datasett.exe
Source: datasett.exe, 00000000.00000003.1667214039.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamevcruntime140.dllT vs datasett.exe
Source: datasett.exe, 00000000.00000003.1672614789.000002CBEB84F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameunicodedata.pyd. vs datasett.exe
Source: datasett.exe, 00000000.00000003.1668412980.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_queue.pyd. vs datasett.exe
Source: datasett.exe, 00000000.00000003.1673033158.000002CBEB855000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamewin32event.pyd0 vs datasett.exe
Source: datasett.exe, 00000000.00000003.1676889875.000002CBEB84B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSpeechUXWiz.exe.muij% vs datasett.exe
Source: datasett.exe, 00000000.00000003.1676960490.000002CBEB856000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSapi.cpl.muij% vs datasett.exe
Source: datasett.exe, 00000000.00000003.1673033158.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamewin32event.pyd0 vs datasett.exe
Source: datasett.exe, 00000000.00000003.1668493540.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_socket.pyd. vs datasett.exe
Source: datasett.exe, 00000000.00000003.1667482511.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_bz2.pyd. vs datasett.exe
Source: datasett.exe, 00000000.00000003.1668598107.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_ssl.pyd. vs datasett.exe
Source: datasett.exe, 00000000.00000003.1673844624.000002CBEB84B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamesrloc.dll.muij% vs datasett.exe
Source: datasett.exe, 00000000.00000003.1668275108.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_lzma.pyd. vs datasett.exe
Source: datasett.exe, 00000000.00000003.1672434725.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameselect.pyd. vs datasett.exe
Source: datasett.exe, 00000000.00000003.1677122523.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSpeechUX.dll.muij% vs datasett.exe
Source: datasett.exe, 00000000.00000003.1677326922.000002CBEB84B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSPEECHUXCPL.DLL.MUIr) vs datasett.exe
Source: datasett.exe, 00000000.00000003.1673150638.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamesapi.dll.muij% vs datasett.exe
Source: datasett.exe, 00000000.00000003.1676047096.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSpeechDesktopPS.dllj% vs datasett.exe
Source: datasett.exe, 00000000.00000003.1670119905.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamelibsslH vs datasett.exe
Source: datasett.exe, 00000000.00000003.1677039105.000002CBEB856000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSapi.cpl.muij% vs datasett.exe
Source: datasett.exe, 00000000.00000003.1668128706.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_hashlib.pyd. vs datasett.exe
Source: datasett.exe, 00000000.00000003.1676344044.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSpeechUX.dll.muij% vs datasett.exe
Source: datasett.exe, 00000000.00000003.1676960490.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSapi.cpl.muij% vs datasett.exe
Source: datasett.exe, 00000000.00000003.1677053962.000002CBEB84B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSPEECHUXCPL.DLL.MUIj% vs datasett.exe
Source: datasett.exe, 00000000.00000003.1676889875.000002CBEB84D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSpeechUXWiz.exe.muij% vs datasett.exe
Source: datasett.exe, 00000000.00000003.1677235733.000002CBEB84B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSpeechUXWiz.exe.muij% vs datasett.exe
Source: datasett.exe, 00000000.00000003.1667583401.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_ctypes.pyd. vs datasett.exe
Source: datasett.exe, 00000000.00000003.1675507745.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSpTip.dllj% vs datasett.exe
Source: datasett.exe, 00000000.00000003.1674537321.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamespsrx.dllj% vs datasett.exe
Source: datasett.exe, 00000000.00000003.1672316104.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamepywintypes39.dll0 vs datasett.exe
Source: datasett.exe, 00000000.00000003.1667361976.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamevcruntime140_1.dllT vs datasett.exe
Source: datasett.exe, 00000000.00000003.1674987749.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMSTTSEngine.dllN vs datasett.exe
Source: datasett.exe, 00000000.00000003.1677235733.000002CBEB84D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSpeechUXWiz.exe.muij% vs datasett.exe
Source: datasett.exe, 00000000.00000003.1668777531.000002CBEB845000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_uuid.pyd. vs datasett.exe
Source: datasett.exe, 00000000.00000003.1675300626.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMSTTSLoc.dllN vs datasett.exe
Source: datasett.exe	Binary or memory string: OriginalFilename vs datasett.exe
Source: datasett.exe, 00000001.00000002.2916944161.00007FFE11EDD000.00000002.00000001.01000000.00000006.sdmp	Binary or memory string: OriginalFilename_ctypes.pyd. vs datasett.exe
Source: datasett.exe, 00000001.00000002.2916484664.00007FFE11524000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: OriginalFilename_ssl.pyd. vs datasett.exe
Source: datasett.exe, 00000001.00000002.2916800351.00007FFE11EAF000.00000002.00000001.01000000.0000000E.sdmp	Binary or memory string: OriginalFilename_hashlib.pyd. vs datasett.exe
Source: datasett.exe, 00000001.00000002.2917100720.00007FFE120C6000.00000002.00000001.01000000.00000015.sdmp	Binary or memory string: OriginalFilename_uuid.pyd. vs datasett.exe
Source: datasett.exe, 00000001.00000002.2915584144.00007FFDFB75F000.00000002.00000001.01000000.00000004.sdmp	Binary or memory string: OriginalFilenamepython39.dll. vs datasett.exe
Source: datasett.exe, 00000001.00000002.2914192435.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameAlterVoiceStudio.exeD vs datasett.exe
Source: datasett.exe, 00000001.00000002.2917498541.00007FFE13313000.00000002.00000001.01000000.00000009.sdmp	Binary or memory string: OriginalFilename_socket.pyd. vs datasett.exe
Source: datasett.exe, 00000001.00000002.2916154228.00007FFE0EB66000.00000002.00000001.01000000.00000014.sdmp	Binary or memory string: OriginalFilename_lzma.pyd. vs datasett.exe
Source: datasett.exe, 00000001.00000002.2915055494.00007FFDFB307000.00000002.00000001.01000000.0000000C.sdmp	Binary or memory string: OriginalFilenamelibcryptoH vs datasett.exe
Source: datasett.exe, 00000001.00000002.2914549078.00007FFDFAFB1000.00000002.00000001.01000000.00000012.sdmp	Binary or memory string: OriginalFilenameunicodedata.pyd. vs datasett.exe
Source: datasett.exe, 00000001.00000002.2917610398.00007FFE148E7000.00000002.00000001.01000000.0000000A.sdmp	Binary or memory string: OriginalFilenameselect.pyd. vs datasett.exe
Source: datasett.exe, 00000001.00000002.2916349751.00007FFE10314000.00000002.00000001.01000000.00000013.sdmp	Binary or memory string: OriginalFilename_bz2.pyd. vs datasett.exe
Source: datasett.exe, 00000001.00000002.2917387043.00007FFE130C6000.00000002.00000001.01000000.0000000F.sdmp	Binary or memory string: OriginalFilename_queue.pyd. vs datasett.exe
Source: datasett.exe, 00000001.00000002.2916584856.00007FFE117E9000.00000002.00000001.01000000.00000018.sdmp	Binary or memory string: OriginalFilenamevcruntime140_1.dllT vs datasett.exe
Source: datasett.exe, 00000001.00000002.2916679572.00007FFE11BB9000.00000002.00000001.01000000.00000016.sdmp	Binary or memory string: OriginalFilenamewin32event.pyd0 vs datasett.exe
Source: datasett.exe, 00000001.00000002.2915877295.00007FFE0E151000.00000002.00000001.01000000.00000019.sdmp	Binary or memory string: OriginalFilenamewin32api.pyd0 vs datasett.exe
Source: datasett.exe, 00000001.00000002.2915732229.00007FFE0147A000.00000002.00000001.01000000.0000000D.sdmp	Binary or memory string: OriginalFilenamelibsslH vs datasett.exe
Source: datasett.exe, 00000001.00000002.2917807888.00007FFE1A487000.00000002.00000001.01000000.00000005.sdmp	Binary or memory string: OriginalFilenamevcruntime140.dllT vs datasett.exe
Source: datasett.exe, 00000001.00000002.2916001037.00007FFE0E181000.00000002.00000001.01000000.00000017.sdmp	Binary or memory string: OriginalFilenamepywintypes39.dll0 vs datasett.exe
Source: datasett.exe, 00000005.00000003.1724313754.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamelibsslH vs datasett.exe
Source: datasett.exe, 00000005.00000003.1734914929.000001D3521DB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSpeechUXWiz.exe.muij% vs datasett.exe
Source: datasett.exe, 00000005.00000003.1716634961.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamevcruntime140_1.dllT vs datasett.exe
Source: datasett.exe, 00000005.00000003.1729771015.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMSTTSEngine.dllN vs datasett.exe
Source: datasett.exe, 00000005.00000003.1730118682.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMSTTSLoc.dllN vs datasett.exe
Source: datasett.exe, 00000005.00000003.1734540252.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSapi.cpl.muij% vs datasett.exe
Source: datasett.exe, 00000005.00000003.1729432259.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamesrloc.dllj% vs datasett.exe
Source: datasett.exe, 00000005.00000003.1735086002.000001D3521DB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSPEECHUXCPL.DLL.MUIr) vs datasett.exe
Source: datasett.exe, 00000005.00000003.1716510320.000001D3521D3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamevcruntime140.dllT vs datasett.exe
Source: datasett.exe, 00000005.00000000.1715429033.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameAlterVoiceStudio.exeD vs datasett.exe
Source: datasett.exe, 00000005.00000003.1727990973.000001D3521E4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamewin32event.pyd0 vs datasett.exe
Source: datasett.exe, 00000005.00000003.1734540252.000001D3521E5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSapi.cpl.muij% vs datasett.exe
Source: datasett.exe, 00000005.00000003.1716730085.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_bz2.pyd. vs datasett.exe
Source: datasett.exe, 00000005.00000003.1734368031.000001D3521DA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSpeechUXWiz.exe.muij% vs datasett.exe
Source: datasett.exe, 00000005.00000003.1727098761.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamepywintypes39.dll0 vs datasett.exe
Source: datasett.exe, 00000005.00000003.1733652317.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSpeechUX.dll.muij% vs datasett.exe
Source: datasett.exe, 00000005.00000003.1727990973.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamewin32event.pyd0 vs datasett.exe
Source: datasett.exe, 00000005.00000003.1734368031.000001D3521DC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSpeechUXWiz.exe.muij% vs datasett.exe
Source: datasett.exe, 00000005.00000003.1729263501.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamespsrx.dllj% vs datasett.exe
Source: datasett.exe, 00000005.00000003.1728763769.000001D3521DA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamesrloc.dll.muij% vs datasett.exe
Source: datasett.exe, 00000005.00000003.1718158484.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_decimal.pyd. vs datasett.exe
Source: datasett.exe, 00000005.00000003.1734761939.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSpeechUX.dll.muij% vs datasett.exe
Source: datasett.exe, 00000005.00000003.1728939437.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamespsreng.dllj% vs datasett.exe
Source: datasett.exe, 00000005.00000003.1721207686.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_lzma.pyd. vs datasett.exe
Source: datasett.exe, 00000005.00000003.1722195369.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_ssl.pyd. vs datasett.exe
Source: datasett.exe, 00000005.00000003.1730534935.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSpTip.dllj% vs datasett.exe
Source: datasett.exe, 00000005.00000003.1734663614.000001D3521DA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSPEECHUXCPL.DLL.MUIj% vs datasett.exe
Source: datasett.exe, 00000005.00000003.1720689626.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_hashlib.pyd. vs datasett.exe
Source: datasett.exe, 00000005.00000003.1727515209.000001D3521DE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameunicodedata.pyd. vs datasett.exe
Source: datasett.exe, 00000005.00000003.1727863582.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamewin32api.pyd0 vs datasett.exe
Source: datasett.exe, 00000005.00000003.1731666439.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSpeechDesktopPS.dllj% vs datasett.exe
Source: datasett.exe, 00000005.00000003.1734642486.000001D3521E5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSapi.cpl.muij% vs datasett.exe
Source: datasett.exe, 00000005.00000003.1717756841.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_ctypes.pyd. vs datasett.exe
Source: datasett.exe, 00000005.00000003.1734914929.000001D3521DD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSpeechUXWiz.exe.muij% vs datasett.exe
Source: datasett.exe, 00000005.00000003.1721765801.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_queue.pyd. vs datasett.exe
Source: datasett.exe, 00000005.00000003.1721954880.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_socket.pyd. vs datasett.exe
Source: datasett.exe, 00000005.00000003.1728126740.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamesapi.dll.muij% vs datasett.exe
Source: datasett.exe, 00000005.00000003.1722333278.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_uuid.pyd. vs datasett.exe
Source: datasett.exe, 00000005.00000003.1727282533.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameselect.pyd. vs datasett.exe
Source: datasett.exe	Binary or memory string: OriginalFilename vs datasett.exe
Source: datasett.exe, 00000006.00000002.1760848787.00007FFE0CFB4000.00000002.00000001.01000000.00000021.sdmp	Binary or memory string: OriginalFilename_ssl.pyd. vs datasett.exe
Source: datasett.exe, 00000006.00000000.1738888571.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameAlterVoiceStudio.exeD vs datasett.exe
Source: datasett.exe, 00000006.00000003.1743133519.000002884E370000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamekernel32j% vs datasett.exe
Source: datasett.exe, 00000006.00000002.1760707760.00007FFE0CF86000.00000002.00000001.01000000.0000002B.sdmp	Binary or memory string: OriginalFilename_uuid.pyd. vs datasett.exe
Source: datasett.exe, 00000006.00000002.1760610520.00007FFE0C0BF000.00000002.00000001.01000000.00000024.sdmp	Binary or memory string: OriginalFilename_hashlib.pyd. vs datasett.exe
Source: datasett.exe, 00000006.00000002.1759792495.00007FFE001C1000.00000002.00000001.01000000.0000002D.sdmp	Binary or memory string: OriginalFilenamepywintypes39.dll0 vs datasett.exe
Source: datasett.exe, 00000006.00000002.1759590870.00007FFDFBAC1000.00000002.00000001.01000000.00000028.sdmp	Binary or memory string: OriginalFilenameunicodedata.pyd. vs datasett.exe
Source: datasett.exe, 00000006.00000002.1759366858.00007FFDFAE6F000.00000002.00000001.01000000.0000001A.sdmp	Binary or memory string: OriginalFilenamepython39.dll. vs datasett.exe
Source: datasett.exe, 00000006.00000002.1760517859.00007FFE0C0A9000.00000002.00000001.01000000.0000002C.sdmp	Binary or memory string: OriginalFilenamewin32event.pyd0 vs datasett.exe
Source: datasett.exe, 00000006.00000002.1760322676.00007FFE014D4000.00000002.00000001.01000000.00000029.sdmp	Binary or memory string: OriginalFilename_bz2.pyd. vs datasett.exe
Source: datasett.exe, 00000006.00000002.1761643586.00007FFE101E7000.00000002.00000001.01000000.0000001B.sdmp	Binary or memory string: OriginalFilenamevcruntime140.dllT vs datasett.exe
Source: datasett.exe, 00000006.00000002.1758860580.00007FFDFAA17000.00000002.00000001.01000000.00000022.sdmp	Binary or memory string: OriginalFilenamelibcryptoH vs datasett.exe
Source: datasett.exe, 00000006.00000002.1759686551.00007FFE00191000.00000002.00000001.01000000.0000002F.sdmp	Binary or memory string: OriginalFilenamewin32api.pyd0 vs datasett.exe
Source: datasett.exe, 00000006.00000002.1760950584.00007FFE0CFDD000.00000002.00000001.01000000.0000001C.sdmp	Binary or memory string: OriginalFilename_ctypes.pyd. vs datasett.exe
Source: datasett.exe, 00000006.00000002.1761822873.00007FFE10236000.00000002.00000001.01000000.00000025.sdmp	Binary or memory string: OriginalFilename_queue.pyd. vs datasett.exe
Source: datasett.exe, 00000006.00000002.1760423174.00007FFE0B2C9000.00000002.00000001.01000000.0000002E.sdmp	Binary or memory string: OriginalFilenamevcruntime140_1.dllT vs datasett.exe
Source: datasett.exe, 00000006.00000002.1760185978.00007FFE013CA000.00000002.00000001.01000000.00000023.sdmp	Binary or memory string: OriginalFilenamelibsslH vs datasett.exe
Source: datasett.exe, 00000006.00000002.1761222692.00007FFE0EB33000.00000002.00000001.01000000.0000001F.sdmp	Binary or memory string: OriginalFilename_socket.pyd. vs datasett.exe
Source: datasett.exe, 00000006.00000002.1759911027.00007FFE00756000.00000002.00000001.01000000.0000002A.sdmp	Binary or memory string: OriginalFilename_lzma.pyd. vs datasett.exe
Source: datasett.exe, 00000006.00000002.1761977331.00007FFE11077000.00000002.00000001.01000000.00000020.sdmp	Binary or memory string: OriginalFilenameselect.pyd. vs datasett.exe
Source: datasett.exe	Binary or memory string: OriginalFilenameAlterVoiceStudio.exeD vs datasett.exe

Source: classification engine

Classification label: mal76.evad.winEXE@11/104@1/1

Source: C:\Users\user\Desktop\datasett.exe

Code function: 0_2_00007FF7996774B0 GetLastError,FormatMessageW,WideCharToMultiByte,

0_2_00007FF7996774B0

Source: C:\Users\user\Desktop\datasett.exe

Code function: 6_2_00007FFE00174DD0 _Py_NoneStruct,_PyArg_ParseTuple_SizeT,?PyWinObject_AsWCHAR@@YAHPEAU_object@@PEAPEA_WHPEAK@Z,PyEval_SaveThread,GetDiskFreeSpaceW,PyEval_RestoreThread,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,_Py_BuildValue_SizeT,

6_2_00007FFE00174DD0

Source: C:\Users\user\Desktop\datasett.exe

Code function: 6_2_00007FFE0017CC40 _PyArg_ParseTuple_SizeT,?PyWinObject_AsHANDLE@@YAHPEAU_object@@PEAPEAX@Z,?PyWinObject_AsResourceId@@YAHPEAU_object@@PEAPEA_WH@Z,?PyWinObject_AsResourceId@@YAHPEAU_object@@PEAPEA_WH@Z,FindResourceExW,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,SizeofResource,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,LoadResource,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,LockResource,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,PyBytes_FromStringAndSize,?PyWinObject_FreeResourceId@@YAXPEA_W@Z,?PyWinObject_FreeResourceId@@YAXPEA_W@Z,

6_2_00007FFE0017CC40

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1448:120:WilError_03
Source: C:\Users\user\Desktop\datasett.exe	Mutant created: \Sessions\1\BaseNamedObjects\Progaxxx82

Source: C:\Users\user\Desktop\datasett.exe

File created: C:\Users\user\AppData\Local\Temp\_MEI68642

Jump to behavior

Source: datasett.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\datasett.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: datasett.exe

ReversingLabs: Detection: 34%

Source: C:\Users\user\Desktop\datasett.exe

File read: C:\Users\user\Desktop\datasett.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\datasett.exe "C:\Users\user\Desktop\datasett.exe"
Source: C:\Users\user\Desktop\datasett.exe	Process created: C:\Users\user\Desktop\datasett.exe "C:\Users\user\Desktop\datasett.exe"
Source: C:\Users\user\Desktop\datasett.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c schtasks /create /sc MINUTE /mo 15 /tn "VirboUpd" /tr "C:\Users\user\Desktop\datasett.exe" /f
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks /create /sc MINUTE /mo 15 /tn "VirboUpd" /tr "C:\Users\user\Desktop\datasett.exe" /f
Source: unknown	Process created: C:\Users\user\Desktop\datasett.exe C:\Users\user\Desktop\datasett.exe
Source: C:\Users\user\Desktop\datasett.exe	Process created: C:\Users\user\Desktop\datasett.exe C:\Users\user\Desktop\datasett.exe
Source: C:\Users\user\Desktop\datasett.exe	Process created: C:\Users\user\Desktop\datasett.exe "C:\Users\user\Desktop\datasett.exe"	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c schtasks /create /sc MINUTE /mo 15 /tn "VirboUpd" /tr "C:\Users\user\Desktop\datasett.exe" /f	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks /create /sc MINUTE /mo 15 /tn "VirboUpd" /tr "C:\Users\user\Desktop\datasett.exe" /f	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Process created: C:\Users\user\Desktop\datasett.exe C:\Users\user\Desktop\datasett.exe	Jump to behavior

Source: C:\Users\user\Desktop\datasett.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Section loaded: python3.dll	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Section loaded: libffi-7.dll	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Section loaded: libcrypto-1_1.dll	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Section loaded: libssl-1_1.dll	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Section loaded: pywintypes39.dll	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Section loaded: vcruntime140_1.dll	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Section loaded: python3.dll	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Section loaded: libffi-7.dll	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Section loaded: libcrypto-1_1.dll	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Section loaded: libssl-1_1.dll	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Section loaded: pywintypes39.dll	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Section loaded: vcruntime140_1.dll	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Section loaded: kernel.appcore.dll	Jump to behavior

Source: C:\Users\user\Desktop\datasett.exe

File opened: C:\Users\user\Desktop\pyvenv.cfg

Jump to behavior

Source: datasett.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: datasett.exe

Static file information: File size 11185705 > 1048576

Source: datasett.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: datasett.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: datasett.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: datasett.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: datasett.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: datasett.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: datasett.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE

Source: datasett.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: D:\_w\1\b\bin\amd64\_decimal.pdb## source: _decimal.pyd.0.dr
Source:	Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-39\Release\win32event.pdb source: datasett.exe, 00000000.00000003.1673033158.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2916641506.00007FFE11BB5000.00000002.00000001.01000000.00000016.sdmp, datasett.exe, 00000005.00000003.1727990973.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1760479789.00007FFE0C0A5000.00000002.00000001.01000000.0000002C.sdmp
Source:	Binary string: D:\_w\1\b\bin\amd64\_lzma.pdbMM source: datasett.exe, 00000000.00000003.1668275108.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2916066006.00007FFE0EB5D000.00000002.00000001.01000000.00000014.sdmp, datasett.exe, 00000005.00000003.1721207686.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1759850177.00007FFE0074D000.00000002.00000001.01000000.0000002A.sdmp, _lzma.pyd.5.dr
Source:	Binary string: D:\_w\1\b\bin\amd64\select.pdb source: datasett.exe, 00000000.00000003.1672434725.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2917570393.00007FFE148E4000.00000002.00000001.01000000.0000000A.sdmp, datasett.exe, 00000005.00000003.1727282533.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1761926164.00007FFE11074000.00000002.00000001.01000000.00000020.sdmp, select.pyd.5.dr, select.pyd.0.dr
Source:	Binary string: D:\_w\1\b\bin\amd64\_uuid.pdb source: datasett.exe, 00000000.00000003.1668777531.000002CBEB845000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2917028198.00007FFE120C3000.00000002.00000001.01000000.00000015.sdmp, datasett.exe, 00000005.00000003.1722333278.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1760668819.00007FFE0CF83000.00000002.00000001.01000000.0000002B.sdmp, _uuid.pyd.0.dr
Source:	Binary string: MSTTSLoc.pdbGCTL source: MSTTSLoc.dll.0.dr
Source:	Binary string: D:\_w\1\b\libssl-1_1.pdb source: datasett.exe, 00000001.00000002.2915687874.00007FFE01445000.00000002.00000001.01000000.0000000D.sdmp, datasett.exe, 00000006.00000002.1760119655.00007FFE01395000.00000002.00000001.01000000.00000023.sdmp
Source:	Binary string: D:\_w\1\b\bin\amd64\_bz2.pdb source: datasett.exe, 00000000.00000003.1667482511.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2916312250.00007FFE1030E000.00000002.00000001.01000000.00000013.sdmp, datasett.exe, 00000005.00000003.1716730085.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1760283252.00007FFE014CE000.00000002.00000001.01000000.00000029.sdmp
Source:	Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: datasett.exe, 00000001.00000002.2914870560.00007FFDFB20F000.00000002.00000001.01000000.0000000C.sdmp, datasett.exe, 00000006.00000002.1758697606.00007FFDFA91F000.00000002.00000001.01000000.00000022.sdmp
Source:	Binary string: SpeechUX.pdb source: SpeechUX.dll.5.dr
Source:	Binary string: D:\_w\1\b\bin\amd64\_queue.pdb source: datasett.exe, 00000000.00000003.1668412980.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2917339362.00007FFE130C3000.00000002.00000001.01000000.0000000F.sdmp, datasett.exe, 00000005.00000003.1721765801.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1761741700.00007FFE10233000.00000002.00000001.01000000.00000025.sdmp
Source:	Binary string: D:\_w\1\b\bin\amd64\_ssl.pdb source: datasett.exe, 00000001.00000002.2916407431.00007FFE1150D000.00000002.00000001.01000000.0000000B.sdmp, datasett.exe, 00000006.00000002.1760767373.00007FFE0CF9D000.00000002.00000001.01000000.00000021.sdmp, _ssl.pyd.5.dr
Source:	Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-39\Release\win32api.pdb!! source: datasett.exe, 00000001.00000002.2915837657.00007FFE0E143000.00000002.00000001.01000000.00000019.sdmp, datasett.exe, 00000006.00000002.1759648415.00007FFE00183000.00000002.00000001.01000000.0000002F.sdmp, win32api.pyd.0.dr, win32api.pyd.5.dr
Source:	Binary string: D:\_w\1\b\bin\amd64\_hashlib.pdb source: datasett.exe, 00000000.00000003.1668128706.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2916749884.00007FFE11EA7000.00000002.00000001.01000000.0000000E.sdmp, datasett.exe, 00000005.00000003.1720689626.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1760572192.00007FFE0C0B7000.00000002.00000001.01000000.00000024.sdmp
Source:	Binary string: SpTip.pdbGCTL source: datasett.exe, 00000000.00000003.1675507745.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1730534935.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\a01\_work\4\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: datasett.exe, 00000000.00000003.1667361976.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2916545747.00007FFE117E5000.00000002.00000001.01000000.00000018.sdmp, datasett.exe, 00000005.00000003.1716634961.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1760381109.00007FFE0B2C5000.00000002.00000001.01000000.0000002E.sdmp
Source:	Binary string: D:\_w\1\b\bin\amd64\_lzma.pdb source: datasett.exe, 00000000.00000003.1668275108.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2916066006.00007FFE0EB5D000.00000002.00000001.01000000.00000014.sdmp, datasett.exe, 00000005.00000003.1721207686.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1759850177.00007FFE0074D000.00000002.00000001.01000000.0000002A.sdmp, _lzma.pyd.5.dr
Source:	Binary string: in32event.pdb source: datasett.exe
Source:	Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1n 15 Mar 2022built on: Tue Mar 15 18:32:50 2022 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: datasett.exe, 00000001.00000002.2914870560.00007FFDFB20F000.00000002.00000001.01000000.0000000C.sdmp, datasett.exe, 00000006.00000002.1758697606.00007FFDFA91F000.00000002.00000001.01000000.00000022.sdmp
Source:	Binary string: d:\a01\_work\4\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: datasett.exe, 00000000.00000003.1667214039.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2917766399.00007FFE1A481000.00000002.00000001.01000000.00000005.sdmp, datasett.exe, 00000005.00000003.1716510320.000001D3521D3000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1761534002.00007FFE101E1000.00000002.00000001.01000000.0000001B.sdmp
Source:	Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-39\Release\pywintypes.pdb** source: datasett.exe, 00000001.00000002.2915941722.00007FFE0E170000.00000002.00000001.01000000.00000017.sdmp, datasett.exe, 00000006.00000002.1759754239.00007FFE001B0000.00000002.00000001.01000000.0000002D.sdmp
Source:	Binary string: SpeechUX.pdbGCTL source: SpeechUX.dll.5.dr
Source:	Binary string: MSTTSLoc.pdb source: MSTTSLoc.dll.0.dr
Source:	Binary string: D:\_w\1\b\bin\amd64\_ctypes.pdb source: datasett.exe, 00000001.00000002.2916894677.00007FFE11ED1000.00000002.00000001.01000000.00000006.sdmp, datasett.exe, 00000006.00000002.1760911705.00007FFE0CFD1000.00000002.00000001.01000000.0000001C.sdmp, _ctypes.pyd.5.dr
Source:	Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-39\Release\win32api.pdb source: datasett.exe, 00000001.00000002.2915837657.00007FFE0E143000.00000002.00000001.01000000.00000019.sdmp, datasett.exe, 00000006.00000002.1759648415.00007FFE00183000.00000002.00000001.01000000.0000002F.sdmp, win32api.pyd.0.dr, win32api.pyd.5.dr
Source:	Binary string: D:\_w\1\b\libssl-1_1.pdb@@ source: datasett.exe, 00000001.00000002.2915687874.00007FFE01445000.00000002.00000001.01000000.0000000D.sdmp, datasett.exe, 00000006.00000002.1760119655.00007FFE01395000.00000002.00000001.01000000.00000023.sdmp
Source:	Binary string: SpeechUXPS.pdbGCTL source: datasett.exe, 00000000.00000003.1676047096.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1731666439.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\_w\1\b\bin\amd64\_socket.pdb source: datasett.exe, 00000000.00000003.1668493540.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2917454297.00007FFE13309000.00000002.00000001.01000000.00000009.sdmp, datasett.exe, 00000005.00000003.1721954880.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1761102081.00007FFE0EB29000.00000002.00000001.01000000.0000001F.sdmp, _socket.pyd.5.dr, _socket.pyd.0.dr
Source:	Binary string: SpTip.pdb source: datasett.exe, 00000000.00000003.1675507745.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1730534935.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-39\Release\pywintypes.pdb source: datasett.exe, 00000001.00000002.2915941722.00007FFE0E170000.00000002.00000001.01000000.00000017.sdmp, datasett.exe, 00000006.00000002.1759754239.00007FFE001B0000.00000002.00000001.01000000.0000002D.sdmp
Source:	Binary string: D:\_w\1\b\bin\amd64\_decimal.pdb source: _decimal.pyd.0.dr
Source:	Binary string: D:\_w\1\b\bin\amd64\unicodedata.pdb source: datasett.exe, 00000000.00000003.1672614789.000002CBEB84F000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2914286336.00007FFDFAFAB000.00000002.00000001.01000000.00000012.sdmp, datasett.exe, 00000005.00000003.1727515209.000001D3521DE000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1759427402.00007FFDFBABB000.00000002.00000001.01000000.00000028.sdmp
Source:	Binary string: D:\_w\1\b\bin\amd64\python39.pdb source: datasett.exe, 00000001.00000002.2915271158.00007FFDFB643000.00000002.00000001.01000000.00000004.sdmp, datasett.exe, 00000006.00000002.1759072943.00007FFDFAD53000.00000002.00000001.01000000.0000001A.sdmp
Source:	Binary string: SpeechUXPS.pdb source: datasett.exe, 00000000.00000003.1676047096.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1731666439.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\_w\1\b\libcrypto-1_1.pdb source: datasett.exe, 00000001.00000002.2914870560.00007FFDFB291000.00000002.00000001.01000000.0000000C.sdmp, datasett.exe, 00000006.00000002.1758697606.00007FFDFA9A1000.00000002.00000001.01000000.00000022.sdmp

Source: datasett.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: datasett.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: datasett.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: datasett.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: datasett.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Binary contains a suspicious time stamp

Source: sapi.dll.0.dr

Static PE information: 0xFDA8E98A [Sun Nov 9 20:24:42 2104 UTC]

Contains functionality to dynamically determine API calls

Source: C:\Users\user\Desktop\datasett.exe

Code function: 1_2_61B01CC0 LoadLibraryA,GetProcAddress,GetCurrentThread,

1_2_61B01CC0

PE file contains an invalid checksum

Source: pywintypes39.dll.0.dr	Static PE information: real checksum: 0x0 should be: 0x224d8
Source: pyarmor_runtime.pyd.0.dr	Static PE information: real checksum: 0xa6f9d should be: 0x9903e
Source: win32api.pyd.0.dr	Static PE information: real checksum: 0x0 should be: 0x303a5
Source: win32event.pyd.5.dr	Static PE information: real checksum: 0x0 should be: 0x76e6
Source: md__mypyc.cp39-win_amd64.pyd.5.dr	Static PE information: real checksum: 0x0 should be: 0x2a468
Source: pyarmor_runtime.pyd0.5.dr	Static PE information: real checksum: 0xa6f9d should be: 0x9903e
Source: pywintypes39.dll.5.dr	Static PE information: real checksum: 0x0 should be: 0x224d8
Source: pyarmor_runtime.pyd.5.dr	Static PE information: real checksum: 0xa6f9d should be: 0x9903e
Source: win32event.pyd.0.dr	Static PE information: real checksum: 0x0 should be: 0x76e6
Source: win32api.pyd.5.dr	Static PE information: real checksum: 0x0 should be: 0x303a5
Source: pyarmor_runtime.pyd0.0.dr	Static PE information: real checksum: 0xa6f9d should be: 0x9903e
Source: md__mypyc.cp39-win_amd64.pyd.0.dr	Static PE information: real checksum: 0x0 should be: 0x2a468
Source: md.cp39-win_amd64.pyd.0.dr	Static PE information: real checksum: 0x0 should be: 0xa859
Source: md.cp39-win_amd64.pyd.5.dr	Static PE information: real checksum: 0x0 should be: 0xa859

PE file contains sections with non-standard names

Source: datasett.exe	Static PE information: section name: _RDATA
Source: libcrypto-1_1.dll.0.dr	Static PE information: section name: .00cfg
Source: libssl-1_1.dll.0.dr	Static PE information: section name: .00cfg
Source: VCRUNTIME140.dll.0.dr	Static PE information: section name: _RDATA
Source: sapi.dll.0.dr	Static PE information: section name: .didat
Source: SpeechUX.dll.0.dr	Static PE information: section name: .didat
Source: speechuxcpl.dll.0.dr	Static PE information: section name: .didat
Source: pyarmor_runtime.pyd.0.dr	Static PE information: section name: .xdata
Source: pyarmor_runtime.pyd0.0.dr	Static PE information: section name: .xdata
Source: speechuxcpl.dll.5.dr	Static PE information: section name: .didat
Source: VCRUNTIME140.dll.5.dr	Static PE information: section name: _RDATA
Source: libcrypto-1_1.dll.5.dr	Static PE information: section name: .00cfg
Source: libssl-1_1.dll.5.dr	Static PE information: section name: .00cfg
Source: sapi.dll.5.dr	Static PE information: section name: .didat
Source: SpeechUX.dll.5.dr	Static PE information: section name: .didat
Source: pyarmor_runtime.pyd.5.dr	Static PE information: section name: .xdata
Source: pyarmor_runtime.pyd0.5.dr	Static PE information: section name: .xdata

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\datasett.exe	Code function: 0_2_00007FF7996C10E4 push rcx; retn 0000h	0_2_00007FF7996C10ED
Source: C:\Users\user\Desktop\datasett.exe	Code function: 0_2_00007FF7996C10CC push rbp; retn 0000h	0_2_00007FF7996C10CD
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FF7996C10E4 push rcx; retn 0000h	1_2_00007FF7996C10ED
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FF7996C10CC push rbp; retn 0000h	1_2_00007FF7996C10CD

Persistence and Installation Behavior

Contains functionality to infect the boot sector

Source: C:\Users\user\Desktop\datasett.exe	Code function: memset,wsprintfA,CreateFileA,memset,DeviceIoControl,CloseHandle,isxdigit,isxdigit,isxdigit,isprint,memcpy,CloseHandle,strlen,memcpy, \\.\PhysicalDrive%d	1_2_61B12260
Source: C:\Users\user\Desktop\datasett.exe	Code function: _snprintf,_snprintf,CreateFileA,CreateFileA,GlobalAlloc,DeviceIoControl,GlobalFree,_snprintf,CreateFileA,GlobalAlloc,GlobalAlloc,GlobalAlloc,DeviceIoControl,GlobalFree,GlobalFree,GlobalFree,CloseHandle,GlobalFree,GlobalFree,GlobalFree,GlobalFree,CloseHandle, \\.\PhysicalDrive%d	1_2_61B11EB0
Source: C:\Users\user\Desktop\datasett.exe	Code function: memset,wsprintfA,CreateFileA,memset,DeviceIoControl,CloseHandle,isxdigit,isxdigit,isxdigit,isprint,memcpy,CloseHandle,strlen,memcpy, \\.\PhysicalDrive%d	6_2_61B12260
Source: C:\Users\user\Desktop\datasett.exe	Code function: _snprintf,_snprintf,CreateFileA,CreateFileA,GlobalAlloc,DeviceIoControl,GlobalFree,_snprintf,CreateFileA,GlobalAlloc,GlobalAlloc,GlobalAlloc,DeviceIoControl,GlobalFree,GlobalFree,GlobalFree,CloseHandle,GlobalFree,GlobalFree,GlobalFree,GlobalFree,CloseHandle, \\.\PhysicalDrive%d	6_2_61B11EB0

Found pyInstaller with non standard icon

Source: C:\Users\user\Desktop\datasett.exe	Process created: "C:\Users\user\Desktop\datasett.exe"
Source: C:\Users\user\Desktop\datasett.exe	Process created: C:\Users\user\Desktop\datasett.exe

Drops PE files

Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68642\VCRUNTIME140_1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\SpeechUX.dll	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\Engines\SR\spsreng.dll	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI50522\_queue.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\SpeechUXWiz.exe	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68642\libcrypto-1_1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\SpeechUXPS.DLL	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\Engines\TTS\MSTTSLoc.dll	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\Engines\SR\en-US\srloc.dll.mui	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68642\charset_normalizer\md.cp39-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI50522\win32api.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68642\_uuid.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68642\pywin32_system32\pywintypes39.dll	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68642\win32event.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\speechuxcpl.dll	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\en-US\sapi.cpl.mui	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\ru-RU\SpeechUXWiz.exe.mui	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI50522\_ssl.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68642\_hashlib.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68642\python39.dll	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\Common\en-US\sapi.dll.mui	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68642\_bz2.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68642\win32api.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\Engines\SR\spsrx.dll	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\en-US\SpeechUXWiz.exe.mui	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI50522\win32event.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\sapi.cpl	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI50522\_socket.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI50522\_uuid.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\en-US\SpeechUX.dll.mui	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68642\select.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68642\pyarmor_runtime.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\en-US\SpeechUXWiz.exe.mui	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\Common\sapi.dll	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI50522\pyarmor_runtime_000000\pyarmor_runtime.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68642\_decimal.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\en-US\SpeechUXRes.dll	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI50522\unicodedata.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\Engines\SR\spsreng.dll	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\ru-RU\speechuxcpl.dll.mui	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68642\libffi-7.dll	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\ru-RU\SpeechUXWiz.exe.mui	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI50522\charset_normalizer\md.cp39-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68642\VCRUNTIME140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68642\charset_normalizer\md__mypyc.cp39-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI50522\_ctypes.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68642\unicodedata.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\SPTIP.DLL	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\Engines\TTS\MSTTSEngine.dll	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI50522\python39.dll	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\Engines\SR\spsrx.dll	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\Engines\TTS\MSTTSLoc.dll	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\SpeechUXWiz.exe	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\speechuxcpl.dll	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\Engines\SR\en-US\srloc.dll.mui	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68642\_queue.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68642\_socket.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI50522\VCRUNTIME140_1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\en-US\SpeechUX.dll.mui	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\ru-RU\speechuxcpl.dll.mui	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\sapi.cpl	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI50522\libffi-7.dll	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\ru-RU\SpeechUX.dll.mui	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI50522\libssl-1_1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI50522\_lzma.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI50522\select.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\Common\sapi.dll	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\SpeechUXPS.DLL	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI50522\pyarmor_runtime.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\en-US\speechuxcpl.dll.mui	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI50522\libcrypto-1_1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68642\pyarmor_runtime_000000\pyarmor_runtime.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68642\_ssl.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI50522\_bz2.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\Engines\SR\srloc.dll	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI50522\_hashlib.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\Common\en-US\sapi.dll.mui	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\en-US\sapi.cpl.mui	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\SpeechUX.dll	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\Engines\TTS\MSTTSEngine.dll	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68642\libssl-1_1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI50522\charset_normalizer\md__mypyc.cp39-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\en-US\SpeechUXRes.dll	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\en-US\speechuxcpl.dll.mui	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\SPTIP.DLL	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI50522\pywin32_system32\pywintypes39.dll	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68642\_lzma.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\ru-RU\SpeechUX.dll.mui	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\Engines\SR\srloc.dll	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68642\_ctypes.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI50522\_decimal.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI50522\VCRUNTIME140.dll	Jump to dropped file

Drops files with a non-matching file extension (content does not match file extension)

Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\sapi.cpl			Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\sapi.cpl			Jump to dropped file

May use bcdedit to modify the Windows boot settings

Source: packs.sha256.5.dr

Binary or memory string: d8d4831a1bccbed23dca1847105b08745da677c852b05c5552a2651642ef4a3e en-US/bcdedit.exe.mui

Boot Survival

Contains functionality to infect the boot sector

Source: C:\Users\user\Desktop\datasett.exe	Code function: memset,wsprintfA,CreateFileA,memset,DeviceIoControl,CloseHandle,isxdigit,isxdigit,isxdigit,isprint,memcpy,CloseHandle,strlen,memcpy, \\.\PhysicalDrive%d	1_2_61B12260
Source: C:\Users\user\Desktop\datasett.exe	Code function: _snprintf,_snprintf,CreateFileA,CreateFileA,GlobalAlloc,DeviceIoControl,GlobalFree,_snprintf,CreateFileA,GlobalAlloc,GlobalAlloc,GlobalAlloc,DeviceIoControl,GlobalFree,GlobalFree,GlobalFree,CloseHandle,GlobalFree,GlobalFree,GlobalFree,GlobalFree,CloseHandle, \\.\PhysicalDrive%d	1_2_61B11EB0
Source: C:\Users\user\Desktop\datasett.exe	Code function: memset,wsprintfA,CreateFileA,memset,DeviceIoControl,CloseHandle,isxdigit,isxdigit,isxdigit,isprint,memcpy,CloseHandle,strlen,memcpy, \\.\PhysicalDrive%d	6_2_61B12260
Source: C:\Users\user\Desktop\datasett.exe	Code function: _snprintf,_snprintf,CreateFileA,CreateFileA,GlobalAlloc,DeviceIoControl,GlobalFree,_snprintf,CreateFileA,GlobalAlloc,GlobalAlloc,GlobalAlloc,DeviceIoControl,GlobalFree,GlobalFree,GlobalFree,CloseHandle,GlobalFree,GlobalFree,GlobalFree,GlobalFree,CloseHandle, \\.\PhysicalDrive%d	6_2_61B11EB0

Uses schtasks.exe or at.exe to add and modify task schedules

Source: C:\Windows\System32\cmd.exe

Process created: C:\Windows\System32\schtasks.exe schtasks /create /sc MINUTE /mo 15 /tn "VirboUpd" /tr "C:\Users\user\Desktop\datasett.exe" /f

Extensive use of GetProcAddress (often used to hide API calls)

Source: C:\Users\user\Desktop\datasett.exe

Code function: 0_2_00007FF799673DF0 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

0_2_00007FF799673DF0

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\Desktop\datasett.exe

Code function: 1_2_00007FFDFAFC32F6 rdtsc

1_2_00007FFDFAFC32F6

Found dropped PE file which has not been started or loaded

Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\SpeechUX.dll	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\Engines\SR\spsreng.dll	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\_queue.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\SpeechUXWiz.exe	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\SpeechUXPS.DLL	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\Engines\TTS\MSTTSLoc.dll	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\Engines\SR\en-US\srloc.dll.mui	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\charset_normalizer\md.cp39-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\win32api.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\_uuid.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\speechuxcpl.dll	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\win32event.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\en-US\sapi.cpl.mui	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\ru-RU\SpeechUXWiz.exe.mui	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\_ssl.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\_hashlib.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\python39.dll	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\Common\en-US\sapi.dll.mui	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\_bz2.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\win32api.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\Engines\SR\spsrx.dll	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\win32event.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\en-US\SpeechUXWiz.exe.mui	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\_socket.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\sapi.cpl	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\en-US\SpeechUX.dll.mui	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\_uuid.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\select.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\Common\sapi.dll	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\pyarmor_runtime.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\en-US\SpeechUXWiz.exe.mui	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\pyarmor_runtime_000000\pyarmor_runtime.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\_decimal.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\Engines\SR\spsreng.dll	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\unicodedata.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\en-US\SpeechUXRes.dll	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\ru-RU\speechuxcpl.dll.mui	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\charset_normalizer\md.cp39-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\ru-RU\SpeechUXWiz.exe.mui	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\charset_normalizer\md__mypyc.cp39-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\_ctypes.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\unicodedata.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\SPTIP.DLL	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\Engines\TTS\MSTTSEngine.dll	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\python39.dll	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\Engines\SR\spsrx.dll	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\Engines\TTS\MSTTSLoc.dll	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\SpeechUXWiz.exe	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\speechuxcpl.dll	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\Engines\SR\en-US\srloc.dll.mui	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\_socket.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\_queue.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\sapi.cpl	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\ru-RU\speechuxcpl.dll.mui	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\en-US\SpeechUX.dll.mui	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\ru-RU\SpeechUX.dll.mui	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\_lzma.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\select.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\Common\sapi.dll	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\SpeechUXPS.DLL	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\pyarmor_runtime.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\en-US\speechuxcpl.dll.mui	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\pyarmor_runtime_000000\pyarmor_runtime.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\_ssl.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\_bz2.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\Engines\SR\srloc.dll	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\_hashlib.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\Common\en-US\sapi.dll.mui	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\en-US\sapi.cpl.mui	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\SpeechUX.dll	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\Engines\TTS\MSTTSEngine.dll	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\charset_normalizer\md__mypyc.cp39-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\en-US\SpeechUXRes.dll	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\en-US\speechuxcpl.dll.mui	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\SPTIP.DLL	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\_lzma.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\ru-RU\SpeechUX.dll.mui	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\Engines\SR\srloc.dll	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\_ctypes.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\_decimal.pyd	Jump to dropped file

Found large amount of non-executed APIs

Source: C:\Users\user\Desktop\datasett.exe	API coverage: 2.9 %
Source: C:\Users\user\Desktop\datasett.exe	API coverage: 1.4 %

Sample execution stops while process was sleeping (likely an evasion)

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: C:\Users\user\Desktop\datasett.exe	Code function: 0_2_00007FF7996909B4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,	0_2_00007FF7996909B4
Source: C:\Users\user\Desktop\datasett.exe	Code function: 0_2_00007FF799686714 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,	0_2_00007FF799686714
Source: C:\Users\user\Desktop\datasett.exe	Code function: 0_2_00007FF799686714 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,	0_2_00007FF799686714
Source: C:\Users\user\Desktop\datasett.exe	Code function: 0_2_00007FF799677820 FindFirstFileExW,FindClose,	0_2_00007FF799677820
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FF7996909B4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,	1_2_00007FF7996909B4
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FF799686714 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,	1_2_00007FF799686714
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FF799686714 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,	1_2_00007FF799686714
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FF799677820 FindFirstFileExW,FindClose,	1_2_00007FF799677820
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D3229 _errno,malloc,_errno,memset,MultiByteToWideChar,GetLastError,MultiByteToWideChar,MultiByteToWideChar,free,_errno,FindFirstFileW,_errno,FindNextFileW,WideCharToMultiByte,	6_2_00007FFDFA6D3229
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE00173740 _PyArg_ParseTuple_SizeT,?PyWinObject_AsWCHAR@@YAHPEAU_object@@PEAPEA_WHPEAK@Z,PyList_New,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,FindFirstFileW,GetLastError,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,?PyObject_FromWIN32_FIND_DATAW@@YAPEAU_object@@PEAU_WIN32_FIND_DATAW@@@Z,PyList_Append,_Py_Dealloc,FindNextFileW,GetLastError,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,FindClose,_Py_Dealloc,	6_2_00007FFE00173740

Source: C:\Users\user\Desktop\datasett.exe

6_2_00007FFE001755D0

Source: C:\Users\user\Desktop\datasett.exe

Code function: 6_2_00007FFE0017FC68 VirtualQuery,GetSystemInfo,

6_2_00007FFE0017FC68

Source: datasett.exe, 00000000.00000003.1678475049.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1736892802.000001D3521D8000.00000004.00000020.00020000.00000000.sdmp, cacert.pem.0.dr	Binary or memory string: j2aTPs+9xYa9+bG3tD60B8jzljHz7aRP+KNOjSkVWLjVb3/ubCK1sK9IRQq9qEmU
Source: datasett.exe, 00000006.00000002.1755865343.000002884E32B000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1753742679.000002884E325000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1754885711.000002884E32A000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1753458207.000002884E30D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW) --%SystemRoot%\system32\mswsock.dllableSequence.insertc
Source: datasett.exe, 00000000.00000003.1675300626.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1730118682.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, MSTTSLoc.dll.0.dr	Binary or memory string: .?AVCRegistryVirtualMachine@ATL@@
Source: datasett.exe	Binary or memory string: jqEMu
Source: datasett.exe, 00000001.00000002.2912355486.000001CA10A40000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: packs.sha256.5.dr	Binary or memory string: bb2f0ec2251002a1f4162013a2357425d1de8e69ab8ca122c2cefe54f5b24500 en-US/vmdebug.dll.mui
Source: cacert.pem.0.dr	Binary or memory string: zJVSk/BwJVmcIGfE7vmLV2H0knZ9P4SNVbfo5azV8fUZVqZa+5Acr5Pr5RzUZ5dd

Anti Debugging

Potentially malicious time measurement code found

Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D572C		6_2_00007FFDFA6D572C
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D4241		6_2_00007FFDFA6D4241

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\Desktop\datasett.exe

Code function: 1_2_00007FFDFAFC32F6 rdtsc

1_2_00007FFDFAFC32F6

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Source: C:\Users\user\Desktop\datasett.exe

Code function: 0_2_00007FF799689AE4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_00007FF799689AE4

Contains functionality to dynamically determine API calls

Source: C:\Users\user\Desktop\datasett.exe

Code function: 1_2_61B01CC0 LoadLibraryA,GetProcAddress,GetCurrentThread,

1_2_61B01CC0

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Source: C:\Users\user\Desktop\datasett.exe

Code function: 0_2_00007FF7996925A0 GetProcessHeap,

0_2_00007FF7996925A0

Source: C:\Users\user\Desktop\datasett.exe	Code function: 0_2_00007FF799689AE4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00007FF799689AE4
Source: C:\Users\user\Desktop\datasett.exe	Code function: 0_2_00007FF79967B69C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00007FF79967B69C
Source: C:\Users\user\Desktop\datasett.exe	Code function: 0_2_00007FF79967AE00 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_00007FF79967AE00
Source: C:\Users\user\Desktop\datasett.exe	Code function: 0_2_00007FF79967B880 SetUnhandledExceptionFilter,	0_2_00007FF79967B880
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_61B7D400 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,abort,	1_2_61B7D400
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FF799689AE4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	1_2_00007FF799689AE4
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FF79967B69C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	1_2_00007FF79967B69C
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FF79967AE00 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	1_2_00007FF79967AE00
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FF79967B880 SetUnhandledExceptionFilter,	1_2_00007FF79967B880
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAEA3310 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	1_2_00007FFDFAEA3310
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAEA2994 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	1_2_00007FFDFAEA2994
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAEA34F8 SetUnhandledExceptionFilter,	1_2_00007FFDFAEA34F8
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC5A1F IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	1_2_00007FFDFAFC5A1F
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_61B7D400 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,abort,	6_2_61B7D400
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D5A1F IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	6_2_00007FFDFA6D5A1F
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFB9B2994 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	6_2_00007FFDFB9B2994
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFB9B3310 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	6_2_00007FFDFB9B3310
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFB9B34F8 SetUnhandledExceptionFilter,	6_2_00007FFDFB9B34F8
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE00180CBC SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	6_2_00007FFE00180CBC
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE001818C0 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	6_2_00007FFE001818C0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE00181AA8 SetUnhandledExceptionFilter,	6_2_00007FFE00181AA8
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE001AF8AC SetUnhandledExceptionFilter,	6_2_00007FFE001AF8AC
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE001AE5AC SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	6_2_00007FFE001AE5AC
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE001AF6C4 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	6_2_00007FFE001AF6C4
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE00743CF8 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	6_2_00007FFE00743CF8
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE00743EE0 SetUnhandledExceptionFilter,	6_2_00007FFE00743EE0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE00743374 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	6_2_00007FFE00743374
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01303818 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	6_2_00007FFE01303818
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01303250 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	6_2_00007FFE01303250

Contains functionality to simulate keystroke presses

Source: C:\Users\user\Desktop\datasett.exe

Code function: 6_2_00007FFE0017DC70 _PyArg_ParseTuple_SizeT,PyEval_SaveThread,keybd_event,PyEval_RestoreThread,_Py_NoneStruct,_Py_NoneStruct,

6_2_00007FFE0017DC70

Contains functionality to simulate mouse events

Source: C:\Users\user\Desktop\datasett.exe

Code function: 6_2_00007FFE0017DD10 _PyArg_ParseTuple_SizeT,PyEval_SaveThread,mouse_event,PyEval_RestoreThread,_Py_NoneStruct,_Py_NoneStruct,

6_2_00007FFE0017DD10

Creates a process in suspended mode (likely to inject code)

Source: C:\Users\user\Desktop\datasett.exe	Process created: C:\Users\user\Desktop\datasett.exe "C:\Users\user\Desktop\datasett.exe"	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c schtasks /create /sc MINUTE /mo 15 /tn "VirboUpd" /tr "C:\Users\user\Desktop\datasett.exe" /f	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks /create /sc MINUTE /mo 15 /tn "VirboUpd" /tr "C:\Users\user\Desktop\datasett.exe" /f	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Process created: C:\Users\user\Desktop\datasett.exe C:\Users\user\Desktop\datasett.exe	Jump to behavior

Source: C:\Users\user\Desktop\datasett.exe

Code function: 6_2_00007FFE001A7D00 PyArg_ParseTuple,PyExc_TypeError,PyErr_SetString,GetSecurityDescriptorDacl,free,SetSecurityDescriptorDacl,GetSecurityDescriptorOwner,free,GetSecurityDescriptorGroup,free,free,free,

6_2_00007FFE001A7D00

Source: C:\Users\user\Desktop\datasett.exe

Code function: 6_2_00007FFE001A8B80 _PyArg_ParseTuple_SizeT,PyErr_Clear,_PyArg_ParseTuple_SizeT,PyErr_Clear,_PyArg_ParseTuple_SizeT,PySequence_Check,PyExc_TypeError,PyErr_SetString,PySequence_Size,PySequence_Tuple,_PyArg_ParseTuple_SizeT,_Py_Dealloc,AllocateAndInitializeSid,PyExc_ValueError,PyErr_SetString,_Py_NewReference,malloc,memset,memcpy,

6_2_00007FFE001A8B80

Source: SpeechUX.dll.5.dr

Binary or memory string: EnableFocusWarningMS:SpeechTopLevelProgmanWorkerWButtonShell_TrayWndSidebar_AppBarWindowSELECT TOP 10000 System.DateModified, System.ItemUrl, System.Search.AutoSummary FROM SystemIndex..scope() WHERE System.DateModified > '%d/%d/%d %d:%d:%d' and (System.ItemType = '.doc' or System.ItemType='.docx' or System.Message.MessageClass='MAPI/IPM.Note') and (NOT Contains(System.Shell.SFGAOFlagsStrings, 'hidden')) ORDER BY System.DateModifiedApplication=WindowsSearch.CollatorDSOfile:csc:file:/Row: %s, %s

Contains functionality to query CPU information (cpuid)

Source: C:\Users\user\Desktop\datasett.exe

Code function: 0_2_00007FF7996989B0 cpuid

0_2_00007FF7996989B0

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\charset_normalizer VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\Engines VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\Engines VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\Engines\SR VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\_ctypes.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\pywin32_system32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\pyarmor_runtime_000000 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\pyarmor_runtime_000000 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\pyarmor_runtime_000000 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\pyarmor_runtime_000000\pyarmor_runtime.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\_socket.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\select.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\_ssl.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\pywin32_system32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\pywin32_system32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\pywin32_system32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\_hashlib.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\_queue.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\pywin32_system32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\pywin32_system32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\pywin32_system32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\charset_normalizer VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\charset_normalizer VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\charset_normalizer VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\charset_normalizer\md.cp39-win_amd64.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\charset_normalizer VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\charset_normalizer\md__mypyc.cp39-win_amd64.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\unicodedata.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\pywin32_system32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\pywin32_system32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\_bz2.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\_lzma.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\pywin32_system32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\pywin32_system32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\pywin32_system32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\pywin32_system32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\_uuid.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\win32event.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\win32api.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\pywin32_system32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\pywin32_system32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\certifi\cacert.pem VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\certifi\cacert.pem VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\certifi\cacert.pem VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\charset_normalizer VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\Engines VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\Engines VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\en-US VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\en-US VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\_ctypes.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\pywin32_system32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\pyarmor_runtime_000000 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\pyarmor_runtime_000000 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\pyarmor_runtime_000000 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\pyarmor_runtime_000000\pyarmor_runtime.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\_socket.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\select.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\_ssl.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\pywin32_system32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\pywin32_system32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\pywin32_system32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\_hashlib.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\_queue.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\pywin32_system32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\pywin32_system32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\charset_normalizer VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\charset_normalizer VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\charset_normalizer VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\charset_normalizer\md.cp39-win_amd64.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\charset_normalizer VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\datasett.exe

Code function: 0_2_00007FF79967B580 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_00007FF79967B580

Source: C:\Users\user\Desktop\datasett.exe

Code function: 6_2_00007FFE001743D0 _PyArg_ParseTuple_SizeT,GetUserNameW,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,?PyWinObject_FromOLECHAR@@YAPEAU_object@@PEB_W@Z,

6_2_00007FFE001743D0

Source: C:\Users\user\Desktop\datasett.exe

Code function: 0_2_00007FF799694E20 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,

0_2_00007FF799694E20

Source: C:\Users\user\Desktop\datasett.exe

Code function: 6_2_00007FFE00177A20 _PyArg_ParseTuple_SizeT,GetVersion,_Py_BuildValue_SizeT,

6_2_00007FFE00177A20

Source: C:\Users\user\Desktop\datasett.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC2B5D bind,WSAGetLastError,		1_2_00007FFDFAFC2B5D
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D2B5D bind,WSAGetLastError,		6_2_00007FFDFA6D2B5D

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
104.26.3.46	iplogger.org	United States		13335	CLOUDFLARENETUS	false

Contacted Domains

Name	IP	Active
iplogger.org	104.26.3.46	true

AV Detection

Antivirus / Scanner detection for submitted sample

Source: datasett.exe

Avira: detected

Multi AV Scanner detection for submitted file

Source: datasett.exe

ReversingLabs: Detection: 34%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 99.2% probability

Uses Microsoft's Enhanced Cryptographic Provider

Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_61B21CC0 PyCMethod_New,CryptAcquireContextA,CryptAcquireContextA,CryptAcquireContextA,CryptGenRandom,CryptReleaseContext,clock,clock,clock,clock,CryptReleaseContext,	1_2_61B21CC0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_61B21CC0 PyCMethod_New,CryptAcquireContextA,CryptAcquireContextA,CryptAcquireContextA,CryptGenRandom,CryptReleaseContext,clock,clock,clock,clock,CryptReleaseContext,	6_2_61B21CC0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE013461A0 ERR_put_error,CRYPTO_free,ERR_put_error,BUF_MEM_free,EVP_MD_CTX_free,X509_free,X509_VERIFY_PARAM_move_peername,CRYPTO_free,	6_2_00007FFE013461A0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE0133E1B0 CRYPTO_THREAD_run_once,	6_2_00007FFE0133E1B0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01360160 CRYPTO_memdup,CRYPTO_memdup,CRYPTO_memdup,CRYPTO_free,CRYPTO_free,CRYPTO_free,	6_2_00007FFE01360160
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01322365 CRYPTO_free,CRYPTO_malloc,ERR_put_error,memcpy,	6_2_00007FFE01322365
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01338210 EVP_PKEY_CTX_new,EVP_PKEY_derive_init,EVP_PKEY_derive_set_peer,EVP_PKEY_derive,CRYPTO_malloc,EVP_PKEY_derive,CRYPTO_clear_free,EVP_PKEY_CTX_free,	6_2_00007FFE01338210
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE0132E220 CRYPTO_malloc,	6_2_00007FFE0132E220
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE0135A1E0 CRYPTO_memcmp,	6_2_00007FFE0135A1E0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE013361F0 CRYPTO_free,	6_2_00007FFE013361F0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE0137C080 CRYPTO_memcmp,	6_2_00007FFE0137C080
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE013240AA BIO_get_data,BIO_get_init,BIO_clear_flags,BIO_set_init,CRYPTO_free,CRYPTO_zalloc,ERR_put_error,BIO_set_init,BIO_clear_flags,BIO_get_data,BIO_set_shutdown,BIO_push,BIO_set_next,BIO_up_ref,BIO_set_init,	6_2_00007FFE013240AA
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE013360B8 CRYPTO_free,CRYPTO_strdup,	6_2_00007FFE013360B8
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE0133C070 CRYPTO_zalloc,ERR_put_error,CRYPTO_THREAD_lock_new,ERR_put_error,CRYPTO_free,	6_2_00007FFE0133C070
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01322216 CRYPTO_malloc,ERR_put_error,memcpy,CRYPTO_free,CRYPTO_free,	6_2_00007FFE01322216
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01321050 EVP_PKEY_free,BN_num_bits,BN_bn2bin,EVP_PKEY_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,CRYPTO_clear_free,CRYPTO_clear_free,	6_2_00007FFE01321050
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE013221BC _time64,CRYPTO_free,CRYPTO_malloc,EVP_sha256,EVP_Digest,EVP_MD_size,CRYPTO_free,CRYPTO_free,	6_2_00007FFE013221BC
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01321E79 CRYPTO_free,CRYPTO_malloc,	6_2_00007FFE01321E79
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE013215C8 EVP_MD_CTX_new,EVP_PKEY_size,CRYPTO_malloc,EVP_DigestSignInit,RSA_pkey_ctx_ctrl,RSA_pkey_ctx_ctrl,EVP_DigestUpdate,EVP_DigestSignFinal,EVP_DigestSign,BUF_reverse,CRYPTO_free,EVP_MD_CTX_free,CRYPTO_free,EVP_MD_CTX_free,	6_2_00007FFE013215C8
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01370350 CRYPTO_free,CRYPTO_free,CRYPTO_strndup,	6_2_00007FFE01370350
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE013222C0 CRYPTO_zalloc,CRYPTO_zalloc,OBJ_nid2sn,EVP_get_digestbyname,CRYPTO_free,CRYPTO_free,ERR_put_error,	6_2_00007FFE013222C0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01328410 CRYPTO_zalloc,ERR_put_error,	6_2_00007FFE01328410
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01321BC7 CRYPTO_strdup,CRYPTO_free,	6_2_00007FFE01321BC7
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01360430 CRYPTO_free,CRYPTO_free,	6_2_00007FFE01360430
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01321FB9 CRYPTO_free,	6_2_00007FFE01321FB9
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01321131 CRYPTO_free,	6_2_00007FFE01321131
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01380250 EVP_PKEY_get0_RSA,RSA_size,CRYPTO_malloc,RAND_priv_bytes,CRYPTO_free,	6_2_00007FFE01380250
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01321CB7 CRYPTO_clear_free,	6_2_00007FFE01321CB7
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01321523 CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,	6_2_00007FFE01321523
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01342310 CRYPTO_free,CRYPTO_free,OPENSSL_sk_pop_free,CRYPTO_free,	6_2_00007FFE01342310
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE0136833B CRYPTO_clear_free,	6_2_00007FFE0136833B
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01321B7C CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,	6_2_00007FFE01321B7C
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01321AC3 CRYPTO_malloc,ERR_put_error,CRYPTO_free,	6_2_00007FFE01321AC3
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01388570 CRYPTO_free,CRYPTO_malloc,ERR_put_error,	6_2_00007FFE01388570
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01354630 CRYPTO_THREAD_write_lock,OPENSSL_LH_retrieve,OPENSSL_LH_delete,CRYPTO_THREAD_unlock,	6_2_00007FFE01354630
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01324487 CRYPTO_zalloc,ERR_put_error,BIO_set_init,BIO_set_data,BIO_clear_flags,	6_2_00007FFE01324487
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01321F0F CRYPTO_free,	6_2_00007FFE01321F0F
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE0132135C memcpy,CRYPTO_THREAD_read_lock,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,	6_2_00007FFE0132135C
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE0135A460 CRYPTO_free,CRYPTO_memdup,	6_2_00007FFE0135A460
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01321762 ERR_put_error,CRYPTO_realloc,CRYPTO_realloc,ERR_put_error,	6_2_00007FFE01321762
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE013284C0 CRYPTO_zalloc,ERR_put_error,BUF_MEM_grow,	6_2_00007FFE013284C0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE0132240F CRYPTO_free,BIO_clear_flags,BIO_set_flags,BIO_snprintf,ERR_add_error_data,memcpy,	6_2_00007FFE0132240F
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01321F32 CRYPTO_free,CRYPTO_malloc,RAND_bytes,	6_2_00007FFE01321F32
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE0134C790 CRYPTO_zalloc,CRYPTO_zalloc,OBJ_nid2sn,EVP_get_digestbyname,CRYPTO_free,CRYPTO_free,ERR_put_error,	6_2_00007FFE0134C790
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE013727B0 EVP_CIPHER_CTX_free,EVP_MD_CTX_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,memcpy,	6_2_00007FFE013727B0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01380760 BN_bin2bn,BN_ucmp,BN_is_zero,CRYPTO_free,CRYPTO_strdup,	6_2_00007FFE01380760
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01321BDB EVP_MD_size,RAND_bytes,_time64,CRYPTO_free,CRYPTO_memdup,	6_2_00007FFE01321BDB
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE0132214E CRYPTO_free,CRYPTO_free,CRYPTO_free_ex_data,OPENSSL_LH_free,X509_STORE_free,CTLOG_STORE_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OPENSSL_sk_free,ENGINE_finish,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_secure_free,CRYPTO_THREAD_lock_free,CRYPTO_free,	6_2_00007FFE0132214E
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01321393 OPENSSL_sk_new_null,d2i_X509,CRYPTO_free,OPENSSL_sk_push,CRYPTO_free,ERR_clear_error,OPENSSL_sk_value,X509_get0_pubkey,X509_free,X509_up_ref,X509_free,OPENSSL_sk_pop_free,	6_2_00007FFE01321393
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE013787F0 CRYPTO_memcmp,	6_2_00007FFE013787F0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE0132132A CRYPTO_THREAD_read_lock,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,memset,	6_2_00007FFE0132132A
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE0135A680 EVP_PKEY_get1_tls_encodedpoint,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,	6_2_00007FFE0135A680
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01322225 CRYPTO_free,	6_2_00007FFE01322225
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE013246B0 BIO_get_data,BIO_get_shutdown,BIO_get_init,BIO_clear_flags,BIO_set_init,CRYPTO_free,	6_2_00007FFE013246B0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE0132101E CRYPTO_free,CRYPTO_free,	6_2_00007FFE0132101E
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01321C03 CRYPTO_malloc,memset,memcpy,memcpy,CRYPTO_clear_free,CRYPTO_clear_free,CRYPTO_clear_free,CRYPTO_clear_free,OPENSSL_cleanse,	6_2_00007FFE01321C03
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE013606C0 CRYPTO_memcmp,	6_2_00007FFE013606C0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01321DBB BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,CRYPTO_strdup,CRYPTO_strdup,ERR_put_error,CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,	6_2_00007FFE01321DBB
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01328980 CRYPTO_free,	6_2_00007FFE01328980
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01321FCD CRYPTO_malloc,ERR_put_error,CRYPTO_free,CRYPTO_free,CRYPTO_free,	6_2_00007FFE01321FCD
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01368947 CRYPTO_malloc,	6_2_00007FFE01368947
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01380950 OPENSSL_sk_new_null,d2i_X509,CRYPTO_free,CRYPTO_memcmp,OPENSSL_sk_push,OPENSSL_sk_num,CRYPTO_free,X509_free,OPENSSL_sk_pop_free,OPENSSL_sk_value,X509_get0_pubkey,X509_free,OPENSSL_sk_shift,OPENSSL_sk_pop_free,	6_2_00007FFE01380950
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE0134CA20 ERR_put_error,CRYPTO_realloc,CRYPTO_realloc,ERR_put_error,	6_2_00007FFE0134CA20
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE013609E0 CRYPTO_free,CRYPTO_memdup,	6_2_00007FFE013609E0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE0133A9F0 CRYPTO_THREAD_run_once,	6_2_00007FFE0133A9F0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE0133C8B0 OPENSSL_sk_num,X509_STORE_CTX_new,ERR_put_error,OPENSSL_sk_value,X509_STORE_CTX_init,ERR_put_error,X509_STORE_CTX_free,X509_STORE_CTX_set_flags,CRYPTO_THREAD_run_once,X509_STORE_CTX_set_ex_data,OPENSSL_sk_num,X509_STORE_CTX_set0_dane,X509_STORE_CTX_set_default,X509_VERIFY_PARAM_set1,X509_STORE_CTX_set_verify_cb,X509_verify_cert,X509_STORE_CTX_get_error,OPENSSL_sk_pop_free,X509_STORE_CTX_get0_chain,X509_STORE_CTX_get1_chain,ERR_put_error,X509_VERIFY_PARAM_move_peername,X509_STORE_CTX_free,	6_2_00007FFE0133C8B0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01321D5C CRYPTO_clear_free,	6_2_00007FFE01321D5C
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01322464 CRYPTO_malloc,memcpy,	6_2_00007FFE01322464
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE0134C930 CRYPTO_free,CRYPTO_free,	6_2_00007FFE0134C930
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01378BA0 CRYPTO_free,CRYPTO_memdup,	6_2_00007FFE01378BA0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01321479 CRYPTO_free,CRYPTO_free,CRYPTO_memdup,	6_2_00007FFE01321479
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE0132163B CRYPTO_free,CRYPTO_malloc,	6_2_00007FFE0132163B
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01321195 CRYPTO_malloc,ERR_put_error,memcpy,CRYPTO_free,CRYPTO_free,	6_2_00007FFE01321195
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE0136CB60 EVP_CIPHER_CTX_free,CRYPTO_free,CRYPTO_free,	6_2_00007FFE0136CB60
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01322306 CRYPTO_memcmp,memchr,CRYPTO_free,CRYPTO_free,CRYPTO_strndup,	6_2_00007FFE01322306
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01321924 BN_copy,BN_free,BN_dup,BN_copy,BN_free,BN_dup,BN_copy,BN_free,BN_dup,BN_copy,BN_free,CRYPTO_free,CRYPTO_strdup,	6_2_00007FFE01321924
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01321078 CRYPTO_free,	6_2_00007FFE01321078
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01360BD0 CRYPTO_free,CRYPTO_strndup,	6_2_00007FFE01360BD0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE0134CBE0 ERR_put_error,ERR_put_error,ERR_put_error,EVP_MD_size,ERR_put_error,ERR_put_error,ERR_put_error,CRYPTO_zalloc,CRYPTO_malloc,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_put_error,memcpy,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_insert,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_put_error,EVP_PKEY_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,d2i_X509,X509_get0_pubkey,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,X509_free,OPENSSL_sk_new_null,OPENSSL_sk_push,ERR_put_error,X509_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_put_error,ERR_put_error,	6_2_00007FFE0134CBE0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01354A90 CRYPTO_zalloc,ERR_put_error,_time64,CRYPTO_THREAD_lock_new,ERR_put_error,CRYPTO_free,CRYPTO_new_ex_data,CRYPTO_THREAD_lock_free,CRYPTO_THREAD_read_lock,CRYPTO_THREAD_read_lock,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,memset,CRYPTO_free_ex_data,OPENSSL_cleanse,OPENSSL_cleanse,X509_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_clear_free,memcpy,	6_2_00007FFE01354A90
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01358A60 CRYPTO_zalloc,CRYPTO_free,	6_2_00007FFE01358A60
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE0136AB30 EVP_PKEY_get1_tls_encodedpoint,CRYPTO_free,EVP_PKEY_free,	6_2_00007FFE0136AB30

Source: datasett.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE

Source:	Binary string: D:\_w\1\b\bin\amd64\_decimal.pdb## source: _decimal.pyd.0.dr
Source:	Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-39\Release\win32event.pdb source: datasett.exe, 00000000.00000003.1673033158.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2916641506.00007FFE11BB5000.00000002.00000001.01000000.00000016.sdmp, datasett.exe, 00000005.00000003.1727990973.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1760479789.00007FFE0C0A5000.00000002.00000001.01000000.0000002C.sdmp
Source:	Binary string: D:\_w\1\b\bin\amd64\_lzma.pdbMM source: datasett.exe, 00000000.00000003.1668275108.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2916066006.00007FFE0EB5D000.00000002.00000001.01000000.00000014.sdmp, datasett.exe, 00000005.00000003.1721207686.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1759850177.00007FFE0074D000.00000002.00000001.01000000.0000002A.sdmp, _lzma.pyd.5.dr
Source:	Binary string: D:\_w\1\b\bin\amd64\select.pdb source: datasett.exe, 00000000.00000003.1672434725.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2917570393.00007FFE148E4000.00000002.00000001.01000000.0000000A.sdmp, datasett.exe, 00000005.00000003.1727282533.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1761926164.00007FFE11074000.00000002.00000001.01000000.00000020.sdmp, select.pyd.5.dr, select.pyd.0.dr
Source:	Binary string: D:\_w\1\b\bin\amd64\_uuid.pdb source: datasett.exe, 00000000.00000003.1668777531.000002CBEB845000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2917028198.00007FFE120C3000.00000002.00000001.01000000.00000015.sdmp, datasett.exe, 00000005.00000003.1722333278.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1760668819.00007FFE0CF83000.00000002.00000001.01000000.0000002B.sdmp, _uuid.pyd.0.dr
Source:	Binary string: MSTTSLoc.pdbGCTL source: MSTTSLoc.dll.0.dr
Source:	Binary string: D:\_w\1\b\libssl-1_1.pdb source: datasett.exe, 00000001.00000002.2915687874.00007FFE01445000.00000002.00000001.01000000.0000000D.sdmp, datasett.exe, 00000006.00000002.1760119655.00007FFE01395000.00000002.00000001.01000000.00000023.sdmp
Source:	Binary string: D:\_w\1\b\bin\amd64\_bz2.pdb source: datasett.exe, 00000000.00000003.1667482511.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2916312250.00007FFE1030E000.00000002.00000001.01000000.00000013.sdmp, datasett.exe, 00000005.00000003.1716730085.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1760283252.00007FFE014CE000.00000002.00000001.01000000.00000029.sdmp
Source:	Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: datasett.exe, 00000001.00000002.2914870560.00007FFDFB20F000.00000002.00000001.01000000.0000000C.sdmp, datasett.exe, 00000006.00000002.1758697606.00007FFDFA91F000.00000002.00000001.01000000.00000022.sdmp
Source:	Binary string: SpeechUX.pdb source: SpeechUX.dll.5.dr
Source:	Binary string: D:\_w\1\b\bin\amd64\_queue.pdb source: datasett.exe, 00000000.00000003.1668412980.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2917339362.00007FFE130C3000.00000002.00000001.01000000.0000000F.sdmp, datasett.exe, 00000005.00000003.1721765801.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1761741700.00007FFE10233000.00000002.00000001.01000000.00000025.sdmp
Source:	Binary string: D:\_w\1\b\bin\amd64\_ssl.pdb source: datasett.exe, 00000001.00000002.2916407431.00007FFE1150D000.00000002.00000001.01000000.0000000B.sdmp, datasett.exe, 00000006.00000002.1760767373.00007FFE0CF9D000.00000002.00000001.01000000.00000021.sdmp, _ssl.pyd.5.dr
Source:	Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-39\Release\win32api.pdb!! source: datasett.exe, 00000001.00000002.2915837657.00007FFE0E143000.00000002.00000001.01000000.00000019.sdmp, datasett.exe, 00000006.00000002.1759648415.00007FFE00183000.00000002.00000001.01000000.0000002F.sdmp, win32api.pyd.0.dr, win32api.pyd.5.dr
Source:	Binary string: D:\_w\1\b\bin\amd64\_hashlib.pdb source: datasett.exe, 00000000.00000003.1668128706.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2916749884.00007FFE11EA7000.00000002.00000001.01000000.0000000E.sdmp, datasett.exe, 00000005.00000003.1720689626.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1760572192.00007FFE0C0B7000.00000002.00000001.01000000.00000024.sdmp
Source:	Binary string: SpTip.pdbGCTL source: datasett.exe, 00000000.00000003.1675507745.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1730534935.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\a01\_work\4\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: datasett.exe, 00000000.00000003.1667361976.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2916545747.00007FFE117E5000.00000002.00000001.01000000.00000018.sdmp, datasett.exe, 00000005.00000003.1716634961.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1760381109.00007FFE0B2C5000.00000002.00000001.01000000.0000002E.sdmp
Source:	Binary string: D:\_w\1\b\bin\amd64\_lzma.pdb source: datasett.exe, 00000000.00000003.1668275108.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2916066006.00007FFE0EB5D000.00000002.00000001.01000000.00000014.sdmp, datasett.exe, 00000005.00000003.1721207686.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1759850177.00007FFE0074D000.00000002.00000001.01000000.0000002A.sdmp, _lzma.pyd.5.dr
Source:	Binary string: in32event.pdb source: datasett.exe
Source:	Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1n 15 Mar 2022built on: Tue Mar 15 18:32:50 2022 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: datasett.exe, 00000001.00000002.2914870560.00007FFDFB20F000.00000002.00000001.01000000.0000000C.sdmp, datasett.exe, 00000006.00000002.1758697606.00007FFDFA91F000.00000002.00000001.01000000.00000022.sdmp
Source:	Binary string: d:\a01\_work\4\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: datasett.exe, 00000000.00000003.1667214039.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2917766399.00007FFE1A481000.00000002.00000001.01000000.00000005.sdmp, datasett.exe, 00000005.00000003.1716510320.000001D3521D3000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1761534002.00007FFE101E1000.00000002.00000001.01000000.0000001B.sdmp
Source:	Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-39\Release\pywintypes.pdb** source: datasett.exe, 00000001.00000002.2915941722.00007FFE0E170000.00000002.00000001.01000000.00000017.sdmp, datasett.exe, 00000006.00000002.1759754239.00007FFE001B0000.00000002.00000001.01000000.0000002D.sdmp
Source:	Binary string: SpeechUX.pdbGCTL source: SpeechUX.dll.5.dr
Source:	Binary string: MSTTSLoc.pdb source: MSTTSLoc.dll.0.dr
Source:	Binary string: D:\_w\1\b\bin\amd64\_ctypes.pdb source: datasett.exe, 00000001.00000002.2916894677.00007FFE11ED1000.00000002.00000001.01000000.00000006.sdmp, datasett.exe, 00000006.00000002.1760911705.00007FFE0CFD1000.00000002.00000001.01000000.0000001C.sdmp, _ctypes.pyd.5.dr
Source:	Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-39\Release\win32api.pdb source: datasett.exe, 00000001.00000002.2915837657.00007FFE0E143000.00000002.00000001.01000000.00000019.sdmp, datasett.exe, 00000006.00000002.1759648415.00007FFE00183000.00000002.00000001.01000000.0000002F.sdmp, win32api.pyd.0.dr, win32api.pyd.5.dr
Source:	Binary string: D:\_w\1\b\libssl-1_1.pdb@@ source: datasett.exe, 00000001.00000002.2915687874.00007FFE01445000.00000002.00000001.01000000.0000000D.sdmp, datasett.exe, 00000006.00000002.1760119655.00007FFE01395000.00000002.00000001.01000000.00000023.sdmp
Source:	Binary string: SpeechUXPS.pdbGCTL source: datasett.exe, 00000000.00000003.1676047096.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1731666439.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\_w\1\b\bin\amd64\_socket.pdb source: datasett.exe, 00000000.00000003.1668493540.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2917454297.00007FFE13309000.00000002.00000001.01000000.00000009.sdmp, datasett.exe, 00000005.00000003.1721954880.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1761102081.00007FFE0EB29000.00000002.00000001.01000000.0000001F.sdmp, _socket.pyd.5.dr, _socket.pyd.0.dr
Source:	Binary string: SpTip.pdb source: datasett.exe, 00000000.00000003.1675507745.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1730534935.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-39\Release\pywintypes.pdb source: datasett.exe, 00000001.00000002.2915941722.00007FFE0E170000.00000002.00000001.01000000.00000017.sdmp, datasett.exe, 00000006.00000002.1759754239.00007FFE001B0000.00000002.00000001.01000000.0000002D.sdmp
Source:	Binary string: D:\_w\1\b\bin\amd64\_decimal.pdb source: _decimal.pyd.0.dr
Source:	Binary string: D:\_w\1\b\bin\amd64\unicodedata.pdb source: datasett.exe, 00000000.00000003.1672614789.000002CBEB84F000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2914286336.00007FFDFAFAB000.00000002.00000001.01000000.00000012.sdmp, datasett.exe, 00000005.00000003.1727515209.000001D3521DE000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1759427402.00007FFDFBABB000.00000002.00000001.01000000.00000028.sdmp
Source:	Binary string: D:\_w\1\b\bin\amd64\python39.pdb source: datasett.exe, 00000001.00000002.2915271158.00007FFDFB643000.00000002.00000001.01000000.00000004.sdmp, datasett.exe, 00000006.00000002.1759072943.00007FFDFAD53000.00000002.00000001.01000000.0000001A.sdmp
Source:	Binary string: SpeechUXPS.pdb source: datasett.exe, 00000000.00000003.1676047096.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1731666439.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\_w\1\b\libcrypto-1_1.pdb source: datasett.exe, 00000001.00000002.2914870560.00007FFDFB291000.00000002.00000001.01000000.0000000C.sdmp, datasett.exe, 00000006.00000002.1758697606.00007FFDFA9A1000.00000002.00000001.01000000.00000022.sdmp

Source: C:\Users\user\Desktop\datasett.exe	Code function: 0_2_00007FF7996909B4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,	0_2_00007FF7996909B4
Source: C:\Users\user\Desktop\datasett.exe	Code function: 0_2_00007FF799686714 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,	0_2_00007FF799686714
Source: C:\Users\user\Desktop\datasett.exe	Code function: 0_2_00007FF799686714 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,	0_2_00007FF799686714
Source: C:\Users\user\Desktop\datasett.exe	Code function: 0_2_00007FF799677820 FindFirstFileExW,FindClose,	0_2_00007FF799677820
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FF7996909B4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,	1_2_00007FF7996909B4
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FF799686714 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,	1_2_00007FF799686714
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FF799686714 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,	1_2_00007FF799686714
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FF799677820 FindFirstFileExW,FindClose,	1_2_00007FF799677820
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D3229 _errno,malloc,_errno,memset,MultiByteToWideChar,GetLastError,MultiByteToWideChar,MultiByteToWideChar,free,_errno,FindFirstFileW,_errno,FindNextFileW,WideCharToMultiByte,	6_2_00007FFDFA6D3229
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE00173740 _PyArg_ParseTuple_SizeT,?PyWinObject_AsWCHAR@@YAHPEAU_object@@PEAPEA_WHPEAK@Z,PyList_New,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,FindFirstFileW,GetLastError,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,?PyObject_FromWIN32_FIND_DATAW@@YAPEAU_object@@PEAU_WIN32_FIND_DATAW@@@Z,PyList_Append,_Py_Dealloc,FindNextFileW,GetLastError,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,FindClose,_Py_Dealloc,	6_2_00007FFE00173740

Source: C:\Users\user\Desktop\datasett.exe

6_2_00007FFE001755D0

IP address seen in connection with other malware

Source: Joe Sandbox View

IP Address: 104.26.3.46 104.26.3.46

May check the online IP address of the machine

Source: unknown

DNS query: name: iplogger.org

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: C:\Users\user\Desktop\datasett.exe

1_2_61B13000

Source: global traffic

DNS traffic detected: DNS query: iplogger.org

Source: datasett.exe, 00000001.00000002.2913572705.000001CA11710000.00000004.00001000.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1746646839.0000028850A1F000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1757882425.0000028850D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://.../back.jpeg
Source: datasett.exe, 00000000.00000003.1667992268.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668777531.000002CBEB852000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672614789.000002CBEB84F000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668412980.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1671352104.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668493540.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1667482511.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668598107.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668275108.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672434725.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1670119905.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668128706.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668412980.000002CBEB851000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669320414.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1667583401.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669320414.000002CBEB852000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672614789.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669998758.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668777531.000002CBEB845000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1725566995.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1724313754.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: datasett.exe, 00000000.00000003.1669998758.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1724156433.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: datasett.exe, 00000000.00000003.1667992268.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668777531.000002CBEB852000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672614789.000002CBEB84F000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668412980.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1671352104.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668493540.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1667482511.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668598107.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668275108.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672434725.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1670119905.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668128706.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668412980.000002CBEB851000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669320414.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1667583401.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669320414.000002CBEB852000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672614789.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668777531.000002CBEB845000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1725566995.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1724313754.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1723056484.000001D3521E2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: datasett.exe, 00000000.00000003.1667992268.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668412980.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1671352104.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668493540.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1667482511.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668598107.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668275108.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672434725.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1670119905.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668128706.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669320414.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1667583401.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669320414.000002CBEB852000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672614789.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668777531.000002CBEB845000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1725566995.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1724313754.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1723056484.000001D3521E2000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1716730085.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1718158484.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1727515209.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: datasett.exe, 00000000.00000003.1667992268.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668412980.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1671352104.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668493540.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1667482511.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668598107.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668275108.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672434725.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1670119905.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668128706.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1667583401.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669320414.000002CBEB852000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672614789.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672434725.000002CBEB855000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668777531.000002CBEB845000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1725566995.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1724313754.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1723056484.000001D3521E2000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1727282533.000001D3521E4000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1716730085.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1718158484.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: datasett.exe, 00000001.00000002.2912643746.000001CA10F31000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2913343331.000001CA113D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.certigna.fr/certignarootca.crl01
Source: datasett.exe, 00000001.00000002.2912355486.000001CA10AE3000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2913343331.000001CA113A0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: datasett.exe, 00000001.00000002.2912643746.000001CA10F31000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl
Source: datasett.exe, 00000001.00000002.2913343331.000001CA113D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl
Source: datasett.exe, 00000001.00000002.2913343331.000001CA113D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl$hxw
Source: datasett.exe, 00000001.00000002.2912643746.000001CA10F31000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl0
Source: datasett.exe, 00000001.00000002.2912355486.000001CA10A40000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/SGCA.crl
Source: datasett.exe, 00000001.00000002.2912643746.000001CA10D90000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/SGCA.crl0
Source: datasett.exe, 00000001.00000002.2912355486.000001CA10A40000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/STCA.crl
Source: datasett.exe, 00000001.00000002.2912643746.000001CA10D90000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/STCA.crl0
Source: datasett.exe, 00000000.00000003.1669998758.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1724156433.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: datasett.exe, 00000001.00000002.2912355486.000001CA10A40000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl
Source: datasett.exe, 00000001.00000002.2912643746.000001CA10F31000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
Source: datasett.exe, 00000001.00000002.2912355486.000001CA10A40000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crlerr
Source: datasett.exe, 00000000.00000003.1669998758.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1724156433.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: datasett.exe, 00000000.00000003.1667992268.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668777531.000002CBEB852000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672614789.000002CBEB84F000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668412980.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1671352104.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668493540.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1667482511.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668598107.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668275108.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672434725.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1670119905.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668128706.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668412980.000002CBEB851000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669320414.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1667583401.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669320414.000002CBEB852000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672614789.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668777531.000002CBEB845000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1725566995.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1724313754.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1723056484.000001D3521E2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: datasett.exe, 00000000.00000003.1667992268.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668412980.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1671352104.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668493540.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1667482511.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668598107.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668275108.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672434725.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1670119905.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668128706.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669320414.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1667583401.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669320414.000002CBEB852000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672614789.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672434725.000002CBEB855000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668777531.000002CBEB845000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1725566995.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1724313754.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1723056484.000001D3521E2000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1727282533.000001D3521E4000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1716730085.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: datasett.exe, 00000000.00000003.1667992268.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668412980.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1671352104.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668493540.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1667482511.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668598107.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668275108.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672434725.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1670119905.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668128706.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1667583401.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669320414.000002CBEB852000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672614789.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672434725.000002CBEB855000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668777531.000002CBEB845000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1725566995.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1724313754.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1723056484.000001D3521E2000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1727282533.000001D3521E4000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1716730085.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1718158484.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: datasett.exe, 00000000.00000003.1669998758.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1724156433.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: datasett.exe, 00000000.00000003.1667992268.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668777531.000002CBEB852000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672614789.000002CBEB84F000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668412980.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1671352104.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668493540.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1667482511.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668598107.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668275108.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672434725.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1670119905.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668128706.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668412980.000002CBEB851000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669320414.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1667583401.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669320414.000002CBEB852000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672614789.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668777531.000002CBEB845000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1725566995.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1724313754.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1723056484.000001D3521E2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: datasett.exe, 00000000.00000003.1667992268.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668777531.000002CBEB852000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672614789.000002CBEB84F000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668412980.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1671352104.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668493540.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1667482511.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668598107.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668275108.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672434725.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1670119905.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668128706.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668412980.000002CBEB851000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669320414.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1667583401.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669320414.000002CBEB852000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672614789.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669998758.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668777531.000002CBEB845000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1725566995.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1724313754.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: datasett.exe, 00000000.00000003.1668275108.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1721207686.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSign
Source: datasett.exe, 00000000.00000003.1667992268.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1671352104.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668493540.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1667482511.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668598107.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672434725.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1670119905.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668128706.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669320414.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1667583401.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669320414.000002CBEB852000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672614789.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672434725.000002CBEB855000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668777531.000002CBEB845000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1725566995.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1724313754.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1723056484.000001D3521E2000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1727282533.000001D3521E4000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1716730085.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1718158484.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1727515209.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: datasett.exe, 00000000.00000003.1669998758.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1724156433.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: datasett.exe, 00000000.00000003.1667992268.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668777531.000002CBEB852000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672614789.000002CBEB84F000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668412980.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1671352104.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668493540.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1667482511.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668598107.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668275108.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672434725.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1670119905.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668128706.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668412980.000002CBEB851000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669320414.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1667583401.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669320414.000002CBEB852000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672614789.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668777531.000002CBEB845000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1725566995.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1724313754.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1723056484.000001D3521E2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: datasett.exe, 00000001.00000002.2913296015.000001CA112C0000.00000004.00001000.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1757849481.0000028850CE0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://curl.haxx.se/rfc/cookie_spec.html
Source: datasett.exe, 00000001.00000002.2912643746.000001CA10D90000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1755830091.000002884E312000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1753785930.000002884E30E000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1753458207.000002884E30D000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1754788827.000002884E311000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://google.com/
Source: datasett.exe, 00000001.00000002.2912355486.000001CA10AE3000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1757216796.00000288508C0000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752290953.00000288508BE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://google.com/mail/
Source: datasett.exe, 00000001.00000002.2912355486.000001CA10AE3000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2912643746.000001CA10D90000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1755081662.0000028850539000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1746858969.00000288504DD000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1755383513.0000028850539000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1753649523.000002885088E000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1756677827.0000028850539000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752944599.0000028850874000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752759804.0000028850537000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535
Source: datasett.exe, 00000006.00000003.1754572349.00000288508EB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://json.org
Source: datasett.exe, 00000001.00000002.2913343331.000001CA113D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.accv.es
Source: datasett.exe, 00000001.00000002.2913343331.000001CA113D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.accv.es0
Source: datasett.exe, 00000001.00000002.2913343331.000001CA113D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.accv.ese
Source: datasett.exe, 00000000.00000003.1670119905.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1724313754.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digi
Source: datasett.exe, 00000000.00000003.1667992268.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668412980.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1671352104.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668493540.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1667482511.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668598107.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668275108.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672434725.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1670119905.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668128706.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669320414.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1667583401.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669320414.000002CBEB852000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672614789.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668777531.000002CBEB845000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1725566995.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1724313754.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1723056484.000001D3521E2000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1716730085.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1718158484.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1727515209.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: datasett.exe, 00000000.00000003.1667992268.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668412980.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1671352104.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668493540.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1667482511.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668598107.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668275108.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672434725.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1670119905.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668128706.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1667583401.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669320414.000002CBEB852000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672614789.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672434725.000002CBEB855000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668777531.000002CBEB845000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1725566995.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1724313754.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1723056484.000001D3521E2000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1727282533.000001D3521E4000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1716730085.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1718158484.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0A
Source: datasett.exe, 00000000.00000003.1667992268.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668777531.000002CBEB852000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672614789.000002CBEB84F000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668412980.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1671352104.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668493540.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1667482511.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668598107.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668275108.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672434725.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1670119905.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668128706.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668412980.000002CBEB851000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669320414.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1667583401.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669320414.000002CBEB852000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672614789.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669998758.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668777531.000002CBEB845000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1725566995.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1724313754.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0C
Source: datasett.exe, 00000000.00000003.1669998758.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1724156433.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0N
Source: datasett.exe, 00000000.00000003.1667992268.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668777531.000002CBEB852000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672614789.000002CBEB84F000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668412980.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1671352104.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668493540.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1667482511.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668598107.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668275108.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672434725.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1670119905.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668128706.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668412980.000002CBEB851000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669320414.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1667583401.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669320414.000002CBEB852000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672614789.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668777531.000002CBEB845000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1725566995.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1724313754.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1723056484.000001D3521E2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0O
Source: datasett.exe, 00000000.00000003.1670119905.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1724313754.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digif
Source: datasett.exe, 00000000.00000003.1669998758.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1724156433.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.thawte.com0
Source: datasett.exe, 00000001.00000002.2912643746.000001CA10F31000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2912643746.000001CA10E85000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://repository.swisssign.com/
Source: datasett.exe, 00000001.00000002.2912643746.000001CA10E85000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://repository.swisssign.com/a
Source: datasett.exe, 00000001.00000002.2913193358.000001CA111D0000.00000004.00001000.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1757764425.0000028850BF0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://tools.ietf.org/html/rfc6125#section-6.4.3
Source: datasett.exe, 00000000.00000003.1669998758.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1724156433.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: datasett.exe, 00000000.00000003.1669998758.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1724156433.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: datasett.exe, 00000000.00000003.1669998758.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1724156433.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: datasett.exe, 00000001.00000002.2913343331.000001CA113D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
Source: datasett.exe, 00000001.00000002.2912355486.000001CA10AE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl
Source: datasett.exe, 00000001.00000002.2913343331.000001CA113D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
Source: datasett.exe, 00000001.00000002.2913343331.000001CA113D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/legislacion_c.htm
Source: datasett.exe, 00000001.00000002.2913343331.000001CA113D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/legislacion_c.htm0U
Source: datasett.exe, 00000001.00000002.2913343331.000001CA113D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/legislacion_c.htm9hxj
Source: datasett.exe, 00000001.00000002.2913343331.000001CA113D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es00
Source: datasett.exe, 00000001.00000002.2912643746.000001CA10F31000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2913343331.000001CA113D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.cert.fnmt.es/dpcs/
Source: datasett.exe, 00000001.00000002.2912643746.000001CA10F31000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.cert.fnmt.es/dpcs/A
Source: datasett.exe, 00000000.00000003.1667992268.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668777531.000002CBEB852000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672614789.000002CBEB84F000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668412980.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1671352104.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668493540.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1667482511.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668598107.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668275108.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672434725.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1670119905.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668128706.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668412980.000002CBEB851000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669320414.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1667583401.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669320414.000002CBEB852000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672614789.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668777531.000002CBEB845000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1725566995.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1724313754.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1723056484.000001D3521E2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.digicert.com/CPS0
Source: datasett.exe, 00000001.00000002.2911883602.000001CA0EA2E000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2913343331.000001CA113D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.firmaprofesional.com/cps0
Source: datasett.exe, 00000001.00000002.2911883602.000001CA0EA2E000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1755318713.0000028850540000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1746858969.00000288504DD000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1756677827.0000028850541000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1753339807.000002885053F000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752759804.0000028850537000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6
Source: datasett.exe, 00000001.00000002.2912643746.000001CA10F31000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.quovadisglobal.com/cps
Source: datasett.exe, 00000001.00000002.2912643746.000001CA10F31000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.quovadisglobal.com/cps0
Source: datasett.exe, 00000006.00000003.1754037534.0000028850461000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1754075017.0000028850465000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1754502410.000002885046D000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1754328484.0000028850466000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1756488404.0000028850470000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.robotstxt.org/norobots-rfc.txt
Source: datasett.exe, 00000001.00000002.2913343331.000001CA113A0000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1757339264.0000028850934000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752290953.0000028850924000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1753139716.0000028850932000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1755344880.0000028850934000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1751520665.0000028850915000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://wwwsearch.sf.net/):
Source: datasett.exe, 00000001.00000002.2912481776.000001CA10B80000.00000004.00001000.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1756812067.00000288505A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.ipify.org?format=json
Source: datasett.exe, 00000001.00000002.2912481776.000001CA10B80000.00000004.00001000.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1756812067.00000288505A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.telegram.org/bot
Source: datasett.exe, 00000001.00000002.2913023346.000001CA11070000.00000004.00001000.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1757610535.0000028850A90000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://foss.heptapod.net/pypy/pypy/-/issues/3539
Source: datasett.exe, 00000001.00000002.2912643746.000001CA10D90000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1757421956.0000028850946000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1751322552.000002885095E000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752290953.0000028850944000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752786045.0000028850945000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1753256581.0000028850946000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Ousret/charset_normalizer
Source: datasett.exe, 00000001.00000003.1685920181.000001CA0EAB7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1684134076.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680524631.000001CA0EAA9000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680369460.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1683770842.000001CA0EAA9000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680369460.000001CA0EAA9000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680315220.000001CA0EADF000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1683979233.000001CA0EAA9000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680192150.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2911883602.000001CA0EA2E000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1684134076.000001CA0EAA9000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680524631.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1683770842.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680684974.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680328707.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1683979233.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2912355486.000001CA10A40000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1683478506.000001CA0EAA9000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680684974.000001CA0EAA9000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1683478506.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1754037534.0000028850461000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
Source: datasett.exe, datasett.exe, 00000006.00000002.1759792495.00007FFE001C1000.00000002.00000001.01000000.0000002D.sdmp, datasett.exe, 00000006.00000002.1760517859.00007FFE0C0A9000.00000002.00000001.01000000.0000002C.sdmp, datasett.exe, 00000006.00000002.1759686551.00007FFE00191000.00000002.00000001.01000000.0000002F.sdmp, win32api.pyd.0.dr, win32api.pyd.5.dr	String found in binary or memory: https://github.com/mhammond/pywin32
Source: datasett.exe, 00000001.00000003.1685920181.000001CA0EAB7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1684134076.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680369460.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680192150.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680524631.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1683770842.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680684974.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2912089151.000001CA102F0000.00000004.00001000.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680328707.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1683979233.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1683478506.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1756225617.0000028850060000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
Source: datasett.exe, 00000006.00000003.1754601960.000002884E349000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
Source: datasett.exe, 00000001.00000003.1685920181.000001CA0EAB7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1684134076.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680524631.000001CA0EAA9000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680369460.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1683770842.000001CA0EAA9000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680369460.000001CA0EAA9000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680315220.000001CA0EADF000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1683979233.000001CA0EAA9000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680192150.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2911883602.000001CA0EA2E000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1684134076.000001CA0EAA9000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680524631.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1683770842.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680684974.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680328707.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1683979233.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2912355486.000001CA10A40000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1683478506.000001CA0EAA9000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680684974.000001CA0EAA9000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1683478506.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1754037534.0000028850461000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
Source: datasett.exe, 00000001.00000003.1685920181.000001CA0EAB7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1684134076.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680524631.000001CA0EAA9000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680369460.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1683770842.000001CA0EAA9000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680369460.000001CA0EAA9000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680315220.000001CA0EADF000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1683979233.000001CA0EAA9000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680192150.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2911883602.000001CA0EA2E000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1684134076.000001CA0EAA9000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680524631.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1683770842.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680684974.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680328707.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1683979233.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2912355486.000001CA10A40000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1683478506.000001CA0EAA9000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680684974.000001CA0EAA9000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1683478506.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1754037534.0000028850461000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
Source: datasett.exe, 00000001.00000002.2913023346.000001CA11070000.00000004.00001000.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1757610535.0000028850A90000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963
Source: datasett.exe, 00000001.00000002.2911883602.000001CA0EA2E000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1754014840.00000288508C6000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752290953.00000288508BE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.
Source: datasett.exe, 00000001.00000002.2913229256.000001CA11220000.00000004.00001000.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1757421956.0000028850946000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752290953.0000028850944000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1751322552.0000028850955000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752786045.0000028850945000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1753256581.0000028850946000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1757792500.0000028850C40000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/urllib3/urllib3/issues/2920
Source: datasett.exe, 00000006.00000002.1757792500.0000028850C40000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/urllib3/urllib3/issues/2920p
Source: datasett.exe, 00000006.00000003.1753256581.0000028850946000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752439883.000002884E347000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752290953.00000288508BE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://google.com/
Source: datasett.exe, 00000001.00000002.2912355486.000001CA10AE3000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2912643746.000001CA10D90000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1757421956.0000028850946000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1755060297.00000288508C7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1751322552.0000028850944000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752290953.0000028850944000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1751322552.0000028850955000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1754014840.00000288508C6000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752786045.0000028850945000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1753256581.0000028850946000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752290953.00000288508BE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://google.com/mail
Source: datasett.exe, 00000006.00000003.1754433045.000002884E3C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://google.com/mail/
Source: datasett.exe, 00000001.00000002.2912643746.000001CA10D90000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752494608.00000288508E2000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1754249502.00000288508EB000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752863410.00000288508EA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752290953.00000288508BE000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1754770494.00000288508F6000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1754572349.00000288508EB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/
Source: datasett.exe, 00000006.00000003.1752439883.000002884E347000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://httpbin.org/
Source: datasett.exe, 00000006.00000002.1758008992.0000028850DD0000.00000004.00001000.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1756488404.0000028850470000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752290953.00000288508BE000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752999911.00000288504DD000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1754572349.00000288508EB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://httpbin.org/get
Source: datasett.exe, 00000001.00000002.2911883602.000001CA0EA2E000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1755865343.000002884E32B000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1753742679.000002884E325000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1754885711.000002884E32A000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1753458207.000002884E30D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://httpbin.org/post
Source: datasett.exe, 00000001.00000002.2912481776.000001CA10B80000.00000004.00001000.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1756812067.00000288505A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://ipinfo.io/
Source: datasett.exe, 00000001.00000002.2912481776.000001CA10B80000.00000004.00001000.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1756812067.00000288505A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://iplogger.org/Drop8VbLink
Source: datasett.exe, 00000006.00000002.1756885684.00000288505F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://iplogger.org/Drop8otstuk
Source: datasett.exe, 00000001.00000003.1685920181.000001CA0EAB7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1686004054.000001CA0EAF2000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2912355486.000001CA10A40000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752494608.00000288508E2000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1754249502.00000288508EB000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752863410.00000288508EA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1754753546.00000288508FE000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1743252369.000002884E3C0000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752290953.00000288508BE000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1743133519.000002884E3BC000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1754572349.00000288508EB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mahler:8092/site-updates.py
Source: datasett.exe, 00000001.00000002.2912481776.000001CA10B80000.00000004.00001000.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1756812067.00000288505A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://pastebin.com/raw/C1vS7y2X
Source: datasett.exe, 00000001.00000002.2912481776.000001CA10B80000.00000004.00001000.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1756812067.00000288505A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://pastebin.com/raw/fn5bRN1F
Source: datasett.exe, 00000001.00000002.2912481776.000001CA10B80000.00000004.00001000.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1756812067.00000288505A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://pastebin.com/raw/uUbM2VAB
Source: datasett.exe, 00000001.00000002.2912481776.000001CA10B80000.00000004.00001000.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1756812067.00000288505A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://pastebin.com/raw/uUbM2VAB__path__
Source: datasett.exe, 00000006.00000002.1759072943.00007FFDFAD53000.00000002.00000001.01000000.0000001A.sdmp	String found in binary or memory: https://python.org/dev/peps/pep-0263/
Source: datasett.exe, 00000006.00000002.1758039593.0000028850E10000.00000004.00001000.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1755865343.000002884E32B000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1753742679.000002884E325000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1754885711.000002884E32A000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1753458207.000002884E30D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://requests.readthedocs.io
Source: datasett.exe, 00000001.00000002.2911883602.000001CA0EA2E000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1753093881.000002884E39C000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752439883.000002884E347000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1753503603.000002884E3A2000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1753676136.000002884E3AE000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1756028776.000002884E3B3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc2388#section-4.4
Source: datasett.exe, 00000001.00000002.2912355486.000001CA10AE3000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2912643746.000001CA10D90000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1757421956.0000028850946000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1751322552.0000028850944000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1753093881.000002884E39C000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752290953.0000028850944000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1751322552.0000028850955000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752786045.0000028850945000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1753256581.0000028850946000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752439883.000002884E347000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://twitter.com/
Source: datasett.exe, 00000001.00000002.2913193358.000001CA111D0000.00000004.00001000.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1757764425.0000028850BF0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxy
Source: datasett.exe, 00000001.00000002.2913158600.000001CA11190000.00000004.00001000.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1757734662.0000028850BB0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings
Source: datasett.exe, 00000001.00000002.2913158600.000001CA11190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warningspf
Source: datasett.exe, 00000000.00000003.1667992268.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668777531.000002CBEB852000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672614789.000002CBEB84F000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668412980.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1671352104.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668493540.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1667482511.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668598107.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668275108.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672434725.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1670119905.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668128706.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668412980.000002CBEB851000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669320414.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1667583401.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669320414.000002CBEB852000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672614789.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669998758.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668777531.000002CBEB845000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1725566995.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1724313754.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.digicert.com/CPS0
Source: datasett.exe, 00000000.00000003.1670119905.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2915055494.00007FFDFB307000.00000002.00000001.01000000.0000000C.sdmp, datasett.exe, 00000001.00000002.2915732229.00007FFE0147A000.00000002.00000001.01000000.0000000D.sdmp, datasett.exe, 00000005.00000003.1724313754.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1758860580.00007FFDFAA17000.00000002.00000001.01000000.00000022.sdmp, datasett.exe, 00000006.00000002.1760185978.00007FFE013CA000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: https://www.openssl.org/H
Source: datasett.exe, 00000001.00000002.2911883602.000001CA0EA2E000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1755865343.000002884E32B000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1753742679.000002884E325000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1754885711.000002884E32A000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1753458207.000002884E30D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.python.org
Source: datasett.exe, 00000001.00000003.1685920181.000001CA0EAB7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1686004054.000001CA0EAF2000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2912355486.000001CA10A40000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752494608.00000288508E2000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1754249502.00000288508EB000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752863410.00000288508EA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1754753546.00000288508FE000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1743252369.000002884E3C0000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752290953.00000288508BE000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1743133519.000002884E3BC000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1754572349.00000288508EB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.python.org/
Source: datasett.exe, 00000000.00000003.1678160567.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2912516810.000001CA10BD0000.00000004.00001000.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1736245775.000001D3521D8000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1756885684.00000288505F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.python.org/dev/peps/pep-0205/
Source: datasett.exe, 00000001.00000003.1684836609.000001CA0EAF8000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2912253685.000001CA10880000.00000004.00001000.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1684777469.000001CA0EAEC000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1684695963.000001CA0EAEC000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1684754877.000001CA0EAF8000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1742795678.000002884E3B6000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1756347653.00000288502A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.python.org/download/releases/2.3/mro/.
Source: datasett.exe, 00000001.00000002.2913343331.000001CA113D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wwww.certigna.fr/autorites/
Source: datasett.exe, 00000001.00000002.2912643746.000001CA10F31000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2913343331.000001CA113D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wwww.certigna.fr/autorites/0m
Source: datasett.exe, 00000001.00000002.2912355486.000001CA10AE3000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2912643746.000001CA10D90000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1757421956.0000028850946000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1755060297.00000288508C7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1751322552.0000028850944000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752290953.0000028850944000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1751322552.0000028850955000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1754014840.00000288508C6000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752786045.0000028850945000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1753256581.0000028850946000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752290953.00000288508BE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://yahoo.com/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443

Contains functionality to retrieve information about pressed keystrokes

Source: C:\Users\user\Desktop\datasett.exe

Code function: 6_2_00007FFE00175140 _PyArg_ParseTuple_SizeT,PyEval_SaveThread,GetKeyboardState,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,PyBytes_FromStringAndSize,

6_2_00007FFE00175140

Contains functionality to call native functions

Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_61B13000 WSAStartup,gethostbyname,socket,setsockopt,setsockopt,setsockopt,htons,sendto,sendto,recvfrom,recvfrom,ntohl,ntohl,ntohl,closesocket,WSACleanup,WSAGetLastError,closesocket,WSACleanup,SetLastError,WSAGetLastError,WSACleanup,SetLastError,		1_2_61B13000
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_61B13000 WSAStartup,gethostbyname,socket,setsockopt,setsockopt,setsockopt,htons,sendto,sendto,recvfrom,recvfrom,ntohl,ntohl,ntohl,closesocket,WSACleanup,WSAGetLastError,closesocket,WSACleanup,SetLastError,WSAGetLastError,WSACleanup,SetLastError,		6_2_61B13000

Contains functionality to communicate with device drivers

Source: C:\Users\user\Desktop\datasett.exe

Code function: 1_2_61B9F1F8: DeviceIoControl,

1_2_61B9F1F8

Contains functionality to shutdown / reboot the system

Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE00175AC0 _PyArg_ParseTuple_SizeT,PyEval_SaveThread,ExitWindowsEx,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,_Py_NoneStruct,_Py_NoneStruct,		6_2_00007FFE00175AC0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE00175B60 _PyArg_ParseTuple_SizeT,PyEval_SaveThread,ExitWindowsEx,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,_Py_NoneStruct,_Py_NoneStruct,		6_2_00007FFE00175B60

Detected potential crypto function

Source: C:\Users\user\Desktop\datasett.exe	Code function: 0_2_00007FF79968FA08	0_2_00007FF79968FA08
Source: C:\Users\user\Desktop\datasett.exe	Code function: 0_2_00007FF799694E20	0_2_00007FF799694E20
Source: C:\Users\user\Desktop\datasett.exe	Code function: 0_2_00007FF799695D6C	0_2_00007FF799695D6C
Source: C:\Users\user\Desktop\datasett.exe	Code function: 0_2_00007FF799676780	0_2_00007FF799676780
Source: C:\Users\user\Desktop\datasett.exe	Code function: 0_2_00007FF7996931CC	0_2_00007FF7996931CC
Source: C:\Users\user\Desktop\datasett.exe	Code function: 0_2_00007FF7996811C0	0_2_00007FF7996811C0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 0_2_00007FF7996909B4	0_2_00007FF7996909B4
Source: C:\Users\user\Desktop\datasett.exe	Code function: 0_2_00007FF7996809A0	0_2_00007FF7996809A0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 0_2_00007FF799671B90	0_2_00007FF799671B90
Source: C:\Users\user\Desktop\datasett.exe	Code function: 0_2_00007FF799698B68	0_2_00007FF799698B68
Source: C:\Users\user\Desktop\datasett.exe	Code function: 0_2_00007FF79968CC04	0_2_00007FF79968CC04
Source: C:\Users\user\Desktop\datasett.exe	Code function: 0_2_00007FF799682C04	0_2_00007FF799682C04
Source: C:\Users\user\Desktop\datasett.exe	Code function: 0_2_00007FF7996813C4	0_2_00007FF7996813C4
Source: C:\Users\user\Desktop\datasett.exe	Code function: 0_2_00007FF799688BA0	0_2_00007FF799688BA0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 0_2_00007FF799680BA4	0_2_00007FF799680BA4
Source: C:\Users\user\Desktop\datasett.exe	Code function: 0_2_00007FF799681E70	0_2_00007FF799681E70
Source: C:\Users\user\Desktop\datasett.exe	Code function: 0_2_00007FF799686714	0_2_00007FF799686714
Source: C:\Users\user\Desktop\datasett.exe	Code function: 0_2_00007FF79968FA08	0_2_00007FF79968FA08
Source: C:\Users\user\Desktop\datasett.exe	Code function: 0_2_00007FF799686560	0_2_00007FF799686560
Source: C:\Users\user\Desktop\datasett.exe	Code function: 0_2_00007FF799692D30	0_2_00007FF799692D30
Source: C:\Users\user\Desktop\datasett.exe	Code function: 0_2_00007FF799680DB0	0_2_00007FF799680DB0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 0_2_00007FF799686714	0_2_00007FF799686714
Source: C:\Users\user\Desktop\datasett.exe	Code function: 0_2_00007FF799695820	0_2_00007FF799695820
Source: C:\Users\user\Desktop\datasett.exe	Code function: 0_2_00007FF79968D098	0_2_00007FF79968D098
Source: C:\Users\user\Desktop\datasett.exe	Code function: 0_2_00007FF79969509C	0_2_00007FF79969509C
Source: C:\Users\user\Desktop\datasett.exe	Code function: 0_2_00007FF7996780A0	0_2_00007FF7996780A0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 0_2_00007FF799684F50	0_2_00007FF799684F50
Source: C:\Users\user\Desktop\datasett.exe	Code function: 0_2_00007FF79968D718	0_2_00007FF79968D718
Source: C:\Users\user\Desktop\datasett.exe	Code function: 0_2_00007FF799682800	0_2_00007FF799682800
Source: C:\Users\user\Desktop\datasett.exe	Code function: 0_2_00007FF799680FB4	0_2_00007FF799680FB4
Source: C:\Users\user\Desktop\datasett.exe	Code function: 0_2_00007FF799686F98	0_2_00007FF799686F98
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_61B04A60	1_2_61B04A60
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_61B05E70	1_2_61B05E70
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_61B3F1E2	1_2_61B3F1E2
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_61B25120	1_2_61B25120
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_61B16080	1_2_61B16080
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_61B21010	1_2_61B21010
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_61B5E310	1_2_61B5E310
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_61B56350	1_2_61B56350
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_61B46340	1_2_61B46340
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_61B0B290	1_2_61B0B290
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_61B07220	1_2_61B07220
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_61B7C5C0	1_2_61B7C5C0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_61B54530	1_2_61B54530
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_61B25510	1_2_61B25510
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_61B3F570	1_2_61B3F570
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_61B15400	1_2_61B15400
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_61B09710	1_2_61B09710
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_61B65690	1_2_61B65690
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_61B7E660	1_2_61B7E660
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_61B28900	1_2_61B28900
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_61B19960	1_2_61B19960
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_61B2B8D0	1_2_61B2B8D0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_61B55830	1_2_61B55830
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_61B10820	1_2_61B10820
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_61B06BA0	1_2_61B06BA0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_61B7CB90	1_2_61B7CB90
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_61B2BB50	1_2_61B2BB50
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_61B13B40	1_2_61B13B40
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_61B64A90	1_2_61B64A90
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_61B25A00	1_2_61B25A00
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_61B26A60	1_2_61B26A60
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_61B53D70	1_2_61B53D70
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_61B02D60	1_2_61B02D60
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_61B13CC0	1_2_61B13CC0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_61B14C20	1_2_61B14C20
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_61B56FC0	1_2_61B56FC0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_61B64F70	1_2_61B64F70
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_61B23F60	1_2_61B23F60
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_61B29F40	1_2_61B29F40
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_61B26E80	1_2_61B26E80
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_61B54E15	1_2_61B54E15
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_61B21E40	1_2_61B21E40
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FF799695D6C	1_2_00007FF799695D6C
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FF79968FA08	1_2_00007FF79968FA08
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FF7996931CC	1_2_00007FF7996931CC
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FF7996811C0	1_2_00007FF7996811C0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FF7996909B4	1_2_00007FF7996909B4
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FF7996809A0	1_2_00007FF7996809A0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FF799671B90	1_2_00007FF799671B90
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FF799698B68	1_2_00007FF799698B68
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FF79968CC04	1_2_00007FF79968CC04
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FF799682C04	1_2_00007FF799682C04
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FF7996813C4	1_2_00007FF7996813C4
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FF799688BA0	1_2_00007FF799688BA0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FF799680BA4	1_2_00007FF799680BA4
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FF799681E70	1_2_00007FF799681E70
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FF799694E20	1_2_00007FF799694E20
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FF799686714	1_2_00007FF799686714
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FF79968FA08	1_2_00007FF79968FA08
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FF799686560	1_2_00007FF799686560
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FF799692D30	1_2_00007FF799692D30
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FF799680DB0	1_2_00007FF799680DB0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FF799686714	1_2_00007FF799686714
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FF799695820	1_2_00007FF799695820
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FF79968D098	1_2_00007FF79968D098
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FF79969509C	1_2_00007FF79969509C
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FF7996780A0	1_2_00007FF7996780A0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FF799676780	1_2_00007FF799676780
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FF799684F50	1_2_00007FF799684F50
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FF79968D718	1_2_00007FF79968D718
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FF799682800	1_2_00007FF799682800
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FF799680FB4	1_2_00007FF799680FB4
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FF799686F98	1_2_00007FF799686F98
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAEA12C0	1_2_00007FFDFAEA12C0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAEA1890	1_2_00007FFDFAEA1890
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFB163B80	1_2_00007FFDFB163B80
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFB177BC0	1_2_00007FFDFB177BC0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC6A87	1_2_00007FFDFAFC6A87
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC655F	1_2_00007FFDFAFC655F
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC60A0	1_2_00007FFDFAFC60A0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFB02FA00	1_2_00007FFDFB02FA00
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC4165	1_2_00007FFDFAFC4165
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC3FDA	1_2_00007FFDFAFC3FDA
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC22E8	1_2_00007FFDFAFC22E8
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC21B7	1_2_00007FFDFAFC21B7
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC2766	1_2_00007FFDFAFC2766
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFB0F0010	1_2_00007FFDFB0F0010
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC32E7	1_2_00007FFDFAFC32E7
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFDBF20	1_2_00007FFDFAFDBF20
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC2289	1_2_00007FFDFAFC2289
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFDBD60	1_2_00007FFDFAFDBD60
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFB0F7CD0	1_2_00007FFDFB0F7CD0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC30C1	1_2_00007FFDFAFC30C1
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC6EF1	1_2_00007FFDFAFC6EF1
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC5D8A	1_2_00007FFDFAFC5D8A
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC29CD	1_2_00007FFDFAFC29CD
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC6CBC	1_2_00007FFDFAFC6CBC
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC114F	1_2_00007FFDFAFC114F
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFDF200	1_2_00007FFDFAFDF200
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFB0FB200	1_2_00007FFDFB0FB200
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFDF060	1_2_00007FFDFAFDF060
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC213F	1_2_00007FFDFAFC213F
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC704A	1_2_00007FFDFAFC704A
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFB1FF7D0	1_2_00007FFDFB1FF7D0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC1EA1	1_2_00007FFDFAFC1EA1
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC6F28	1_2_00007FFDFAFC6F28
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFEB850	1_2_00007FFDFAFEB850
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFEB4C0	1_2_00007FFDFAFEB4C0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFB0F74F0	1_2_00007FFDFB0F74F0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC5169	1_2_00007FFDFAFC5169
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC3B93	1_2_00007FFDFAFC3B93
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFB162C40	1_2_00007FFDFB162C40
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC60DC	1_2_00007FFDFAFC60DC
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC4E4E	1_2_00007FFDFAFC4E4E
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC5E25	1_2_00007FFDFAFC5E25
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFB14E870	1_2_00007FFDFB14E870
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC23F1	1_2_00007FFDFAFC23F1
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC4633	1_2_00007FFDFAFC4633
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC72C5	1_2_00007FFDFAFC72C5
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFB0A2EB0	1_2_00007FFDFB0A2EB0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFDEF00	1_2_00007FFDFAFDEF00
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC1B22	1_2_00007FFDFAFC1B22
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC4D04	1_2_00007FFDFAFC4D04
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC5DA3	1_2_00007FFDFAFC5DA3
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC5B0F	1_2_00007FFDFAFC5B0F
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC3486	1_2_00007FFDFAFC3486
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFB0F6310	1_2_00007FFDFB0F6310
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC57D1	1_2_00007FFDFAFC57D1
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC4746	1_2_00007FFDFAFC4746
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC378D	1_2_00007FFDFAFC378D
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC4359	1_2_00007FFDFAFC4359
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC1B31	1_2_00007FFDFAFC1B31
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC6FFF	1_2_00007FFDFAFC6FFF
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC1CC1	1_2_00007FFDFAFC1CC1
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFB0F2850	1_2_00007FFDFB0F2850
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC1A4B	1_2_00007FFDFAFC1A4B
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC5A60	1_2_00007FFDFAFC5A60
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC707C	1_2_00007FFDFAFC707C
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC3693	1_2_00007FFDFAFC3693
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFB179B90	1_2_00007FFDFB179B90
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC50AB	1_2_00007FFDFAFC50AB
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC35FD	1_2_00007FFDFAFC35FD
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFB161AD0	1_2_00007FFDFB161AD0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC59F7	1_2_00007FFDFAFC59F7
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC4F3E	1_2_00007FFDFAFC4F3E
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC638E	1_2_00007FFDFAFC638E
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC2135	1_2_00007FFDFAFC2135
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC53C1	1_2_00007FFDFAFC53C1
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC4AC5	1_2_00007FFDFAFC4AC5
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC54CF	1_2_00007FFDFAFC54CF
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC216C	1_2_00007FFDFAFC216C
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFB0F6010	1_2_00007FFDFB0F6010
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC72AC	1_2_00007FFDFAFC72AC
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC1622	1_2_00007FFDFAFC1622
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC2D0B	1_2_00007FFDFAFC2D0B
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC3BA2	1_2_00007FFDFAFC3BA2
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC736A	1_2_00007FFDFAFC736A
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC7257	1_2_00007FFDFAFC7257
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC1D83	1_2_00007FFDFAFC1D83
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC2982	1_2_00007FFDFAFC2982
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC1CFD	1_2_00007FFDFAFC1CFD
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC266C	1_2_00007FFDFAFC266C
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC3832	1_2_00007FFDFAFC3832
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC3A85	1_2_00007FFDFAFC3A85
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFB1793C0	1_2_00007FFDFB1793C0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC710D	1_2_00007FFDFAFC710D
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC53A8	1_2_00007FFDFAFC53A8
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFDD260	1_2_00007FFDFAFDD260
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC68CA	1_2_00007FFDFAFC68CA
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_61B04A60	6_2_61B04A60
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_61B05E70	6_2_61B05E70
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_61B3F1E2	6_2_61B3F1E2
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_61B25120	6_2_61B25120
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_61B16080	6_2_61B16080
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_61B21010	6_2_61B21010
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_61B5E310	6_2_61B5E310
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_61B56350	6_2_61B56350
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_61B46340	6_2_61B46340
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_61B0B290	6_2_61B0B290
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_61B07220	6_2_61B07220
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_61B7C5C0	6_2_61B7C5C0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_61B54530	6_2_61B54530
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_61B25510	6_2_61B25510
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_61B3F570	6_2_61B3F570
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_61B15400	6_2_61B15400
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_61B09710	6_2_61B09710
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_61B65690	6_2_61B65690
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_61B7E660	6_2_61B7E660
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_61B28900	6_2_61B28900
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_61B19960	6_2_61B19960
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_61B2B8D0	6_2_61B2B8D0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_61B55830	6_2_61B55830
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_61B10820	6_2_61B10820
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_61B06BA0	6_2_61B06BA0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_61B7CB90	6_2_61B7CB90
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_61B2BB50	6_2_61B2BB50
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_61B13B40	6_2_61B13B40
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_61B64A90	6_2_61B64A90
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_61B25A00	6_2_61B25A00
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_61B26A60	6_2_61B26A60
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_61B53D70	6_2_61B53D70
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_61B02D60	6_2_61B02D60
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_61B13CC0	6_2_61B13CC0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_61B14C20	6_2_61B14C20
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_61B56FC0	6_2_61B56FC0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_61B64F70	6_2_61B64F70
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_61B23F60	6_2_61B23F60
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_61B29F40	6_2_61B29F40
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_61B26E80	6_2_61B26E80
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_61B54E15	6_2_61B54E15
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_61B21E40	6_2_61B21E40
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D6A87	6_2_00007FFDFA6D6A87
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D655F	6_2_00007FFDFA6D655F
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA873B80	6_2_00007FFDFA873B80
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA887BC0	6_2_00007FFDFA887BC0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D22E8	6_2_00007FFDFA6D22E8
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D21B7	6_2_00007FFDFA6D21B7
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA73FA00	6_2_00007FFDFA73FA00
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D3FDA	6_2_00007FFDFA6D3FDA
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D60A0	6_2_00007FFDFA6D60A0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D4165	6_2_00007FFDFA6D4165
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D2289	6_2_00007FFDFA6D2289
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6EBF20	6_2_00007FFDFA6EBF20
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D32E7	6_2_00007FFDFA6D32E7
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA800010	6_2_00007FFDFA800010
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D2766	6_2_00007FFDFA6D2766
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D30C1	6_2_00007FFDFA6D30C1
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA807CD0	6_2_00007FFDFA807CD0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6EBD60	6_2_00007FFDFA6EBD60
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D6CBC	6_2_00007FFDFA6D6CBC
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D29CD	6_2_00007FFDFA6D29CD
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D5D8A	6_2_00007FFDFA6D5D8A
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D6EF1	6_2_00007FFDFA6D6EF1
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6EF060	6_2_00007FFDFA6EF060
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D213F	6_2_00007FFDFA6D213F
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA80B200	6_2_00007FFDFA80B200
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D114F	6_2_00007FFDFA6D114F
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6EF200	6_2_00007FFDFA6EF200
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D1EA1	6_2_00007FFDFA6D1EA1
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D6F28	6_2_00007FFDFA6D6F28
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6FB850	6_2_00007FFDFA6FB850
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D704A	6_2_00007FFDFA6D704A
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA90F7D0	6_2_00007FFDFA90F7D0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D3B93	6_2_00007FFDFA6D3B93
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6FB4C0	6_2_00007FFDFA6FB4C0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA8074F0	6_2_00007FFDFA8074F0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D5169	6_2_00007FFDFA6D5169
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA872C40	6_2_00007FFDFA872C40
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA85E870	6_2_00007FFDFA85E870
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D23F1	6_2_00007FFDFA6D23F1
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D5E25	6_2_00007FFDFA6D5E25
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D4E4E	6_2_00007FFDFA6D4E4E
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D60DC	6_2_00007FFDFA6D60DC
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D1B22	6_2_00007FFDFA6D1B22
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA7B2EB0	6_2_00007FFDFA7B2EB0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6EEF00	6_2_00007FFDFA6EEF00
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D72C5	6_2_00007FFDFA6D72C5
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D4633	6_2_00007FFDFA6D4633
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D5B0F	6_2_00007FFDFA6D5B0F
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D5DA3	6_2_00007FFDFA6D5DA3
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D4D04	6_2_00007FFDFA6D4D04
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA806310	6_2_00007FFDFA806310
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D3486	6_2_00007FFDFA6D3486
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D4746	6_2_00007FFDFA6D4746
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D378D	6_2_00007FFDFA6D378D
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D4359	6_2_00007FFDFA6D4359
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D1B31	6_2_00007FFDFA6D1B31
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D57D1	6_2_00007FFDFA6D57D1
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D1A4B	6_2_00007FFDFA6D1A4B
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D5A60	6_2_00007FFDFA6D5A60
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA802850	6_2_00007FFDFA802850
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D6FFF	6_2_00007FFDFA6D6FFF
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D1CC1	6_2_00007FFDFA6D1CC1
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D3693	6_2_00007FFDFA6D3693
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D707C	6_2_00007FFDFA6D707C
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA871AD0	6_2_00007FFDFA871AD0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D50AB	6_2_00007FFDFA6D50AB
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA889B90	6_2_00007FFDFA889B90
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D35FD	6_2_00007FFDFA6D35FD
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D4AC5	6_2_00007FFDFA6D4AC5
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D54CF	6_2_00007FFDFA6D54CF
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D216C	6_2_00007FFDFA6D216C
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D2135	6_2_00007FFDFA6D2135
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D53C1	6_2_00007FFDFA6D53C1
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D59F7	6_2_00007FFDFA6D59F7
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D4F3E	6_2_00007FFDFA6D4F3E
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D638E	6_2_00007FFDFA6D638E
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D3BA2	6_2_00007FFDFA6D3BA2
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D2D0B	6_2_00007FFDFA6D2D0B
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA806010	6_2_00007FFDFA806010
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D72AC	6_2_00007FFDFA6D72AC
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D1622	6_2_00007FFDFA6D1622
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D3A85	6_2_00007FFDFA6D3A85
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D1CFD	6_2_00007FFDFA6D1CFD
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D3832	6_2_00007FFDFA6D3832
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D266C	6_2_00007FFDFA6D266C
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D1D83	6_2_00007FFDFA6D1D83
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D736A	6_2_00007FFDFA6D736A
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D7257	6_2_00007FFDFA6D7257
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D2982	6_2_00007FFDFA6D2982
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6ED260	6_2_00007FFDFA6ED260
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D68CA	6_2_00007FFDFA6D68CA
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D710D	6_2_00007FFDFA6D710D
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D53A8	6_2_00007FFDFA6D53A8
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA8893C0	6_2_00007FFDFA8893C0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D3189	6_2_00007FFDFA6D3189
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D1F96	6_2_00007FFDFA6D1F96
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D144C	6_2_00007FFDFA6D144C
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA811170	6_2_00007FFDFA811170
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA7FD170	6_2_00007FFDFA7FD170
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6F5200	6_2_00007FFDFA6F5200
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D5510	6_2_00007FFDFA6D5510
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D3A8F	6_2_00007FFDFA6D3A8F
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D15C8	6_2_00007FFDFA6D15C8
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D54CA	6_2_00007FFDFA6D54CA
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D1299	6_2_00007FFDFA6D1299
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA8117A0	6_2_00007FFDFA8117A0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D6564	6_2_00007FFDFA6D6564
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D542F	6_2_00007FFDFA6D542F
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D560F	6_2_00007FFDFA6D560F
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D5F10	6_2_00007FFDFA6D5F10
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D44C6	6_2_00007FFDFA6D44C6
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D5BF0	6_2_00007FFDFA6D5BF0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D4287	6_2_00007FFDFA6D4287
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D5047	6_2_00007FFDFA6D5047
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D4B56	6_2_00007FFDFA6D4B56
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D11CC	6_2_00007FFDFA6D11CC
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D4C14	6_2_00007FFDFA6D4C14
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D6D5C	6_2_00007FFDFA6D6D5C
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D2D74	6_2_00007FFDFA6D2D74
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA884BC0	6_2_00007FFDFA884BC0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D2FCC	6_2_00007FFDFA6D2FCC
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D177B	6_2_00007FFDFA6D177B
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D22AC	6_2_00007FFDFA6D22AC
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D4A53	6_2_00007FFDFA6D4A53
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D275C	6_2_00007FFDFA6D275C
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D1140	6_2_00007FFDFA6D1140
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D10AA	6_2_00007FFDFA6D10AA
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D592F	6_2_00007FFDFA6D592F
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D1217	6_2_00007FFDFA6D1217
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D65A0	6_2_00007FFDFA6D65A0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D4403	6_2_00007FFDFA6D4403
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D362F	6_2_00007FFDFA6D362F
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D6EBF	6_2_00007FFDFA6D6EBF
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D26E9	6_2_00007FFDFA6D26E9
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D22FC	6_2_00007FFDFA6D22FC
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA810300	6_2_00007FFDFA810300
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D2E8C	6_2_00007FFDFA6D2E8C
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D1424	6_2_00007FFDFA6D1424
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D4101	6_2_00007FFDFA6D4101
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D5B73	6_2_00007FFDFA6D5B73
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D4C37	6_2_00007FFDFA6D4C37
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA780750	6_2_00007FFDFA780750
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D25EF	6_2_00007FFDFA6D25EF
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D69E7	6_2_00007FFDFA6D69E7
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D6C21	6_2_00007FFDFA6D6C21
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA7FC7D0	6_2_00007FFDFA7FC7D0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6EC480	6_2_00007FFDFA6EC480
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA888490	6_2_00007FFDFA888490
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D2C75	6_2_00007FFDFA6D2C75
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6EC620	6_2_00007FFDFA6EC620
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFB9B1890	6_2_00007FFDFB9B1890
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFB9B12C0	6_2_00007FFDFB9B12C0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE001745C0	6_2_00007FFE001745C0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE00173B20	6_2_00007FFE00173B20
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE00173740	6_2_00007FFE00173740
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE00737044	6_2_00007FFE00737044
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE00732470	6_2_00007FFE00732470
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE00731A00	6_2_00007FFE00731A00
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE00732EE0	6_2_00007FFE00732EE0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE00731B10	6_2_00007FFE00731B10
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE00735320	6_2_00007FFE00735320
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE0073F650	6_2_00007FFE0073F650
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE00731290	6_2_00007FFE00731290
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE00735C30	6_2_00007FFE00735C30
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE00738F80	6_2_00007FFE00738F80
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01300150	6_2_00007FFE01300150
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE012FC030	6_2_00007FFE012FC030
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE012F3A00	6_2_00007FFE012F3A00
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01380250	6_2_00007FFE01380250
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE0132256D	6_2_00007FFE0132256D
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01321BDB	6_2_00007FFE01321BDB
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE013220AE	6_2_00007FFE013220AE
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01380950	6_2_00007FFE01380950
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01326BA0	6_2_00007FFE01326BA0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01321537	6_2_00007FFE01321537

Found potential string decryption / allocating functions

Source: C:\Users\user\Desktop\datasett.exe	Code function: String function: 00007FFDFA6D4D68 appears 38 times
Source: C:\Users\user\Desktop\datasett.exe	Code function: String function: 00007FFDFA6D688E appears 31 times
Source: C:\Users\user\Desktop\datasett.exe	Code function: String function: 00007FFDFAFC4057 appears 531 times
Source: C:\Users\user\Desktop\datasett.exe	Code function: String function: 00007FFE0138D7E5 appears 42 times
Source: C:\Users\user\Desktop\datasett.exe	Code function: String function: 61B9EBF8 appears 112 times
Source: C:\Users\user\Desktop\datasett.exe	Code function: String function: 00007FFDFAFC24B9 appears 62 times
Source: C:\Users\user\Desktop\datasett.exe	Code function: String function: 00007FFDFAFC1EF1 appears 904 times
Source: C:\Users\user\Desktop\datasett.exe	Code function: String function: 00007FFE001AC0A0 appears 47 times
Source: C:\Users\user\Desktop\datasett.exe	Code function: String function: 00007FFDFA6D698D appears 49 times
Source: C:\Users\user\Desktop\datasett.exe	Code function: String function: 00007FFDFA6D300D appears 55 times
Source: C:\Users\user\Desktop\datasett.exe	Code function: String function: 00007FFDFAFC300D appears 50 times
Source: C:\Users\user\Desktop\datasett.exe	Code function: String function: 00007FFE012F3850 appears 51 times
Source: C:\Users\user\Desktop\datasett.exe	Code function: String function: 00007FFDFAFC698D appears 35 times
Source: C:\Users\user\Desktop\datasett.exe	Code function: String function: 00007FFDFA6D1EF1 appears 1581 times
Source: C:\Users\user\Desktop\datasett.exe	Code function: String function: 61B1B860 appears 450 times
Source: C:\Users\user\Desktop\datasett.exe	Code function: String function: 00007FFDFA6D24B9 appears 83 times
Source: C:\Users\user\Desktop\datasett.exe	Code function: String function: 00007FFDFA6D4057 appears 782 times
Source: C:\Users\user\Desktop\datasett.exe	Code function: String function: 00007FFDFAFC2A04 appears 95 times
Source: C:\Users\user\Desktop\datasett.exe	Code function: String function: 00007FFDFA6D2734 appears 511 times
Source: C:\Users\user\Desktop\datasett.exe	Code function: String function: 00007FFE0138D74F appears 63 times
Source: C:\Users\user\Desktop\datasett.exe	Code function: String function: 00007FFDFAFC483B appears 90 times
Source: C:\Users\user\Desktop\datasett.exe	Code function: String function: 00007FFE012F38C0 appears 96 times
Source: C:\Users\user\Desktop\datasett.exe	Code function: String function: 00007FFDFAFC2734 appears 357 times
Source: C:\Users\user\Desktop\datasett.exe	Code function: String function: 00007FFDFA6D2A04 appears 172 times
Source: C:\Users\user\Desktop\datasett.exe	Code function: String function: 00007FFE013212EE appears 216 times
Source: C:\Users\user\Desktop\datasett.exe	Code function: String function: 00007FFDFA6D483B appears 128 times
Source: C:\Users\user\Desktop\datasett.exe	Code function: String function: 61B9EC40 appears 94 times
Source: C:\Users\user\Desktop\datasett.exe	Code function: String function: 00007FF799672770 appears 82 times

PE file contains executable resources (Code or Archives)

Source: sapi.dll.0.dr	Static PE information: Resource name: DATA type: a.out little-endian 32-bit pure executable not stripped
Source: srloc.dll.0.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: SpeechUX.dll.mui.0.dr	Static PE information: Resource name: RT_STRING type: COM executable for DOS
Source: SpeechUXRes.dll.0.dr	Static PE information: Resource name: SRGRAMMARS type: COM executable for DOS
Source: SpeechUX.dll.mui0.0.dr	Static PE information: Resource name: RT_STRING type: COM executable for DOS
Source: unicodedata.pyd.0.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: SpeechUXRes.dll.5.dr	Static PE information: Resource name: SRGRAMMARS type: COM executable for DOS
Source: SpeechUX.dll.mui.5.dr	Static PE information: Resource name: RT_STRING type: COM executable for DOS
Source: sapi.dll.5.dr	Static PE information: Resource name: DATA type: a.out little-endian 32-bit pure executable not stripped
Source: srloc.dll.5.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: SpeechUX.dll.mui0.5.dr	Static PE information: Resource name: RT_STRING type: COM executable for DOS
Source: unicodedata.pyd.5.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS

PE file contains more sections than normal

Source: pyarmor_runtime.pyd.0.dr	Static PE information: Number of sections : 11 > 10
Source: pyarmor_runtime.pyd0.5.dr	Static PE information: Number of sections : 11 > 10
Source: pyarmor_runtime.pyd.5.dr	Static PE information: Number of sections : 11 > 10
Source: pyarmor_runtime.pyd0.0.dr	Static PE information: Number of sections : 11 > 10

PE file does not import any functions

Source: srloc.dll.mui.0.dr	Static PE information: No import functions for PE file found
Source: sapi.dll.mui.0.dr	Static PE information: No import functions for PE file found
Source: speechuxcpl.dll.mui0.0.dr	Static PE information: No import functions for PE file found
Source: SpeechUXRes.dll.0.dr	Static PE information: No import functions for PE file found
Source: speechuxcpl.dll.mui.5.dr	Static PE information: No import functions for PE file found
Source: SpeechUX.dll.mui0.5.dr	Static PE information: No import functions for PE file found
Source: sapi.dll.mui.5.dr	Static PE information: No import functions for PE file found
Source: SpeechUXWiz.exe.mui0.0.dr	Static PE information: No import functions for PE file found
Source: sapi.cpl.mui.5.dr	Static PE information: No import functions for PE file found
Source: srloc.dll.mui.5.dr	Static PE information: No import functions for PE file found
Source: SpeechUX.dll.mui0.0.dr	Static PE information: No import functions for PE file found
Source: SpeechUXWiz.exe.mui.0.dr	Static PE information: No import functions for PE file found
Source: SpeechUX.dll.mui.5.dr	Static PE information: No import functions for PE file found
Source: SpeechUXRes.dll.5.dr	Static PE information: No import functions for PE file found
Source: SpeechUX.dll.mui.0.dr	Static PE information: No import functions for PE file found
Source: sapi.cpl.mui.0.dr	Static PE information: No import functions for PE file found
Source: SpeechUXWiz.exe.mui.5.dr	Static PE information: No import functions for PE file found
Source: speechuxcpl.dll.mui0.5.dr	Static PE information: No import functions for PE file found
Source: SpeechUXWiz.exe.mui0.5.dr	Static PE information: No import functions for PE file found
Source: speechuxcpl.dll.mui.0.dr	Static PE information: No import functions for PE file found

Sample file is different than original file name gathered from version info

Source: datasett.exe	Binary or memory string: OriginalFilename vs datasett.exe
Source: datasett.exe, 00000000.00000003.1674020513.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamespsreng.dllj% vs datasett.exe
Source: datasett.exe, 00000000.00000003.1667992268.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_decimal.pyd. vs datasett.exe
Source: datasett.exe, 00000000.00000003.1672913711.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamewin32api.pyd0 vs datasett.exe
Source: datasett.exe, 00000000.00000003.1674699694.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamesrloc.dllj% vs datasett.exe
Source: datasett.exe, 00000000.00000002.2912010188.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameAlterVoiceStudio.exeD vs datasett.exe
Source: datasett.exe, 00000000.00000003.1667214039.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamevcruntime140.dllT vs datasett.exe
Source: datasett.exe, 00000000.00000003.1672614789.000002CBEB84F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameunicodedata.pyd. vs datasett.exe
Source: datasett.exe, 00000000.00000003.1668412980.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_queue.pyd. vs datasett.exe
Source: datasett.exe, 00000000.00000003.1673033158.000002CBEB855000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamewin32event.pyd0 vs datasett.exe
Source: datasett.exe, 00000000.00000003.1676889875.000002CBEB84B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSpeechUXWiz.exe.muij% vs datasett.exe
Source: datasett.exe, 00000000.00000003.1676960490.000002CBEB856000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSapi.cpl.muij% vs datasett.exe
Source: datasett.exe, 00000000.00000003.1673033158.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamewin32event.pyd0 vs datasett.exe
Source: datasett.exe, 00000000.00000003.1668493540.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_socket.pyd. vs datasett.exe
Source: datasett.exe, 00000000.00000003.1667482511.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_bz2.pyd. vs datasett.exe
Source: datasett.exe, 00000000.00000003.1668598107.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_ssl.pyd. vs datasett.exe
Source: datasett.exe, 00000000.00000003.1673844624.000002CBEB84B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamesrloc.dll.muij% vs datasett.exe
Source: datasett.exe, 00000000.00000003.1668275108.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_lzma.pyd. vs datasett.exe
Source: datasett.exe, 00000000.00000003.1672434725.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameselect.pyd. vs datasett.exe
Source: datasett.exe, 00000000.00000003.1677122523.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSpeechUX.dll.muij% vs datasett.exe
Source: datasett.exe, 00000000.00000003.1677326922.000002CBEB84B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSPEECHUXCPL.DLL.MUIr) vs datasett.exe
Source: datasett.exe, 00000000.00000003.1673150638.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamesapi.dll.muij% vs datasett.exe
Source: datasett.exe, 00000000.00000003.1676047096.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSpeechDesktopPS.dllj% vs datasett.exe
Source: datasett.exe, 00000000.00000003.1670119905.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamelibsslH vs datasett.exe
Source: datasett.exe, 00000000.00000003.1677039105.000002CBEB856000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSapi.cpl.muij% vs datasett.exe
Source: datasett.exe, 00000000.00000003.1668128706.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_hashlib.pyd. vs datasett.exe
Source: datasett.exe, 00000000.00000003.1676344044.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSpeechUX.dll.muij% vs datasett.exe
Source: datasett.exe, 00000000.00000003.1676960490.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSapi.cpl.muij% vs datasett.exe
Source: datasett.exe, 00000000.00000003.1677053962.000002CBEB84B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSPEECHUXCPL.DLL.MUIj% vs datasett.exe
Source: datasett.exe, 00000000.00000003.1676889875.000002CBEB84D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSpeechUXWiz.exe.muij% vs datasett.exe
Source: datasett.exe, 00000000.00000003.1677235733.000002CBEB84B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSpeechUXWiz.exe.muij% vs datasett.exe
Source: datasett.exe, 00000000.00000003.1667583401.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_ctypes.pyd. vs datasett.exe
Source: datasett.exe, 00000000.00000003.1675507745.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSpTip.dllj% vs datasett.exe
Source: datasett.exe, 00000000.00000003.1674537321.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamespsrx.dllj% vs datasett.exe
Source: datasett.exe, 00000000.00000003.1672316104.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamepywintypes39.dll0 vs datasett.exe
Source: datasett.exe, 00000000.00000003.1667361976.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamevcruntime140_1.dllT vs datasett.exe
Source: datasett.exe, 00000000.00000003.1674987749.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMSTTSEngine.dllN vs datasett.exe
Source: datasett.exe, 00000000.00000003.1677235733.000002CBEB84D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSpeechUXWiz.exe.muij% vs datasett.exe
Source: datasett.exe, 00000000.00000003.1668777531.000002CBEB845000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_uuid.pyd. vs datasett.exe
Source: datasett.exe, 00000000.00000003.1675300626.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMSTTSLoc.dllN vs datasett.exe
Source: datasett.exe	Binary or memory string: OriginalFilename vs datasett.exe
Source: datasett.exe, 00000001.00000002.2916944161.00007FFE11EDD000.00000002.00000001.01000000.00000006.sdmp	Binary or memory string: OriginalFilename_ctypes.pyd. vs datasett.exe
Source: datasett.exe, 00000001.00000002.2916484664.00007FFE11524000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: OriginalFilename_ssl.pyd. vs datasett.exe
Source: datasett.exe, 00000001.00000002.2916800351.00007FFE11EAF000.00000002.00000001.01000000.0000000E.sdmp	Binary or memory string: OriginalFilename_hashlib.pyd. vs datasett.exe
Source: datasett.exe, 00000001.00000002.2917100720.00007FFE120C6000.00000002.00000001.01000000.00000015.sdmp	Binary or memory string: OriginalFilename_uuid.pyd. vs datasett.exe
Source: datasett.exe, 00000001.00000002.2915584144.00007FFDFB75F000.00000002.00000001.01000000.00000004.sdmp	Binary or memory string: OriginalFilenamepython39.dll. vs datasett.exe
Source: datasett.exe, 00000001.00000002.2914192435.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameAlterVoiceStudio.exeD vs datasett.exe
Source: datasett.exe, 00000001.00000002.2917498541.00007FFE13313000.00000002.00000001.01000000.00000009.sdmp	Binary or memory string: OriginalFilename_socket.pyd. vs datasett.exe
Source: datasett.exe, 00000001.00000002.2916154228.00007FFE0EB66000.00000002.00000001.01000000.00000014.sdmp	Binary or memory string: OriginalFilename_lzma.pyd. vs datasett.exe
Source: datasett.exe, 00000001.00000002.2915055494.00007FFDFB307000.00000002.00000001.01000000.0000000C.sdmp	Binary or memory string: OriginalFilenamelibcryptoH vs datasett.exe
Source: datasett.exe, 00000001.00000002.2914549078.00007FFDFAFB1000.00000002.00000001.01000000.00000012.sdmp	Binary or memory string: OriginalFilenameunicodedata.pyd. vs datasett.exe
Source: datasett.exe, 00000001.00000002.2917610398.00007FFE148E7000.00000002.00000001.01000000.0000000A.sdmp	Binary or memory string: OriginalFilenameselect.pyd. vs datasett.exe
Source: datasett.exe, 00000001.00000002.2916349751.00007FFE10314000.00000002.00000001.01000000.00000013.sdmp	Binary or memory string: OriginalFilename_bz2.pyd. vs datasett.exe
Source: datasett.exe, 00000001.00000002.2917387043.00007FFE130C6000.00000002.00000001.01000000.0000000F.sdmp	Binary or memory string: OriginalFilename_queue.pyd. vs datasett.exe
Source: datasett.exe, 00000001.00000002.2916584856.00007FFE117E9000.00000002.00000001.01000000.00000018.sdmp	Binary or memory string: OriginalFilenamevcruntime140_1.dllT vs datasett.exe
Source: datasett.exe, 00000001.00000002.2916679572.00007FFE11BB9000.00000002.00000001.01000000.00000016.sdmp	Binary or memory string: OriginalFilenamewin32event.pyd0 vs datasett.exe
Source: datasett.exe, 00000001.00000002.2915877295.00007FFE0E151000.00000002.00000001.01000000.00000019.sdmp	Binary or memory string: OriginalFilenamewin32api.pyd0 vs datasett.exe
Source: datasett.exe, 00000001.00000002.2915732229.00007FFE0147A000.00000002.00000001.01000000.0000000D.sdmp	Binary or memory string: OriginalFilenamelibsslH vs datasett.exe
Source: datasett.exe, 00000001.00000002.2917807888.00007FFE1A487000.00000002.00000001.01000000.00000005.sdmp	Binary or memory string: OriginalFilenamevcruntime140.dllT vs datasett.exe
Source: datasett.exe, 00000001.00000002.2916001037.00007FFE0E181000.00000002.00000001.01000000.00000017.sdmp	Binary or memory string: OriginalFilenamepywintypes39.dll0 vs datasett.exe
Source: datasett.exe, 00000005.00000003.1724313754.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamelibsslH vs datasett.exe
Source: datasett.exe, 00000005.00000003.1734914929.000001D3521DB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSpeechUXWiz.exe.muij% vs datasett.exe
Source: datasett.exe, 00000005.00000003.1716634961.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamevcruntime140_1.dllT vs datasett.exe
Source: datasett.exe, 00000005.00000003.1729771015.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMSTTSEngine.dllN vs datasett.exe
Source: datasett.exe, 00000005.00000003.1730118682.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMSTTSLoc.dllN vs datasett.exe
Source: datasett.exe, 00000005.00000003.1734540252.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSapi.cpl.muij% vs datasett.exe
Source: datasett.exe, 00000005.00000003.1729432259.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamesrloc.dllj% vs datasett.exe
Source: datasett.exe, 00000005.00000003.1735086002.000001D3521DB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSPEECHUXCPL.DLL.MUIr) vs datasett.exe
Source: datasett.exe, 00000005.00000003.1716510320.000001D3521D3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamevcruntime140.dllT vs datasett.exe
Source: datasett.exe, 00000005.00000000.1715429033.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameAlterVoiceStudio.exeD vs datasett.exe
Source: datasett.exe, 00000005.00000003.1727990973.000001D3521E4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamewin32event.pyd0 vs datasett.exe
Source: datasett.exe, 00000005.00000003.1734540252.000001D3521E5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSapi.cpl.muij% vs datasett.exe
Source: datasett.exe, 00000005.00000003.1716730085.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_bz2.pyd. vs datasett.exe
Source: datasett.exe, 00000005.00000003.1734368031.000001D3521DA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSpeechUXWiz.exe.muij% vs datasett.exe
Source: datasett.exe, 00000005.00000003.1727098761.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamepywintypes39.dll0 vs datasett.exe
Source: datasett.exe, 00000005.00000003.1733652317.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSpeechUX.dll.muij% vs datasett.exe
Source: datasett.exe, 00000005.00000003.1727990973.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamewin32event.pyd0 vs datasett.exe
Source: datasett.exe, 00000005.00000003.1734368031.000001D3521DC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSpeechUXWiz.exe.muij% vs datasett.exe
Source: datasett.exe, 00000005.00000003.1729263501.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamespsrx.dllj% vs datasett.exe
Source: datasett.exe, 00000005.00000003.1728763769.000001D3521DA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamesrloc.dll.muij% vs datasett.exe
Source: datasett.exe, 00000005.00000003.1718158484.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_decimal.pyd. vs datasett.exe
Source: datasett.exe, 00000005.00000003.1734761939.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSpeechUX.dll.muij% vs datasett.exe
Source: datasett.exe, 00000005.00000003.1728939437.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamespsreng.dllj% vs datasett.exe
Source: datasett.exe, 00000005.00000003.1721207686.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_lzma.pyd. vs datasett.exe
Source: datasett.exe, 00000005.00000003.1722195369.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_ssl.pyd. vs datasett.exe
Source: datasett.exe, 00000005.00000003.1730534935.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSpTip.dllj% vs datasett.exe
Source: datasett.exe, 00000005.00000003.1734663614.000001D3521DA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSPEECHUXCPL.DLL.MUIj% vs datasett.exe
Source: datasett.exe, 00000005.00000003.1720689626.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_hashlib.pyd. vs datasett.exe
Source: datasett.exe, 00000005.00000003.1727515209.000001D3521DE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameunicodedata.pyd. vs datasett.exe
Source: datasett.exe, 00000005.00000003.1727863582.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamewin32api.pyd0 vs datasett.exe
Source: datasett.exe, 00000005.00000003.1731666439.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSpeechDesktopPS.dllj% vs datasett.exe
Source: datasett.exe, 00000005.00000003.1734642486.000001D3521E5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSapi.cpl.muij% vs datasett.exe
Source: datasett.exe, 00000005.00000003.1717756841.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_ctypes.pyd. vs datasett.exe
Source: datasett.exe, 00000005.00000003.1734914929.000001D3521DD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSpeechUXWiz.exe.muij% vs datasett.exe
Source: datasett.exe, 00000005.00000003.1721765801.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_queue.pyd. vs datasett.exe
Source: datasett.exe, 00000005.00000003.1721954880.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_socket.pyd. vs datasett.exe
Source: datasett.exe, 00000005.00000003.1728126740.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamesapi.dll.muij% vs datasett.exe
Source: datasett.exe, 00000005.00000003.1722333278.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_uuid.pyd. vs datasett.exe
Source: datasett.exe, 00000005.00000003.1727282533.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameselect.pyd. vs datasett.exe
Source: datasett.exe	Binary or memory string: OriginalFilename vs datasett.exe
Source: datasett.exe, 00000006.00000002.1760848787.00007FFE0CFB4000.00000002.00000001.01000000.00000021.sdmp	Binary or memory string: OriginalFilename_ssl.pyd. vs datasett.exe
Source: datasett.exe, 00000006.00000000.1738888571.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameAlterVoiceStudio.exeD vs datasett.exe
Source: datasett.exe, 00000006.00000003.1743133519.000002884E370000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamekernel32j% vs datasett.exe
Source: datasett.exe, 00000006.00000002.1760707760.00007FFE0CF86000.00000002.00000001.01000000.0000002B.sdmp	Binary or memory string: OriginalFilename_uuid.pyd. vs datasett.exe
Source: datasett.exe, 00000006.00000002.1760610520.00007FFE0C0BF000.00000002.00000001.01000000.00000024.sdmp	Binary or memory string: OriginalFilename_hashlib.pyd. vs datasett.exe
Source: datasett.exe, 00000006.00000002.1759792495.00007FFE001C1000.00000002.00000001.01000000.0000002D.sdmp	Binary or memory string: OriginalFilenamepywintypes39.dll0 vs datasett.exe
Source: datasett.exe, 00000006.00000002.1759590870.00007FFDFBAC1000.00000002.00000001.01000000.00000028.sdmp	Binary or memory string: OriginalFilenameunicodedata.pyd. vs datasett.exe
Source: datasett.exe, 00000006.00000002.1759366858.00007FFDFAE6F000.00000002.00000001.01000000.0000001A.sdmp	Binary or memory string: OriginalFilenamepython39.dll. vs datasett.exe
Source: datasett.exe, 00000006.00000002.1760517859.00007FFE0C0A9000.00000002.00000001.01000000.0000002C.sdmp	Binary or memory string: OriginalFilenamewin32event.pyd0 vs datasett.exe
Source: datasett.exe, 00000006.00000002.1760322676.00007FFE014D4000.00000002.00000001.01000000.00000029.sdmp	Binary or memory string: OriginalFilename_bz2.pyd. vs datasett.exe
Source: datasett.exe, 00000006.00000002.1761643586.00007FFE101E7000.00000002.00000001.01000000.0000001B.sdmp	Binary or memory string: OriginalFilenamevcruntime140.dllT vs datasett.exe
Source: datasett.exe, 00000006.00000002.1758860580.00007FFDFAA17000.00000002.00000001.01000000.00000022.sdmp	Binary or memory string: OriginalFilenamelibcryptoH vs datasett.exe
Source: datasett.exe, 00000006.00000002.1759686551.00007FFE00191000.00000002.00000001.01000000.0000002F.sdmp	Binary or memory string: OriginalFilenamewin32api.pyd0 vs datasett.exe
Source: datasett.exe, 00000006.00000002.1760950584.00007FFE0CFDD000.00000002.00000001.01000000.0000001C.sdmp	Binary or memory string: OriginalFilename_ctypes.pyd. vs datasett.exe
Source: datasett.exe, 00000006.00000002.1761822873.00007FFE10236000.00000002.00000001.01000000.00000025.sdmp	Binary or memory string: OriginalFilename_queue.pyd. vs datasett.exe
Source: datasett.exe, 00000006.00000002.1760423174.00007FFE0B2C9000.00000002.00000001.01000000.0000002E.sdmp	Binary or memory string: OriginalFilenamevcruntime140_1.dllT vs datasett.exe
Source: datasett.exe, 00000006.00000002.1760185978.00007FFE013CA000.00000002.00000001.01000000.00000023.sdmp	Binary or memory string: OriginalFilenamelibsslH vs datasett.exe
Source: datasett.exe, 00000006.00000002.1761222692.00007FFE0EB33000.00000002.00000001.01000000.0000001F.sdmp	Binary or memory string: OriginalFilename_socket.pyd. vs datasett.exe
Source: datasett.exe, 00000006.00000002.1759911027.00007FFE00756000.00000002.00000001.01000000.0000002A.sdmp	Binary or memory string: OriginalFilename_lzma.pyd. vs datasett.exe
Source: datasett.exe, 00000006.00000002.1761977331.00007FFE11077000.00000002.00000001.01000000.00000020.sdmp	Binary or memory string: OriginalFilenameselect.pyd. vs datasett.exe
Source: datasett.exe	Binary or memory string: OriginalFilenameAlterVoiceStudio.exeD vs datasett.exe

Source: classification engine

Classification label: mal76.evad.winEXE@11/104@1/1

Source: C:\Users\user\Desktop\datasett.exe

Code function: 0_2_00007FF7996774B0 GetLastError,FormatMessageW,WideCharToMultiByte,

0_2_00007FF7996774B0

Source: C:\Users\user\Desktop\datasett.exe

6_2_00007FFE00174DD0

Source: C:\Users\user\Desktop\datasett.exe

6_2_00007FFE0017CC40

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1448:120:WilError_03
Source: C:\Users\user\Desktop\datasett.exe	Mutant created: \Sessions\1\BaseNamedObjects\Progaxxx82

Source: C:\Users\user\Desktop\datasett.exe

File created: C:\Users\user\AppData\Local\Temp\_MEI68642

Jump to behavior

Source: datasett.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\datasett.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: datasett.exe

ReversingLabs: Detection: 34%

Source: C:\Users\user\Desktop\datasett.exe

File read: C:\Users\user\Desktop\datasett.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\datasett.exe "C:\Users\user\Desktop\datasett.exe"
Source: C:\Users\user\Desktop\datasett.exe	Process created: C:\Users\user\Desktop\datasett.exe "C:\Users\user\Desktop\datasett.exe"
Source: C:\Users\user\Desktop\datasett.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c schtasks /create /sc MINUTE /mo 15 /tn "VirboUpd" /tr "C:\Users\user\Desktop\datasett.exe" /f
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks /create /sc MINUTE /mo 15 /tn "VirboUpd" /tr "C:\Users\user\Desktop\datasett.exe" /f
Source: unknown	Process created: C:\Users\user\Desktop\datasett.exe C:\Users\user\Desktop\datasett.exe
Source: C:\Users\user\Desktop\datasett.exe	Process created: C:\Users\user\Desktop\datasett.exe C:\Users\user\Desktop\datasett.exe
Source: C:\Users\user\Desktop\datasett.exe	Process created: C:\Users\user\Desktop\datasett.exe "C:\Users\user\Desktop\datasett.exe"	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c schtasks /create /sc MINUTE /mo 15 /tn "VirboUpd" /tr "C:\Users\user\Desktop\datasett.exe" /f	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks /create /sc MINUTE /mo 15 /tn "VirboUpd" /tr "C:\Users\user\Desktop\datasett.exe" /f	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Process created: C:\Users\user\Desktop\datasett.exe C:\Users\user\Desktop\datasett.exe	Jump to behavior

Source: C:\Users\user\Desktop\datasett.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Section loaded: python3.dll	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Section loaded: libffi-7.dll	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Section loaded: libcrypto-1_1.dll	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Section loaded: libssl-1_1.dll	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Section loaded: pywintypes39.dll	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Section loaded: vcruntime140_1.dll	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Section loaded: python3.dll	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Section loaded: libffi-7.dll	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Section loaded: libcrypto-1_1.dll	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Section loaded: libssl-1_1.dll	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Section loaded: pywintypes39.dll	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Section loaded: vcruntime140_1.dll	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Section loaded: kernel.appcore.dll	Jump to behavior

Source: C:\Users\user\Desktop\datasett.exe

File opened: C:\Users\user\Desktop\pyvenv.cfg

Jump to behavior

Source: datasett.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: datasett.exe

Static file information: File size 11185705 > 1048576

Source: datasett.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: datasett.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: datasett.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: datasett.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: datasett.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: datasett.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: datasett.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE

Source: datasett.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: D:\_w\1\b\bin\amd64\_decimal.pdb## source: _decimal.pyd.0.dr
Source:	Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-39\Release\win32event.pdb source: datasett.exe, 00000000.00000003.1673033158.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2916641506.00007FFE11BB5000.00000002.00000001.01000000.00000016.sdmp, datasett.exe, 00000005.00000003.1727990973.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1760479789.00007FFE0C0A5000.00000002.00000001.01000000.0000002C.sdmp
Source:	Binary string: D:\_w\1\b\bin\amd64\_lzma.pdbMM source: datasett.exe, 00000000.00000003.1668275108.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2916066006.00007FFE0EB5D000.00000002.00000001.01000000.00000014.sdmp, datasett.exe, 00000005.00000003.1721207686.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1759850177.00007FFE0074D000.00000002.00000001.01000000.0000002A.sdmp, _lzma.pyd.5.dr
Source:	Binary string: D:\_w\1\b\bin\amd64\select.pdb source: datasett.exe, 00000000.00000003.1672434725.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2917570393.00007FFE148E4000.00000002.00000001.01000000.0000000A.sdmp, datasett.exe, 00000005.00000003.1727282533.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1761926164.00007FFE11074000.00000002.00000001.01000000.00000020.sdmp, select.pyd.5.dr, select.pyd.0.dr
Source:	Binary string: D:\_w\1\b\bin\amd64\_uuid.pdb source: datasett.exe, 00000000.00000003.1668777531.000002CBEB845000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2917028198.00007FFE120C3000.00000002.00000001.01000000.00000015.sdmp, datasett.exe, 00000005.00000003.1722333278.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1760668819.00007FFE0CF83000.00000002.00000001.01000000.0000002B.sdmp, _uuid.pyd.0.dr
Source:	Binary string: MSTTSLoc.pdbGCTL source: MSTTSLoc.dll.0.dr
Source:	Binary string: D:\_w\1\b\libssl-1_1.pdb source: datasett.exe, 00000001.00000002.2915687874.00007FFE01445000.00000002.00000001.01000000.0000000D.sdmp, datasett.exe, 00000006.00000002.1760119655.00007FFE01395000.00000002.00000001.01000000.00000023.sdmp
Source:	Binary string: D:\_w\1\b\bin\amd64\_bz2.pdb source: datasett.exe, 00000000.00000003.1667482511.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2916312250.00007FFE1030E000.00000002.00000001.01000000.00000013.sdmp, datasett.exe, 00000005.00000003.1716730085.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1760283252.00007FFE014CE000.00000002.00000001.01000000.00000029.sdmp
Source:	Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: datasett.exe, 00000001.00000002.2914870560.00007FFDFB20F000.00000002.00000001.01000000.0000000C.sdmp, datasett.exe, 00000006.00000002.1758697606.00007FFDFA91F000.00000002.00000001.01000000.00000022.sdmp
Source:	Binary string: SpeechUX.pdb source: SpeechUX.dll.5.dr
Source:	Binary string: D:\_w\1\b\bin\amd64\_queue.pdb source: datasett.exe, 00000000.00000003.1668412980.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2917339362.00007FFE130C3000.00000002.00000001.01000000.0000000F.sdmp, datasett.exe, 00000005.00000003.1721765801.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1761741700.00007FFE10233000.00000002.00000001.01000000.00000025.sdmp
Source:	Binary string: D:\_w\1\b\bin\amd64\_ssl.pdb source: datasett.exe, 00000001.00000002.2916407431.00007FFE1150D000.00000002.00000001.01000000.0000000B.sdmp, datasett.exe, 00000006.00000002.1760767373.00007FFE0CF9D000.00000002.00000001.01000000.00000021.sdmp, _ssl.pyd.5.dr
Source:	Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-39\Release\win32api.pdb!! source: datasett.exe, 00000001.00000002.2915837657.00007FFE0E143000.00000002.00000001.01000000.00000019.sdmp, datasett.exe, 00000006.00000002.1759648415.00007FFE00183000.00000002.00000001.01000000.0000002F.sdmp, win32api.pyd.0.dr, win32api.pyd.5.dr
Source:	Binary string: D:\_w\1\b\bin\amd64\_hashlib.pdb source: datasett.exe, 00000000.00000003.1668128706.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2916749884.00007FFE11EA7000.00000002.00000001.01000000.0000000E.sdmp, datasett.exe, 00000005.00000003.1720689626.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1760572192.00007FFE0C0B7000.00000002.00000001.01000000.00000024.sdmp
Source:	Binary string: SpTip.pdbGCTL source: datasett.exe, 00000000.00000003.1675507745.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1730534935.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\a01\_work\4\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: datasett.exe, 00000000.00000003.1667361976.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2916545747.00007FFE117E5000.00000002.00000001.01000000.00000018.sdmp, datasett.exe, 00000005.00000003.1716634961.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1760381109.00007FFE0B2C5000.00000002.00000001.01000000.0000002E.sdmp
Source:	Binary string: D:\_w\1\b\bin\amd64\_lzma.pdb source: datasett.exe, 00000000.00000003.1668275108.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2916066006.00007FFE0EB5D000.00000002.00000001.01000000.00000014.sdmp, datasett.exe, 00000005.00000003.1721207686.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1759850177.00007FFE0074D000.00000002.00000001.01000000.0000002A.sdmp, _lzma.pyd.5.dr
Source:	Binary string: in32event.pdb source: datasett.exe
Source:	Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1n 15 Mar 2022built on: Tue Mar 15 18:32:50 2022 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: datasett.exe, 00000001.00000002.2914870560.00007FFDFB20F000.00000002.00000001.01000000.0000000C.sdmp, datasett.exe, 00000006.00000002.1758697606.00007FFDFA91F000.00000002.00000001.01000000.00000022.sdmp
Source:	Binary string: d:\a01\_work\4\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: datasett.exe, 00000000.00000003.1667214039.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2917766399.00007FFE1A481000.00000002.00000001.01000000.00000005.sdmp, datasett.exe, 00000005.00000003.1716510320.000001D3521D3000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1761534002.00007FFE101E1000.00000002.00000001.01000000.0000001B.sdmp
Source:	Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-39\Release\pywintypes.pdb** source: datasett.exe, 00000001.00000002.2915941722.00007FFE0E170000.00000002.00000001.01000000.00000017.sdmp, datasett.exe, 00000006.00000002.1759754239.00007FFE001B0000.00000002.00000001.01000000.0000002D.sdmp
Source:	Binary string: SpeechUX.pdbGCTL source: SpeechUX.dll.5.dr
Source:	Binary string: MSTTSLoc.pdb source: MSTTSLoc.dll.0.dr
Source:	Binary string: D:\_w\1\b\bin\amd64\_ctypes.pdb source: datasett.exe, 00000001.00000002.2916894677.00007FFE11ED1000.00000002.00000001.01000000.00000006.sdmp, datasett.exe, 00000006.00000002.1760911705.00007FFE0CFD1000.00000002.00000001.01000000.0000001C.sdmp, _ctypes.pyd.5.dr
Source:	Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-39\Release\win32api.pdb source: datasett.exe, 00000001.00000002.2915837657.00007FFE0E143000.00000002.00000001.01000000.00000019.sdmp, datasett.exe, 00000006.00000002.1759648415.00007FFE00183000.00000002.00000001.01000000.0000002F.sdmp, win32api.pyd.0.dr, win32api.pyd.5.dr
Source:	Binary string: D:\_w\1\b\libssl-1_1.pdb@@ source: datasett.exe, 00000001.00000002.2915687874.00007FFE01445000.00000002.00000001.01000000.0000000D.sdmp, datasett.exe, 00000006.00000002.1760119655.00007FFE01395000.00000002.00000001.01000000.00000023.sdmp
Source:	Binary string: SpeechUXPS.pdbGCTL source: datasett.exe, 00000000.00000003.1676047096.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1731666439.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\_w\1\b\bin\amd64\_socket.pdb source: datasett.exe, 00000000.00000003.1668493540.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2917454297.00007FFE13309000.00000002.00000001.01000000.00000009.sdmp, datasett.exe, 00000005.00000003.1721954880.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1761102081.00007FFE0EB29000.00000002.00000001.01000000.0000001F.sdmp, _socket.pyd.5.dr, _socket.pyd.0.dr
Source:	Binary string: SpTip.pdb source: datasett.exe, 00000000.00000003.1675507745.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1730534935.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-39\Release\pywintypes.pdb source: datasett.exe, 00000001.00000002.2915941722.00007FFE0E170000.00000002.00000001.01000000.00000017.sdmp, datasett.exe, 00000006.00000002.1759754239.00007FFE001B0000.00000002.00000001.01000000.0000002D.sdmp
Source:	Binary string: D:\_w\1\b\bin\amd64\_decimal.pdb source: _decimal.pyd.0.dr
Source:	Binary string: D:\_w\1\b\bin\amd64\unicodedata.pdb source: datasett.exe, 00000000.00000003.1672614789.000002CBEB84F000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2914286336.00007FFDFAFAB000.00000002.00000001.01000000.00000012.sdmp, datasett.exe, 00000005.00000003.1727515209.000001D3521DE000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1759427402.00007FFDFBABB000.00000002.00000001.01000000.00000028.sdmp
Source:	Binary string: D:\_w\1\b\bin\amd64\python39.pdb source: datasett.exe, 00000001.00000002.2915271158.00007FFDFB643000.00000002.00000001.01000000.00000004.sdmp, datasett.exe, 00000006.00000002.1759072943.00007FFDFAD53000.00000002.00000001.01000000.0000001A.sdmp
Source:	Binary string: SpeechUXPS.pdb source: datasett.exe, 00000000.00000003.1676047096.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1731666439.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\_w\1\b\libcrypto-1_1.pdb source: datasett.exe, 00000001.00000002.2914870560.00007FFDFB291000.00000002.00000001.01000000.0000000C.sdmp, datasett.exe, 00000006.00000002.1758697606.00007FFDFA9A1000.00000002.00000001.01000000.00000022.sdmp

Source: datasett.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: datasett.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: datasett.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: datasett.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: datasett.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Binary contains a suspicious time stamp

Source: sapi.dll.0.dr

Static PE information: 0xFDA8E98A [Sun Nov 9 20:24:42 2104 UTC]

Contains functionality to dynamically determine API calls

Source: C:\Users\user\Desktop\datasett.exe

Code function: 1_2_61B01CC0 LoadLibraryA,GetProcAddress,GetCurrentThread,

1_2_61B01CC0

PE file contains an invalid checksum

Source: pywintypes39.dll.0.dr	Static PE information: real checksum: 0x0 should be: 0x224d8
Source: pyarmor_runtime.pyd.0.dr	Static PE information: real checksum: 0xa6f9d should be: 0x9903e
Source: win32api.pyd.0.dr	Static PE information: real checksum: 0x0 should be: 0x303a5
Source: win32event.pyd.5.dr	Static PE information: real checksum: 0x0 should be: 0x76e6
Source: md__mypyc.cp39-win_amd64.pyd.5.dr	Static PE information: real checksum: 0x0 should be: 0x2a468
Source: pyarmor_runtime.pyd0.5.dr	Static PE information: real checksum: 0xa6f9d should be: 0x9903e
Source: pywintypes39.dll.5.dr	Static PE information: real checksum: 0x0 should be: 0x224d8
Source: pyarmor_runtime.pyd.5.dr	Static PE information: real checksum: 0xa6f9d should be: 0x9903e
Source: win32event.pyd.0.dr	Static PE information: real checksum: 0x0 should be: 0x76e6
Source: win32api.pyd.5.dr	Static PE information: real checksum: 0x0 should be: 0x303a5
Source: pyarmor_runtime.pyd0.0.dr	Static PE information: real checksum: 0xa6f9d should be: 0x9903e
Source: md__mypyc.cp39-win_amd64.pyd.0.dr	Static PE information: real checksum: 0x0 should be: 0x2a468
Source: md.cp39-win_amd64.pyd.0.dr	Static PE information: real checksum: 0x0 should be: 0xa859
Source: md.cp39-win_amd64.pyd.5.dr	Static PE information: real checksum: 0x0 should be: 0xa859

PE file contains sections with non-standard names

Source: datasett.exe	Static PE information: section name: _RDATA
Source: libcrypto-1_1.dll.0.dr	Static PE information: section name: .00cfg
Source: libssl-1_1.dll.0.dr	Static PE information: section name: .00cfg
Source: VCRUNTIME140.dll.0.dr	Static PE information: section name: _RDATA
Source: sapi.dll.0.dr	Static PE information: section name: .didat
Source: SpeechUX.dll.0.dr	Static PE information: section name: .didat
Source: speechuxcpl.dll.0.dr	Static PE information: section name: .didat
Source: pyarmor_runtime.pyd.0.dr	Static PE information: section name: .xdata
Source: pyarmor_runtime.pyd0.0.dr	Static PE information: section name: .xdata
Source: speechuxcpl.dll.5.dr	Static PE information: section name: .didat
Source: VCRUNTIME140.dll.5.dr	Static PE information: section name: _RDATA
Source: libcrypto-1_1.dll.5.dr	Static PE information: section name: .00cfg
Source: libssl-1_1.dll.5.dr	Static PE information: section name: .00cfg
Source: sapi.dll.5.dr	Static PE information: section name: .didat
Source: SpeechUX.dll.5.dr	Static PE information: section name: .didat
Source: pyarmor_runtime.pyd.5.dr	Static PE information: section name: .xdata
Source: pyarmor_runtime.pyd0.5.dr	Static PE information: section name: .xdata

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\datasett.exe	Code function: 0_2_00007FF7996C10E4 push rcx; retn 0000h	0_2_00007FF7996C10ED
Source: C:\Users\user\Desktop\datasett.exe	Code function: 0_2_00007FF7996C10CC push rbp; retn 0000h	0_2_00007FF7996C10CD
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FF7996C10E4 push rcx; retn 0000h	1_2_00007FF7996C10ED
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FF7996C10CC push rbp; retn 0000h	1_2_00007FF7996C10CD

Persistence and Installation Behavior

Contains functionality to infect the boot sector

Source: C:\Users\user\Desktop\datasett.exe	Code function: memset,wsprintfA,CreateFileA,memset,DeviceIoControl,CloseHandle,isxdigit,isxdigit,isxdigit,isprint,memcpy,CloseHandle,strlen,memcpy, \\.\PhysicalDrive%d	1_2_61B12260
Source: C:\Users\user\Desktop\datasett.exe	Code function: _snprintf,_snprintf,CreateFileA,CreateFileA,GlobalAlloc,DeviceIoControl,GlobalFree,_snprintf,CreateFileA,GlobalAlloc,GlobalAlloc,GlobalAlloc,DeviceIoControl,GlobalFree,GlobalFree,GlobalFree,CloseHandle,GlobalFree,GlobalFree,GlobalFree,GlobalFree,CloseHandle, \\.\PhysicalDrive%d	1_2_61B11EB0
Source: C:\Users\user\Desktop\datasett.exe	Code function: memset,wsprintfA,CreateFileA,memset,DeviceIoControl,CloseHandle,isxdigit,isxdigit,isxdigit,isprint,memcpy,CloseHandle,strlen,memcpy, \\.\PhysicalDrive%d	6_2_61B12260
Source: C:\Users\user\Desktop\datasett.exe	Code function: _snprintf,_snprintf,CreateFileA,CreateFileA,GlobalAlloc,DeviceIoControl,GlobalFree,_snprintf,CreateFileA,GlobalAlloc,GlobalAlloc,GlobalAlloc,DeviceIoControl,GlobalFree,GlobalFree,GlobalFree,CloseHandle,GlobalFree,GlobalFree,GlobalFree,GlobalFree,CloseHandle, \\.\PhysicalDrive%d	6_2_61B11EB0

Found pyInstaller with non standard icon

Source: C:\Users\user\Desktop\datasett.exe	Process created: "C:\Users\user\Desktop\datasett.exe"
Source: C:\Users\user\Desktop\datasett.exe	Process created: C:\Users\user\Desktop\datasett.exe

Drops PE files

Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68642\VCRUNTIME140_1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\SpeechUX.dll	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\Engines\SR\spsreng.dll	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI50522\_queue.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\SpeechUXWiz.exe	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68642\libcrypto-1_1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\SpeechUXPS.DLL	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\Engines\TTS\MSTTSLoc.dll	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\Engines\SR\en-US\srloc.dll.mui	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68642\charset_normalizer\md.cp39-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI50522\win32api.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68642\_uuid.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68642\pywin32_system32\pywintypes39.dll	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68642\win32event.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\speechuxcpl.dll	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\en-US\sapi.cpl.mui	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\ru-RU\SpeechUXWiz.exe.mui	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI50522\_ssl.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68642\_hashlib.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68642\python39.dll	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\Common\en-US\sapi.dll.mui	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68642\_bz2.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68642\win32api.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\Engines\SR\spsrx.dll	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\en-US\SpeechUXWiz.exe.mui	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI50522\win32event.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\sapi.cpl	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI50522\_socket.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI50522\_uuid.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\en-US\SpeechUX.dll.mui	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68642\select.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68642\pyarmor_runtime.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\en-US\SpeechUXWiz.exe.mui	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\Common\sapi.dll	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI50522\pyarmor_runtime_000000\pyarmor_runtime.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68642\_decimal.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\en-US\SpeechUXRes.dll	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI50522\unicodedata.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\Engines\SR\spsreng.dll	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\ru-RU\speechuxcpl.dll.mui	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68642\libffi-7.dll	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\ru-RU\SpeechUXWiz.exe.mui	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI50522\charset_normalizer\md.cp39-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68642\VCRUNTIME140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68642\charset_normalizer\md__mypyc.cp39-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI50522\_ctypes.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68642\unicodedata.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\SPTIP.DLL	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\Engines\TTS\MSTTSEngine.dll	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI50522\python39.dll	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\Engines\SR\spsrx.dll	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\Engines\TTS\MSTTSLoc.dll	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\SpeechUXWiz.exe	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\speechuxcpl.dll	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\Engines\SR\en-US\srloc.dll.mui	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68642\_queue.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68642\_socket.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI50522\VCRUNTIME140_1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\en-US\SpeechUX.dll.mui	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\ru-RU\speechuxcpl.dll.mui	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\sapi.cpl	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI50522\libffi-7.dll	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\ru-RU\SpeechUX.dll.mui	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI50522\libssl-1_1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI50522\_lzma.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI50522\select.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\Common\sapi.dll	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\SpeechUXPS.DLL	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI50522\pyarmor_runtime.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\en-US\speechuxcpl.dll.mui	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI50522\libcrypto-1_1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68642\pyarmor_runtime_000000\pyarmor_runtime.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68642\_ssl.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI50522\_bz2.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\Engines\SR\srloc.dll	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI50522\_hashlib.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\Common\en-US\sapi.dll.mui	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\en-US\sapi.cpl.mui	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\SpeechUX.dll	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\Engines\TTS\MSTTSEngine.dll	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68642\libssl-1_1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI50522\charset_normalizer\md__mypyc.cp39-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\en-US\SpeechUXRes.dll	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\en-US\speechuxcpl.dll.mui	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\SPTIP.DLL	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI50522\pywin32_system32\pywintypes39.dll	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68642\_lzma.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\ru-RU\SpeechUX.dll.mui	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\Engines\SR\srloc.dll	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68642\_ctypes.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI50522\_decimal.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI50522\VCRUNTIME140.dll	Jump to dropped file

Drops files with a non-matching file extension (content does not match file extension)

Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\sapi.cpl			Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\sapi.cpl			Jump to dropped file

May use bcdedit to modify the Windows boot settings

Source: packs.sha256.5.dr

Binary or memory string: d8d4831a1bccbed23dca1847105b08745da677c852b05c5552a2651642ef4a3e en-US/bcdedit.exe.mui

Boot Survival

Contains functionality to infect the boot sector

Source: C:\Users\user\Desktop\datasett.exe	Code function: memset,wsprintfA,CreateFileA,memset,DeviceIoControl,CloseHandle,isxdigit,isxdigit,isxdigit,isprint,memcpy,CloseHandle,strlen,memcpy, \\.\PhysicalDrive%d	1_2_61B12260
Source: C:\Users\user\Desktop\datasett.exe	Code function: _snprintf,_snprintf,CreateFileA,CreateFileA,GlobalAlloc,DeviceIoControl,GlobalFree,_snprintf,CreateFileA,GlobalAlloc,GlobalAlloc,GlobalAlloc,DeviceIoControl,GlobalFree,GlobalFree,GlobalFree,CloseHandle,GlobalFree,GlobalFree,GlobalFree,GlobalFree,CloseHandle, \\.\PhysicalDrive%d	1_2_61B11EB0
Source: C:\Users\user\Desktop\datasett.exe	Code function: memset,wsprintfA,CreateFileA,memset,DeviceIoControl,CloseHandle,isxdigit,isxdigit,isxdigit,isprint,memcpy,CloseHandle,strlen,memcpy, \\.\PhysicalDrive%d	6_2_61B12260
Source: C:\Users\user\Desktop\datasett.exe	Code function: _snprintf,_snprintf,CreateFileA,CreateFileA,GlobalAlloc,DeviceIoControl,GlobalFree,_snprintf,CreateFileA,GlobalAlloc,GlobalAlloc,GlobalAlloc,DeviceIoControl,GlobalFree,GlobalFree,GlobalFree,CloseHandle,GlobalFree,GlobalFree,GlobalFree,GlobalFree,CloseHandle, \\.\PhysicalDrive%d	6_2_61B11EB0

Uses schtasks.exe or at.exe to add and modify task schedules

Source: C:\Windows\System32\cmd.exe

Process created: C:\Windows\System32\schtasks.exe schtasks /create /sc MINUTE /mo 15 /tn "VirboUpd" /tr "C:\Users\user\Desktop\datasett.exe" /f

Extensive use of GetProcAddress (often used to hide API calls)

Source: C:\Users\user\Desktop\datasett.exe

0_2_00007FF799673DF0

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\Desktop\datasett.exe

Code function: 1_2_00007FFDFAFC32F6 rdtsc

1_2_00007FFDFAFC32F6

Found dropped PE file which has not been started or loaded

Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\SpeechUX.dll	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\Engines\SR\spsreng.dll	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\_queue.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\SpeechUXWiz.exe	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\SpeechUXPS.DLL	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\Engines\TTS\MSTTSLoc.dll	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\Engines\SR\en-US\srloc.dll.mui	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\charset_normalizer\md.cp39-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\win32api.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\_uuid.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\speechuxcpl.dll	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\win32event.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\en-US\sapi.cpl.mui	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\ru-RU\SpeechUXWiz.exe.mui	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\_ssl.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\_hashlib.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\python39.dll	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\Common\en-US\sapi.dll.mui	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\_bz2.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\win32api.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\Engines\SR\spsrx.dll	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\win32event.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\en-US\SpeechUXWiz.exe.mui	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\_socket.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\sapi.cpl	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\en-US\SpeechUX.dll.mui	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\_uuid.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\select.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\Common\sapi.dll	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\pyarmor_runtime.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\en-US\SpeechUXWiz.exe.mui	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\pyarmor_runtime_000000\pyarmor_runtime.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\_decimal.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\Engines\SR\spsreng.dll	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\unicodedata.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\en-US\SpeechUXRes.dll	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\ru-RU\speechuxcpl.dll.mui	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\charset_normalizer\md.cp39-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\ru-RU\SpeechUXWiz.exe.mui	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\charset_normalizer\md__mypyc.cp39-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\_ctypes.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\unicodedata.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\SPTIP.DLL	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\Engines\TTS\MSTTSEngine.dll	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\python39.dll	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\Engines\SR\spsrx.dll	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\Engines\TTS\MSTTSLoc.dll	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\SpeechUXWiz.exe	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\speechuxcpl.dll	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\Engines\SR\en-US\srloc.dll.mui	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\_socket.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\_queue.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\sapi.cpl	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\ru-RU\speechuxcpl.dll.mui	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\en-US\SpeechUX.dll.mui	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\ru-RU\SpeechUX.dll.mui	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\_lzma.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\select.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\Common\sapi.dll	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\SpeechUXPS.DLL	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\pyarmor_runtime.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\en-US\speechuxcpl.dll.mui	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\pyarmor_runtime_000000\pyarmor_runtime.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\_ssl.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\_bz2.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\Engines\SR\srloc.dll	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\_hashlib.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\Common\en-US\sapi.dll.mui	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\en-US\sapi.cpl.mui	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\SpeechUX.dll	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\Engines\TTS\MSTTSEngine.dll	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\charset_normalizer\md__mypyc.cp39-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\en-US\SpeechUXRes.dll	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\en-US\speechuxcpl.dll.mui	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\SPTIP.DLL	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\_lzma.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\ru-RU\SpeechUX.dll.mui	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\Engines\SR\srloc.dll	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\_ctypes.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\datasett.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\_decimal.pyd	Jump to dropped file

Found large amount of non-executed APIs

Source: C:\Users\user\Desktop\datasett.exe	API coverage: 2.9 %
Source: C:\Users\user\Desktop\datasett.exe	API coverage: 1.4 %

Sample execution stops while process was sleeping (likely an evasion)

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: C:\Users\user\Desktop\datasett.exe	Code function: 0_2_00007FF7996909B4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,	0_2_00007FF7996909B4
Source: C:\Users\user\Desktop\datasett.exe	Code function: 0_2_00007FF799686714 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,	0_2_00007FF799686714
Source: C:\Users\user\Desktop\datasett.exe	Code function: 0_2_00007FF799686714 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,	0_2_00007FF799686714
Source: C:\Users\user\Desktop\datasett.exe	Code function: 0_2_00007FF799677820 FindFirstFileExW,FindClose,	0_2_00007FF799677820
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FF7996909B4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,	1_2_00007FF7996909B4
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FF799686714 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,	1_2_00007FF799686714
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FF799686714 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,	1_2_00007FF799686714
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FF799677820 FindFirstFileExW,FindClose,	1_2_00007FF799677820
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D3229 _errno,malloc,_errno,memset,MultiByteToWideChar,GetLastError,MultiByteToWideChar,MultiByteToWideChar,free,_errno,FindFirstFileW,_errno,FindNextFileW,WideCharToMultiByte,	6_2_00007FFDFA6D3229
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE00173740 _PyArg_ParseTuple_SizeT,?PyWinObject_AsWCHAR@@YAHPEAU_object@@PEAPEA_WHPEAK@Z,PyList_New,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,FindFirstFileW,GetLastError,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,?PyObject_FromWIN32_FIND_DATAW@@YAPEAU_object@@PEAU_WIN32_FIND_DATAW@@@Z,PyList_Append,_Py_Dealloc,FindNextFileW,GetLastError,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,FindClose,_Py_Dealloc,	6_2_00007FFE00173740

Source: C:\Users\user\Desktop\datasett.exe

6_2_00007FFE001755D0

Source: C:\Users\user\Desktop\datasett.exe

Code function: 6_2_00007FFE0017FC68 VirtualQuery,GetSystemInfo,

6_2_00007FFE0017FC68

Source: datasett.exe, 00000000.00000003.1678475049.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1736892802.000001D3521D8000.00000004.00000020.00020000.00000000.sdmp, cacert.pem.0.dr	Binary or memory string: j2aTPs+9xYa9+bG3tD60B8jzljHz7aRP+KNOjSkVWLjVb3/ubCK1sK9IRQq9qEmU
Source: datasett.exe, 00000006.00000002.1755865343.000002884E32B000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1753742679.000002884E325000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1754885711.000002884E32A000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1753458207.000002884E30D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW) --%SystemRoot%\system32\mswsock.dllableSequence.insertc
Source: datasett.exe, 00000000.00000003.1675300626.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1730118682.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, MSTTSLoc.dll.0.dr	Binary or memory string: .?AVCRegistryVirtualMachine@ATL@@
Source: datasett.exe	Binary or memory string: jqEMu
Source: datasett.exe, 00000001.00000002.2912355486.000001CA10A40000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: packs.sha256.5.dr	Binary or memory string: bb2f0ec2251002a1f4162013a2357425d1de8e69ab8ca122c2cefe54f5b24500 en-US/vmdebug.dll.mui
Source: cacert.pem.0.dr	Binary or memory string: zJVSk/BwJVmcIGfE7vmLV2H0knZ9P4SNVbfo5azV8fUZVqZa+5Acr5Pr5RzUZ5dd

Anti Debugging

Potentially malicious time measurement code found

Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D572C		6_2_00007FFDFA6D572C
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D4241		6_2_00007FFDFA6D4241

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\Desktop\datasett.exe

Code function: 1_2_00007FFDFAFC32F6 rdtsc

1_2_00007FFDFAFC32F6

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Source: C:\Users\user\Desktop\datasett.exe

Code function: 0_2_00007FF799689AE4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_00007FF799689AE4

Contains functionality to dynamically determine API calls

Source: C:\Users\user\Desktop\datasett.exe

Code function: 1_2_61B01CC0 LoadLibraryA,GetProcAddress,GetCurrentThread,

1_2_61B01CC0

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Source: C:\Users\user\Desktop\datasett.exe

Code function: 0_2_00007FF7996925A0 GetProcessHeap,

0_2_00007FF7996925A0

Source: C:\Users\user\Desktop\datasett.exe	Code function: 0_2_00007FF799689AE4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00007FF799689AE4
Source: C:\Users\user\Desktop\datasett.exe	Code function: 0_2_00007FF79967B69C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00007FF79967B69C
Source: C:\Users\user\Desktop\datasett.exe	Code function: 0_2_00007FF79967AE00 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_00007FF79967AE00
Source: C:\Users\user\Desktop\datasett.exe	Code function: 0_2_00007FF79967B880 SetUnhandledExceptionFilter,	0_2_00007FF79967B880
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_61B7D400 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,abort,	1_2_61B7D400
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FF799689AE4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	1_2_00007FF799689AE4
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FF79967B69C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	1_2_00007FF79967B69C
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FF79967AE00 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	1_2_00007FF79967AE00
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FF79967B880 SetUnhandledExceptionFilter,	1_2_00007FF79967B880
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAEA3310 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	1_2_00007FFDFAEA3310
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAEA2994 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	1_2_00007FFDFAEA2994
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAEA34F8 SetUnhandledExceptionFilter,	1_2_00007FFDFAEA34F8
Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC5A1F IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	1_2_00007FFDFAFC5A1F
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_61B7D400 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,abort,	6_2_61B7D400
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D5A1F IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	6_2_00007FFDFA6D5A1F
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFB9B2994 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	6_2_00007FFDFB9B2994
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFB9B3310 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	6_2_00007FFDFB9B3310
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFB9B34F8 SetUnhandledExceptionFilter,	6_2_00007FFDFB9B34F8
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE00180CBC SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	6_2_00007FFE00180CBC
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE001818C0 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	6_2_00007FFE001818C0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE00181AA8 SetUnhandledExceptionFilter,	6_2_00007FFE00181AA8
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE001AF8AC SetUnhandledExceptionFilter,	6_2_00007FFE001AF8AC
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE001AE5AC SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	6_2_00007FFE001AE5AC
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE001AF6C4 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	6_2_00007FFE001AF6C4
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE00743CF8 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	6_2_00007FFE00743CF8
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE00743EE0 SetUnhandledExceptionFilter,	6_2_00007FFE00743EE0
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE00743374 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	6_2_00007FFE00743374
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01303818 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	6_2_00007FFE01303818
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFE01303250 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	6_2_00007FFE01303250

Contains functionality to simulate keystroke presses

Source: C:\Users\user\Desktop\datasett.exe

Code function: 6_2_00007FFE0017DC70 _PyArg_ParseTuple_SizeT,PyEval_SaveThread,keybd_event,PyEval_RestoreThread,_Py_NoneStruct,_Py_NoneStruct,

6_2_00007FFE0017DC70

Contains functionality to simulate mouse events

Source: C:\Users\user\Desktop\datasett.exe

Code function: 6_2_00007FFE0017DD10 _PyArg_ParseTuple_SizeT,PyEval_SaveThread,mouse_event,PyEval_RestoreThread,_Py_NoneStruct,_Py_NoneStruct,

6_2_00007FFE0017DD10

Creates a process in suspended mode (likely to inject code)

Source: C:\Users\user\Desktop\datasett.exe	Process created: C:\Users\user\Desktop\datasett.exe "C:\Users\user\Desktop\datasett.exe"	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c schtasks /create /sc MINUTE /mo 15 /tn "VirboUpd" /tr "C:\Users\user\Desktop\datasett.exe" /f	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks /create /sc MINUTE /mo 15 /tn "VirboUpd" /tr "C:\Users\user\Desktop\datasett.exe" /f	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Process created: C:\Users\user\Desktop\datasett.exe C:\Users\user\Desktop\datasett.exe	Jump to behavior

Source: C:\Users\user\Desktop\datasett.exe

6_2_00007FFE001A7D00

Source: C:\Users\user\Desktop\datasett.exe

6_2_00007FFE001A8B80

Source: SpeechUX.dll.5.dr

Contains functionality to query CPU information (cpuid)

Source: C:\Users\user\Desktop\datasett.exe

Code function: 0_2_00007FF7996989B0 cpuid

0_2_00007FF7996989B0

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\charset_normalizer VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\Engines VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\Engines VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\Engines\SR VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\_ctypes.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\pywin32_system32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\pyarmor_runtime_000000 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\pyarmor_runtime_000000 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\pyarmor_runtime_000000 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\pyarmor_runtime_000000\pyarmor_runtime.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\_socket.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\select.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\_ssl.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\pywin32_system32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\pywin32_system32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\pywin32_system32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\_hashlib.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\_queue.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\pywin32_system32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\pywin32_system32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\pywin32_system32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\charset_normalizer VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\charset_normalizer VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\charset_normalizer VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\charset_normalizer\md.cp39-win_amd64.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\charset_normalizer VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\charset_normalizer\md__mypyc.cp39-win_amd64.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\unicodedata.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\pywin32_system32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\pywin32_system32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\_bz2.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\_lzma.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\pywin32_system32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\pywin32_system32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\pywin32_system32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\pywin32_system32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\_uuid.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\win32event.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\win32api.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\pywin32_system32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\pywin32_system32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\certifi\cacert.pem VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\certifi\cacert.pem VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\certifi\cacert.pem VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\charset_normalizer VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\Engines VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\Engines VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\en-US VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\en-US VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\_ctypes.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\pywin32_system32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\pyarmor_runtime_000000 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\pyarmor_runtime_000000 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\pyarmor_runtime_000000 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\pyarmor_runtime_000000\pyarmor_runtime.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\_socket.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\select.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\_ssl.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\pywin32_system32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\pywin32_system32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\pywin32_system32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\_hashlib.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\_queue.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\pywin32_system32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\pywin32_system32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\charset_normalizer VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\charset_normalizer VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\charset_normalizer VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\charset_normalizer\md.cp39-win_amd64.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\datasett.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\charset_normalizer VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\datasett.exe

Code function: 0_2_00007FF79967B580 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_00007FF79967B580

Source: C:\Users\user\Desktop\datasett.exe

Code function: 6_2_00007FFE001743D0 _PyArg_ParseTuple_SizeT,GetUserNameW,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,?PyWinObject_FromOLECHAR@@YAPEAU_object@@PEB_W@Z,

6_2_00007FFE001743D0

Source: C:\Users\user\Desktop\datasett.exe

Code function: 0_2_00007FF799694E20 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,

0_2_00007FF799694E20

Source: C:\Users\user\Desktop\datasett.exe

Code function: 6_2_00007FFE00177A20 _PyArg_ParseTuple_SizeT,GetVersion,_Py_BuildValue_SizeT,

6_2_00007FFE00177A20

Source: C:\Users\user\Desktop\datasett.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Source: C:\Users\user\Desktop\datasett.exe	Code function: 1_2_00007FFDFAFC2B5D bind,WSAGetLastError,		1_2_00007FFDFAFC2B5D
Source: C:\Users\user\Desktop\datasett.exe	Code function: 6_2_00007FFDFA6D2B5D bind,WSAGetLastError,		6_2_00007FFDFA6D2B5D

ID:	1580468
Product:	CloudBasic
Start time:	16:46:07
Start date:	24.12.2024
Sample:	datasett.exe
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	3a90d6fa7c4cccd6ec03eb0667807b5b
SHA1:	3c88e16a010d5b464be251107bfb17de08daa445
SHA256:	339b04f57ff45915e7eb52ec9dca9bc85375a13028ade3d310a357fb79c4e5b0
Filetype:	Win64 Executable GUI (202006/5) 92.65%

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\Common\en-US\sapi.dll.mui	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	4D5B570C6A43917B52741B707341FDDA	010A9C83255E9271154280418BF601F975430DD9	809AB1C72338B01C0DE9D7367E2763FCA896E0F6EC7E833F45DE45C3BC033134
C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\Common\sapi.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	F977B1ED7C926A23C9993E0CD9822B8E	A90AB8D7D7F4C54829700700B210B17D63BA1F4D	958A63EFC1D059A3F8699B6A2AE1D59A1898F948A7819CC886A946F1C0E6496F
C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\Engines\SR\en-US\srloc.dll.mui	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	311C1AE96CA16A1F9C0F4857AB81BD2F	2FC721FD5E5CEDE54C6B598D0F473D61EB31F830	F57D453C82D5CEEB269E28961241C5F027EC17F65E6D1E8A45229471DBB5476F
C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\Engines\SR\spsreng.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	FC3F513DBFA7AE54EF4E3498D9E9784B	3F29B2C3E1E34D3062B17525669CD3B6F82961A2	67DF7281CE98F247F25427232785A8D651472E21488BF2CB4AB57CBAAB7BE016
C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\Engines\SR\spsrx.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	F3A75622E931E20DFFD1DAA951D71F39	B94BB09EB306B88972397B8AF555623F0655F086	7B8F98BE4BD2145E4E1E4C71C6D2A1B789C6810F0582209502F4666A035B41C1
C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\Engines\SR\srloc.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	29BB9B5D6EFA4A639759E59641AA5821	DC6E55DDB6F5C5061F48238E4AEC290E26EC7804	F373673D34CC74F76F8C951B664589845B9DD82C939F6973C67E8FFF7D6F9840
C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\Engines\TTS\MSTTSEngine.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	F9512C058964F125C0C0883C0CCA225E	F5BE9E7DECF8A6BFAD3411FF8AE15E8F40405215	41CE9B38D03E80088A744C13229CAB4BC4CC9FBCF60C0E553A8E66EA8F9B07A4
C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\Engines\TTS\MSTTSLoc.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	40EB1F198A18021833E65A076955B03C	730F666A44942AD4BA59C69948036C57B5DB9827	4ED0E11DF812CD586423182568E2F28B3DBA92F85B5FDA68351BF97468083079
C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\SPTIP.DLL	PE32+ executable (DLL) (console) x86-64, for MS Windows	C4D73A4379E6F55F698532ECBC9579BE	FB53B40E6BEC2AEBB0BA97D86FE1D3C7CCE94D94	683F604AD40AB82382809D75595F734B672FAC75E1E8EF63C94683D11C848D6D
C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\SpeechUX.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	6BFEF5D4BA0C93C0BCE2593BAC58015C	B03839587DC0CAD96277E0621850D6B151CF90A6	A7E2602CE3D1093712D316497D887D0C97A9738EDC026726055BF07572D84099
C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\SpeechUXPS.DLL	PE32+ executable (DLL) (console) x86-64, for MS Windows	DFEC0317A1EA262D948A18424B86C2BA	25BC5196E6B47AA72B4F09752382FF2C860FF19B	9C58C0059F53CD8B796A56A8D3F585A001FD29A3037FE8393292F52DC6AC1944
C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\SpeechUXWiz.exe	PE32+ executable (GUI) x86-64, for MS Windows	02BCE04D6192EB6BC85A195E0187E707	975ECD7E4D51DA13584F8453C9E4959FB94C0545	6FA424DDD31E80D679D987FD94FB2A35D8BBEAD7F5F09404AF531B46DBAE85B6
C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\en-US\SpeechUX.dll.mui	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	00E741D6381CEF37CE3775365F8905B1	686457F78C8BC1C40E9DDFD5F947CEF6A2BFACB8	D7677178E9E653C2EE56BB05153F710C089A0FDF4ACD61B227A7848316B3D5BE
C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\en-US\SpeechUXRes.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	2E186A7F6E00285CA1600F6EC0E6EC60	BEACB51296F4D3A1444025627C38ABAF21ED4D4F	052B316586906985C7C372ECD28B497C3C5ED2A7BF9F08E49AB31003F479E4D8
C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\en-US\SpeechUXWiz.exe.mui	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	C88E574480A4F42BBA617155D3B99729	05C42F31E1FC4B9A09A4019BEE4722B82106F606	B16969B66A279BB0B771C8CCF0CDD2779797915B5590834B52976B884EA5F68A
C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\en-US\sapi.cpl.mui	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	7877D3A5F4D32B379E8209BF9A6C00CE	65A16A418DAA0A98D742A508C3E6D26B33710960	AA0B020843020224A9AED9D5BD9500668734CEF37BA787CECA0E10B02534C7FA
C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\en-US\speechuxcpl.dll.mui	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	91FD2B37FC1D7756B3B6281A64A0E204	F0CB018584E8E7D50AB006DDEFAD49656B279F32	B90215957B4A69B14694F0DEE7DD236B294B8F2881D11E9CDE13E30BD5128ABA
C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\ru-RU\SpeechUX.dll.mui	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	3FB04397AD2245E5FECDD61301E0ABDB	DBDAFFBCE34C5A7B5DDDE260B2DB4E81C225FF0F	B2AD0F7DC268B4371E41187547B4C8D6BEB990A37B43A1257295FDFAD6D37C18
C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\ru-RU\SpeechUXWiz.exe.mui	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	D246DC71694598FCE6026321BB692133	B8D79EFFD6682DA2DAFE06DC28831F614DD34247	980CF034A8E6B7AF0224AA945EA37FCDCD2D42A30FF8D37DC60CB38E7C10E275
C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\ru-RU\speechuxcpl.dll.mui	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	FB407D2CBDC6F7C035AC2D1E72CAC0CA	1352FC6CF552001253DCCEB1CE380FE637496755	2D0AACB594AC744F32F3701C17B911E845B3D51F583E9903F513C705811BB08F
C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\sapi.cpl	PE32+ executable (DLL) (console) x86-64, for MS Windows	2BBBD624B2A736A3806D00280DF1AD3E	CF3D04FD61427BD8DC90327B14DB889A3316FED5	39BD24863FBB18FF7B14838E8062CAD91286A04550BA405B17E16D82759E23F0
C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\speechuxcpl.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	59149DF9B45EADCBDD38A2352935EB63	7BAAE44743F096616A843BDDD12869641AA969A6	397550185BCAFA2E46C05DD462C4E8C750E0AC60F896C9EA43493210A9BD7BA2
C:\Users\user\AppData\Local\Temp\_MEI50522\VCRUNTIME140.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	A87575E7CF8967E481241F13940EE4F7	879098B8A353A39E16C79E6479195D43CE98629E	DED5ADAA94341E6C62AEA03845762591666381DCA30EB7C17261DD154121B83E
C:\Users\user\AppData\Local\Temp\_MEI50522\VCRUNTIME140_1.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	37C372DA4B1ADB96DC995ECB7E68E465	6C1B6CB92FF76C40C77F86EA9A917A5F854397E2	1554B5802968FDB2705A67CBB61585E9560B9E429D043A5AA742EF3C9BBFB6BF
C:\Users\user\AppData\Local\Temp\_MEI50522\__init__.py	Python script, ASCII text executable, with CRLF line terminators	7F36C3A1229DC69716EEE499EC320A45	56108D0F028BC700971660C860896D38498273D1	FF1C7CC1A542A71F0C643A90263E4C2A2508C1BF1E444D307720CCF00AEAC0ED
C:\Users\user\AppData\Local\Temp\_MEI50522\__pycache__\__init__.cpython-39.pyc	python 3.9 byte-compiled	95A763554322BCAB07C9FEC78B85FA80	C674D621F5B5FCD1E9181C850C6FA7B795649B49	D1113ABB8FE3AEDB22358C9F4FA06E76858733027A2AFF98ED520C11976B0A70
C:\Users\user\AppData\Local\Temp\_MEI50522\_bz2.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	7F2BBA8A38712D00907F6E37F0CE6028	E22227FC0FD45AFDCF6C5D31A1CEBFFEE22DFC32	CD04EBE932B2CB2FD7F01C25412BDDD77B476FA47D0AFF69A04A27D3BFE4B37B
C:\Users\user\AppData\Local\Temp\_MEI50522\_ctypes.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	38D9D8ED2B7DF64790150A2A523FD3B9	A629C8E76136FA5678C758351E2DCFF5324F51E7	11DAEF02AFE45D9F3987BAB5C2B6EF75B2B6F6F79704C45675D532F090F14B8B
C:\Users\user\AppData\Local\Temp\_MEI50522\_decimal.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	1139CC9D936B6028305749568EC5CAC7	8AEE810BC2CCFC3C36BEF6ED59B3826BB7070299	67A47D85CC1A21069610C85DA64FC031231D43AF7876DFC48361C57D88EFEE0B
C:\Users\user\AppData\Local\Temp\_MEI50522\_hashlib.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	75ED91D3B7A40ECA5B32A13B90191EAD	320BD4B6116F735D8508382738E50BA8862B8029	202535A5CEB0BF70C2046639A3884C24F2CCCB1BD92827E61B5A7A663D9399BA
C:\Users\user\AppData\Local\Temp\_MEI50522\_lzma.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	AD02EA81A127A401F4DF84C082F3CCE6	9C6C851C52F331D17A33936C9AAD8DCEF2542709	4213FBB6936AD3EAC1E1BA28F10E15719176BC3A59FF01DDC6828DD7EEE52132
C:\Users\user\AppData\Local\Temp\_MEI50522\_queue.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	F9718FE21174D8428F022AAF60BF92DA	DB7E85EAA7C795792050AF43D47518CA7FA7878A	95E1C419E08D8AB229B8C64D51FD301CD9D75A659DFC05E75B0317CA0A4F22E3
C:\Users\user\AppData\Local\Temp\_MEI50522\_socket.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	0A6C6FD7697E4C3757014FA6BF6DD615	F14F79831B8B16A7B31F4C7F698317C023D446F9	A611E9B4F4E5FE67E945B771D79CF15C48441ECFA11CE186CEC9BF233DC20C0D
C:\Users\user\AppData\Local\Temp\_MEI50522\_ssl.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	3BAF56D4E63A800FCAF2CC98FC120709	2A33341EDA4B4549452B6DB9B259F8AE6EC9C806	D7610DD6BE63AADA4FE1895B64BBAC961840257C6988E1F68BBF3D8E486B5A45
C:\Users\user\AppData\Local\Temp\_MEI50522\_uuid.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	EFAAB22452B7D55BD684F29D7DF015A0	ED9A244F5CCE66B69FA275704BA8048C3956DB91	D8B97BD2D8D372B5B7675F5EC8A31A7F7D01AB36DD8C8273273B4C465B70C4E5
C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip	Zip archive data, at least v2.0 to extract, compression method=store	2E134828C303EDBF09DD29AD27DD4B8A	F6D87842CB0273BCB5C62F457CE15F17F4AE1772	53322BCD7DB062B523F28DD68DBA06BBECB20421018F98E199B65D837B3517CE
C:\Users\user\AppData\Local\Temp\_MEI50522\certifi\cacert.pem	ASCII text	302B49C5F476C0AE35571430BB2E4AA0	35A7837A3F1B960807BF46B1C95EC22792262846	CF9D37FA81407AFE11DCC0D70FE602561422AA2344708C324E4504DB8C6C5748
C:\Users\user\AppData\Local\Temp\_MEI50522\charset_normalizer\md.cp39-win_amd64.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	D93AD224C10BA644F92232A7B7575E23	4A9ABC6292E7434D4B5DD38D18C9C1028564C722	89268BE3CF07B1E3354DDB617CB4FE8D4A37B9A1B474B001DB70165BA75CFF23
C:\Users\user\AppData\Local\Temp\_MEI50522\charset_normalizer\md__mypyc.cp39-win_amd64.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	B5692F504B608BE714D5149D35C8C92A	62521C88D619ACFFF0F5680F3A9B4C043ACF9A1D	969196CD7CADE4FE63D17CF103B29F14E85246715B1F7558D86E18410DB7BBC0
C:\Users\user\AppData\Local\Temp\_MEI50522\icon.ico	MS Windows icon resource - 1 icon, -128x-128, 32 bits/pixel	B0FE457D80C766030BE3804E149F4A95	32530E3AB0BBD5B22B0FC544FFE829709CAE02EC	1472F258F96FFDBB6B0E147260943599ABACDF6DF0DACE38ABAC9744D6B18590
C:\Users\user\AppData\Local\Temp\_MEI50522\libcrypto-1_1.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	AB01C808BED8164133E5279595437D3D	0F512756A8DB22576EC2E20CF0CAFEC7786FB12B	9C0A0A11629CCED6A064932E95A0158EE936739D75A56338702FED97CB0BAD55
C:\Users\user\AppData\Local\Temp\_MEI50522\libffi-7.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	EEF7981412BE8EA459064D3090F4B3AA	C60DA4830CE27AFC234B3C3014C583F7F0A5A925	F60DD9F2FCBD495674DFC1555EFFB710EB081FC7D4CAE5FA58C438AB50405081
C:\Users\user\AppData\Local\Temp\_MEI50522\libssl-1_1.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	DE72697933D7673279FB85FD48D1A4DD	085FD4C6FB6D89FFCC9B2741947B74F0766FC383	ED1C8769F5096AFD000FC730A37B11177FCF90890345071AB7FBCEAC684D571F
C:\Users\user\AppData\Local\Temp\_MEI50522\packs.sha256	ASCII text	F957DAA947E41003AFF3BE5285EF16A9	0AF8277470EBB644C9110689E34676924A6B632E	BE9032D65E872891DB9722CB4ED28CCC2F176C84DD1455D0B313E3957B44B849
C:\Users\user\AppData\Local\Temp\_MEI50522\pyarmor_runtime.pyd	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows	149DBFEB76B9F8F6B7DDDE1EAAC61118	747DB9BF10E9231DEB2CB2619C5ECF89B7DB6232	1CEBFDD7C65B99DC6EE477BFAD9F236940EAA8C0383A90A68EE467D32411C01F
C:\Users\user\AppData\Local\Temp\_MEI50522\pyarmor_runtime_000000\pyarmor_runtime.pyd	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows	149DBFEB76B9F8F6B7DDDE1EAAC61118	747DB9BF10E9231DEB2CB2619C5ECF89B7DB6232	1CEBFDD7C65B99DC6EE477BFAD9F236940EAA8C0383A90A68EE467D32411C01F
C:\Users\user\AppData\Local\Temp\_MEI50522\python39.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	19E6D310C1BD0578D468A888D3EC0E3D	32561AD9B89DC9E9A086569780890AD10337E698	F4609EC3BBCC74ED9257E3440EC15ADF3061F7162A89E4E9A370E1C2273370A1
C:\Users\user\AppData\Local\Temp\_MEI50522\pywin32_system32\pywintypes39.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	F20FD2E2AC9058A9FD227172F8FF2C12	89EBA891352BE46581B94A17DB7C2EDE9A39AB01	20BDE8E50E42F7AABF59106EEA238FCC0DECE0C6E362C0A7FEEB004AB981DB8A
C:\Users\user\AppData\Local\Temp\_MEI50522\select.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	196C4D2F8BDC9E9D2DBCCE866050684C	1166C85C761D8188C45D9CC7441ABFE8A7071132	CD31F9F557D57A6909186940EAFE483C37DE9A7251E604644A747C7EC26B7823
C:\Users\user\AppData\Local\Temp\_MEI50522\unicodedata.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	684AE6992F55AD6C64588367E42F44F7	66D8868286924ADA60966A620DFFE87B2C978711	91834E28CC0ACBD966DC6D323B95113E0050301B7CD6CD4ABE43390F2BBDDB34
C:\Users\user\AppData\Local\Temp\_MEI50522\win32api.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	05E4B3B876E5FA6A2B8951F764559623	4AD50F70EEF4FEAA9D051C2F161FBAC8A862A4BC	A52F8BD28B5B9558CDE10333CE452A7D6F338CE1005A2B8451755005868E4A98
C:\Users\user\AppData\Local\Temp\_MEI50522\win32event.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	E4C515DF1FEDF6BC59E7FED6AB194E00	B26384AEC2EE25EE59CD45FB77AC04A3FB46A80F	E469C3E9A6836CE38DEA05854D27CAA33EB766882527F73F60E3E2254BADC51B
C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\Common\en-US\sapi.dll.mui	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	4D5B570C6A43917B52741B707341FDDA	010A9C83255E9271154280418BF601F975430DD9	809AB1C72338B01C0DE9D7367E2763FCA896E0F6EC7E833F45DE45C3BC033134
C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\Common\sapi.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	F977B1ED7C926A23C9993E0CD9822B8E	A90AB8D7D7F4C54829700700B210B17D63BA1F4D	958A63EFC1D059A3F8699B6A2AE1D59A1898F948A7819CC886A946F1C0E6496F
C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\Engines\SR\en-US\srloc.dll.mui	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	311C1AE96CA16A1F9C0F4857AB81BD2F	2FC721FD5E5CEDE54C6B598D0F473D61EB31F830	F57D453C82D5CEEB269E28961241C5F027EC17F65E6D1E8A45229471DBB5476F
C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\Engines\SR\spsreng.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	FC3F513DBFA7AE54EF4E3498D9E9784B	3F29B2C3E1E34D3062B17525669CD3B6F82961A2	67DF7281CE98F247F25427232785A8D651472E21488BF2CB4AB57CBAAB7BE016
C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\Engines\SR\spsrx.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	F3A75622E931E20DFFD1DAA951D71F39	B94BB09EB306B88972397B8AF555623F0655F086	7B8F98BE4BD2145E4E1E4C71C6D2A1B789C6810F0582209502F4666A035B41C1
C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\Engines\SR\srloc.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	29BB9B5D6EFA4A639759E59641AA5821	DC6E55DDB6F5C5061F48238E4AEC290E26EC7804	F373673D34CC74F76F8C951B664589845B9DD82C939F6973C67E8FFF7D6F9840
C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\Engines\TTS\MSTTSEngine.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	F9512C058964F125C0C0883C0CCA225E	F5BE9E7DECF8A6BFAD3411FF8AE15E8F40405215	41CE9B38D03E80088A744C13229CAB4BC4CC9FBCF60C0E553A8E66EA8F9B07A4
C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\Engines\TTS\MSTTSLoc.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	40EB1F198A18021833E65A076955B03C	730F666A44942AD4BA59C69948036C57B5DB9827	4ED0E11DF812CD586423182568E2F28B3DBA92F85B5FDA68351BF97468083079
C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\SPTIP.DLL	PE32+ executable (DLL) (console) x86-64, for MS Windows	C4D73A4379E6F55F698532ECBC9579BE	FB53B40E6BEC2AEBB0BA97D86FE1D3C7CCE94D94	683F604AD40AB82382809D75595F734B672FAC75E1E8EF63C94683D11C848D6D
C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\SpeechUX.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	6BFEF5D4BA0C93C0BCE2593BAC58015C	B03839587DC0CAD96277E0621850D6B151CF90A6	A7E2602CE3D1093712D316497D887D0C97A9738EDC026726055BF07572D84099
C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\SpeechUXPS.DLL	PE32+ executable (DLL) (console) x86-64, for MS Windows	DFEC0317A1EA262D948A18424B86C2BA	25BC5196E6B47AA72B4F09752382FF2C860FF19B	9C58C0059F53CD8B796A56A8D3F585A001FD29A3037FE8393292F52DC6AC1944
C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\SpeechUXWiz.exe	PE32+ executable (GUI) x86-64, for MS Windows	02BCE04D6192EB6BC85A195E0187E707	975ECD7E4D51DA13584F8453C9E4959FB94C0545	6FA424DDD31E80D679D987FD94FB2A35D8BBEAD7F5F09404AF531B46DBAE85B6
C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\en-US\SpeechUX.dll.mui	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	00E741D6381CEF37CE3775365F8905B1	686457F78C8BC1C40E9DDFD5F947CEF6A2BFACB8	D7677178E9E653C2EE56BB05153F710C089A0FDF4ACD61B227A7848316B3D5BE
C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\en-US\SpeechUXRes.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	2E186A7F6E00285CA1600F6EC0E6EC60	BEACB51296F4D3A1444025627C38ABAF21ED4D4F	052B316586906985C7C372ECD28B497C3C5ED2A7BF9F08E49AB31003F479E4D8
C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\en-US\SpeechUXWiz.exe.mui	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	C88E574480A4F42BBA617155D3B99729	05C42F31E1FC4B9A09A4019BEE4722B82106F606	B16969B66A279BB0B771C8CCF0CDD2779797915B5590834B52976B884EA5F68A
C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\en-US\sapi.cpl.mui	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	7877D3A5F4D32B379E8209BF9A6C00CE	65A16A418DAA0A98D742A508C3E6D26B33710960	AA0B020843020224A9AED9D5BD9500668734CEF37BA787CECA0E10B02534C7FA
C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\en-US\speechuxcpl.dll.mui	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	91FD2B37FC1D7756B3B6281A64A0E204	F0CB018584E8E7D50AB006DDEFAD49656B279F32	B90215957B4A69B14694F0DEE7DD236B294B8F2881D11E9CDE13E30BD5128ABA
C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\ru-RU\SpeechUX.dll.mui	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	3FB04397AD2245E5FECDD61301E0ABDB	DBDAFFBCE34C5A7B5DDDE260B2DB4E81C225FF0F	B2AD0F7DC268B4371E41187547B4C8D6BEB990A37B43A1257295FDFAD6D37C18
C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\ru-RU\SpeechUXWiz.exe.mui	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	D246DC71694598FCE6026321BB692133	B8D79EFFD6682DA2DAFE06DC28831F614DD34247	980CF034A8E6B7AF0224AA945EA37FCDCD2D42A30FF8D37DC60CB38E7C10E275
C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\ru-RU\speechuxcpl.dll.mui	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	FB407D2CBDC6F7C035AC2D1E72CAC0CA	1352FC6CF552001253DCCEB1CE380FE637496755	2D0AACB594AC744F32F3701C17B911E845B3D51F583E9903F513C705811BB08F
C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\sapi.cpl	PE32+ executable (DLL) (console) x86-64, for MS Windows	2BBBD624B2A736A3806D00280DF1AD3E	CF3D04FD61427BD8DC90327B14DB889A3316FED5	39BD24863FBB18FF7B14838E8062CAD91286A04550BA405B17E16D82759E23F0
C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\speechuxcpl.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	59149DF9B45EADCBDD38A2352935EB63	7BAAE44743F096616A843BDDD12869641AA969A6	397550185BCAFA2E46C05DD462C4E8C750E0AC60F896C9EA43493210A9BD7BA2
C:\Users\user\AppData\Local\Temp\_MEI68642\VCRUNTIME140.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	A87575E7CF8967E481241F13940EE4F7	879098B8A353A39E16C79E6479195D43CE98629E	DED5ADAA94341E6C62AEA03845762591666381DCA30EB7C17261DD154121B83E
C:\Users\user\AppData\Local\Temp\_MEI68642\VCRUNTIME140_1.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	37C372DA4B1ADB96DC995ECB7E68E465	6C1B6CB92FF76C40C77F86EA9A917A5F854397E2	1554B5802968FDB2705A67CBB61585E9560B9E429D043A5AA742EF3C9BBFB6BF
C:\Users\user\AppData\Local\Temp\_MEI68642\__init__.py	Python script, ASCII text executable, with CRLF line terminators	7F36C3A1229DC69716EEE499EC320A45	56108D0F028BC700971660C860896D38498273D1	FF1C7CC1A542A71F0C643A90263E4C2A2508C1BF1E444D307720CCF00AEAC0ED
C:\Users\user\AppData\Local\Temp\_MEI68642\__pycache__\__init__.cpython-39.pyc	python 3.9 byte-compiled	95A763554322BCAB07C9FEC78B85FA80	C674D621F5B5FCD1E9181C850C6FA7B795649B49	D1113ABB8FE3AEDB22358C9F4FA06E76858733027A2AFF98ED520C11976B0A70
C:\Users\user\AppData\Local\Temp\_MEI68642\_bz2.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	7F2BBA8A38712D00907F6E37F0CE6028	E22227FC0FD45AFDCF6C5D31A1CEBFFEE22DFC32	CD04EBE932B2CB2FD7F01C25412BDDD77B476FA47D0AFF69A04A27D3BFE4B37B
C:\Users\user\AppData\Local\Temp\_MEI68642\_ctypes.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	38D9D8ED2B7DF64790150A2A523FD3B9	A629C8E76136FA5678C758351E2DCFF5324F51E7	11DAEF02AFE45D9F3987BAB5C2B6EF75B2B6F6F79704C45675D532F090F14B8B
C:\Users\user\AppData\Local\Temp\_MEI68642\_decimal.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	1139CC9D936B6028305749568EC5CAC7	8AEE810BC2CCFC3C36BEF6ED59B3826BB7070299	67A47D85CC1A21069610C85DA64FC031231D43AF7876DFC48361C57D88EFEE0B
C:\Users\user\AppData\Local\Temp\_MEI68642\_hashlib.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	75ED91D3B7A40ECA5B32A13B90191EAD	320BD4B6116F735D8508382738E50BA8862B8029	202535A5CEB0BF70C2046639A3884C24F2CCCB1BD92827E61B5A7A663D9399BA
C:\Users\user\AppData\Local\Temp\_MEI68642\_lzma.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	AD02EA81A127A401F4DF84C082F3CCE6	9C6C851C52F331D17A33936C9AAD8DCEF2542709	4213FBB6936AD3EAC1E1BA28F10E15719176BC3A59FF01DDC6828DD7EEE52132
C:\Users\user\AppData\Local\Temp\_MEI68642\_queue.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	F9718FE21174D8428F022AAF60BF92DA	DB7E85EAA7C795792050AF43D47518CA7FA7878A	95E1C419E08D8AB229B8C64D51FD301CD9D75A659DFC05E75B0317CA0A4F22E3
C:\Users\user\AppData\Local\Temp\_MEI68642\_socket.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	0A6C6FD7697E4C3757014FA6BF6DD615	F14F79831B8B16A7B31F4C7F698317C023D446F9	A611E9B4F4E5FE67E945B771D79CF15C48441ECFA11CE186CEC9BF233DC20C0D
C:\Users\user\AppData\Local\Temp\_MEI68642\_ssl.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	3BAF56D4E63A800FCAF2CC98FC120709	2A33341EDA4B4549452B6DB9B259F8AE6EC9C806	D7610DD6BE63AADA4FE1895B64BBAC961840257C6988E1F68BBF3D8E486B5A45
C:\Users\user\AppData\Local\Temp\_MEI68642\_uuid.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	EFAAB22452B7D55BD684F29D7DF015A0	ED9A244F5CCE66B69FA275704BA8048C3956DB91	D8B97BD2D8D372B5B7675F5EC8A31A7F7D01AB36DD8C8273273B4C465B70C4E5
C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip	Zip archive data, at least v2.0 to extract, compression method=store	2E134828C303EDBF09DD29AD27DD4B8A	F6D87842CB0273BCB5C62F457CE15F17F4AE1772	53322BCD7DB062B523F28DD68DBA06BBECB20421018F98E199B65D837B3517CE
C:\Users\user\AppData\Local\Temp\_MEI68642\certifi\cacert.pem	ASCII text	302B49C5F476C0AE35571430BB2E4AA0	35A7837A3F1B960807BF46B1C95EC22792262846	CF9D37FA81407AFE11DCC0D70FE602561422AA2344708C324E4504DB8C6C5748
C:\Users\user\AppData\Local\Temp\_MEI68642\charset_normalizer\md.cp39-win_amd64.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	D93AD224C10BA644F92232A7B7575E23	4A9ABC6292E7434D4B5DD38D18C9C1028564C722	89268BE3CF07B1E3354DDB617CB4FE8D4A37B9A1B474B001DB70165BA75CFF23
C:\Users\user\AppData\Local\Temp\_MEI68642\charset_normalizer\md__mypyc.cp39-win_amd64.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	B5692F504B608BE714D5149D35C8C92A	62521C88D619ACFFF0F5680F3A9B4C043ACF9A1D	969196CD7CADE4FE63D17CF103B29F14E85246715B1F7558D86E18410DB7BBC0
C:\Users\user\AppData\Local\Temp\_MEI68642\icon.ico	MS Windows icon resource - 1 icon, -128x-128, 32 bits/pixel	B0FE457D80C766030BE3804E149F4A95	32530E3AB0BBD5B22B0FC544FFE829709CAE02EC	1472F258F96FFDBB6B0E147260943599ABACDF6DF0DACE38ABAC9744D6B18590
C:\Users\user\AppData\Local\Temp\_MEI68642\libcrypto-1_1.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	AB01C808BED8164133E5279595437D3D	0F512756A8DB22576EC2E20CF0CAFEC7786FB12B	9C0A0A11629CCED6A064932E95A0158EE936739D75A56338702FED97CB0BAD55
C:\Users\user\AppData\Local\Temp\_MEI68642\libffi-7.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	EEF7981412BE8EA459064D3090F4B3AA	C60DA4830CE27AFC234B3C3014C583F7F0A5A925	F60DD9F2FCBD495674DFC1555EFFB710EB081FC7D4CAE5FA58C438AB50405081
C:\Users\user\AppData\Local\Temp\_MEI68642\libssl-1_1.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	DE72697933D7673279FB85FD48D1A4DD	085FD4C6FB6D89FFCC9B2741947B74F0766FC383	ED1C8769F5096AFD000FC730A37B11177FCF90890345071AB7FBCEAC684D571F
C:\Users\user\AppData\Local\Temp\_MEI68642\packs.sha256	ASCII text	F957DAA947E41003AFF3BE5285EF16A9	0AF8277470EBB644C9110689E34676924A6B632E	BE9032D65E872891DB9722CB4ED28CCC2F176C84DD1455D0B313E3957B44B849
C:\Users\user\AppData\Local\Temp\_MEI68642\pyarmor_runtime.pyd	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows	149DBFEB76B9F8F6B7DDDE1EAAC61118	747DB9BF10E9231DEB2CB2619C5ECF89B7DB6232	1CEBFDD7C65B99DC6EE477BFAD9F236940EAA8C0383A90A68EE467D32411C01F
C:\Users\user\AppData\Local\Temp\_MEI68642\pyarmor_runtime_000000\pyarmor_runtime.pyd	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows	149DBFEB76B9F8F6B7DDDE1EAAC61118	747DB9BF10E9231DEB2CB2619C5ECF89B7DB6232	1CEBFDD7C65B99DC6EE477BFAD9F236940EAA8C0383A90A68EE467D32411C01F
C:\Users\user\AppData\Local\Temp\_MEI68642\python39.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	19E6D310C1BD0578D468A888D3EC0E3D	32561AD9B89DC9E9A086569780890AD10337E698	F4609EC3BBCC74ED9257E3440EC15ADF3061F7162A89E4E9A370E1C2273370A1
C:\Users\user\AppData\Local\Temp\_MEI68642\pywin32_system32\pywintypes39.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	F20FD2E2AC9058A9FD227172F8FF2C12	89EBA891352BE46581B94A17DB7C2EDE9A39AB01	20BDE8E50E42F7AABF59106EEA238FCC0DECE0C6E362C0A7FEEB004AB981DB8A
C:\Users\user\AppData\Local\Temp\_MEI68642\select.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	196C4D2F8BDC9E9D2DBCCE866050684C	1166C85C761D8188C45D9CC7441ABFE8A7071132	CD31F9F557D57A6909186940EAFE483C37DE9A7251E604644A747C7EC26B7823
C:\Users\user\AppData\Local\Temp\_MEI68642\unicodedata.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	684AE6992F55AD6C64588367E42F44F7	66D8868286924ADA60966A620DFFE87B2C978711	91834E28CC0ACBD966DC6D323B95113E0050301B7CD6CD4ABE43390F2BBDDB34
C:\Users\user\AppData\Local\Temp\_MEI68642\win32api.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	05E4B3B876E5FA6A2B8951F764559623	4AD50F70EEF4FEAA9D051C2F161FBAC8A862A4BC	A52F8BD28B5B9558CDE10333CE452A7D6F338CE1005A2B8451755005868E4A98
C:\Users\user\AppData\Local\Temp\_MEI68642\win32event.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	E4C515DF1FEDF6BC59E7FED6AB194E00	B26384AEC2EE25EE59CD45FB77AC04A3FB46A80F	E469C3E9A6836CE38DEA05854D27CAA33EB766882527F73F60E3E2254BADC51B

Windows Analysis Report
datasett.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Cryptography

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Remote Access Functionality

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Windows Analysis Report datasett.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Cryptography

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Remote Access Functionality

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Windows Analysis Report
datasett.exe